Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4277963imm; Tue, 11 Sep 2018 09:26:56 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdak0lsyo2jju/fv3WOaBA7syI9ChI6rEoAPPnEOFN8go+c9B5Qp3AxjrZ4GFLJnmTafe9jS X-Received: by 2002:a62:4704:: with SMTP id u4-v6mr30897711pfa.76.1536683216247; Tue, 11 Sep 2018 09:26:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536683216; cv=none; d=google.com; s=arc-20160816; b=yPLh96V5bftwMF2fLjCHM57f1Bl23KyGJqon6YX8BA/ar8aWlaqm1JfIuI25lzrPcw fKYJ09M76Pg1k3WHKJroTqfMlCTPaVWO1iBz2KHGhUZ6jbRDOOgjbzGsNghX0aKcyQZP SwwOvBFOIyxbxVq7OCTFeJujyTOYt8i9R2rfUqcWx6fJFkyIt5KIoqnOSVrnvwsac88q KE6Ga5RgTtyXFDAzzhNJTaWY5GkaMMPvyZMXEY8aiDeQsNl7e9VC2rRwFRrG8orCBG1n 6GLCVby8xpOQlFYkzxTwVsw1VL0BmUpj9sLh3DEK5DRr77TEhegb3k64Nz//0CFXST0Y veIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:mime-version:user-agent:date:message-id :subject:cc:from:to:dkim-signature; bh=zURbNl6VpmvtgnUOSIzJioExI/4fKFwu9E1NaQA4sx0=; b=WrzBSOJ0F4nzPuZKj+almOuPas+eSt9IxPNM3kQUsQ9w4K5gMQmYr947b/5PxbW8FQ 2n00ITrLw35xTY7EZfJnFYpLQhGfEY1Nh4HaLgAOTbVQHcrZW9mxqmazl35PSg0CmiGw XPWveUlFE2vv+1wuVr18RuQxwGgvpjLj9UoBhkiM2yIsbt5VetaOvbRM1d7CfdyYpXt3 ejfK9SVL9c1mFP9Kb+U9wudOCMzwjZT0ZuSdTApVuQRQpDcVfLqmvMYH0pS2fLsUstsn YeJRXu1Ag0tJX8D62MoB6nE1sfefrkOEUtDB7rOzJ+aZ/ZyL+5ZhoET7/1uDyHf0pPom YUKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b="FHHwUu/B"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h185-v6si20986066pfc.172.2018.09.11.09.26.40; Tue, 11 Sep 2018 09:26:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b="FHHwUu/B"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727710AbeIKV0f (ORCPT + 99 others); Tue, 11 Sep 2018 17:26:35 -0400 Received: from sonic304-27.consmr.mail.ne1.yahoo.com ([66.163.191.153]:44828 "EHLO sonic304-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726782AbeIKV0e (ORCPT ); Tue, 11 Sep 2018 17:26:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1536683189; bh=zURbNl6VpmvtgnUOSIzJioExI/4fKFwu9E1NaQA4sx0=; h=To:From:Cc:Subject:Date:From:Subject; b=FHHwUu/BvyvAjSWRm2aWLy6vcg2ZVXMa7bdBmrJjQxXtR30EyeXPc89sxJn2RgU8hfyEauDyNRNfT40iaZpV3F9yCI8e+z/+sEDU3ip+IME5+TmcWiPULwsvzO+xvJ9m4XhqzvdbsbiDbVojEQ9j0Rl8ga5ludAen3x3brifniw40gPF6zTmmG0OiTJza9+RbBSeVJIqja9XAyPZD3SKmDWkTyZ+k/AKi1cPIpq7FCTSeNcIl88nhGcOeKk7KNLMzIQi+K61T0PsmsHay7ReWF6JW8tpPU61Tdn8qnndQkvFxX7Yg9a472QPDC1WImbpkmF3VWPdxi4ctQu1wPLzsg== X-YMail-OSG: Kf0C.zUVM1mqaDrK0RWvt2yFjvE9eN1mRrj_S1sGUBPuKjmvEVVbNiYcYMcZa5J uep7dwPiwhlaZmm0eNIoX5QnREviup7rKf6yqKf7NDV_HfwQUr3sAvI..Xei5.95IDKGGy72Fqv. 4IGz_n9PH10wOGpj1rI53gyK4JpqWMvtDNGu.GPfFq2V9HAsgIaeth.40yWNv04oz3MnQALmRPtI iZdZqKULTqZKRNXtkBFl2C_Ob1vlpP2TqfIWfDheqMNr6UPshTiRT0OZb_rL9_YcRBiC.BnFnbkX JJkTEZ_F9cHulTXvwQB8ir4b5mcVIQ0.TDweRwbw88YTsHRE6EgJjyF4oxSpOM2Z5aKi0ieViw08 2rp__6Tl1mw1qBg3Vt3e.WAC0gUy1.LIJeD6EHCgyP.0n_cud0DqdFeC3nv_Yb7dG_6ob1UEaPnb dmILtcHAprqn9DepWpLR58dTkRMtj3ATM4d_k65fxsQBXS1ZP82QUKAK2zq8Bi1pvlTE226RblgL bzE_Zq5LlBO6OQSy1QiPP1ym34Y.ZEmOqN1vZmJb8K37sBrTgRbtLpKYT2Di9yJ.aw6Hf4x_6QJ8 bw.rshDiAQkxP8gvNZ.tf51yE41SJp_xHN9vW60s52E.0NojTr9untXSCuyTpNk.SYaBCzcOJZ6h tW4VTafkN7Ah.78d16UxWud3StXGnd7iy6klAJbnx0lPqIU6Lx3epJzgTW.kIPElkxb5N4Kxo7vU EErQArHkfeY9OfF4QMcMMWd4nM4WArrsuWjUW.o5kWDZ3InRGQBjjZrYuZ2K49ts1W3JeYHH4d0E qOy98OhnFwRhqE4XzLWPBL7420L3W2y7BCKG38wboMCyBnPRmGobrbzAjWJXvUbrIsJfM4mRBMh1 im12xEEfLaNHB_9H5TRV8cWWuMmmB7wSUdOlr17Yt2ct3KWdWPZtFXoZQz.QM6f9.fhsGIcMH9qy 1zZNydBq9c3_ywhQ107iwpdBqJQKG.6WdkgGSIPt5Ks5N_66XUEfs3ZWXUkjiWIouV1LRp1HaZAj oNccI64Fjn.k.LNyaZGt.jCaQ4Me1Mxs0rwVA.e3HlAXd8DtYnrkB4uA- Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Sep 2018 16:26:29 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp427.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID da7615c57ead9698b5b5b8ef21f732cc; Tue, 11 Sep 2018 16:26:24 +0000 (UTC) To: LSM , James Morris , LKLM , SE Linux , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan From: Casey Schaufler Cc: Casey Schaufler , "Schaufler, Casey" Subject: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock Message-ID: Date: Tue, 11 Sep 2018 09:26:21 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org LSM: Module stacking in support of S.A.R.A and Landlock v2: Reduce the patchset to what is required to support the proposed S.A.R.A. and LandLock security modules The S.A.R.A. security module is intended to be used in conjunction with other security modules. It requires state to be maintained for the credential, which in turn requires a mechanism for sharing the credential security blob. The module also requires mechanism for user space manipulation of the credential information, hence an additional subdirectory in /proc/.../attr. The LandLock security module provides user configurable policy in the secmark mechanism. It requires data in the credential, file and inode security blobs. For this to be used along side the existing "major" security modules mechanism for sharing these blobs is provided. A side effect of providing sharing of the crendential security blob is that the TOMOYO module can be used at the same time as the other "major" modules. The mechanism for configuring which security modules are enabled has to change when stacking in enabled. Any module that uses just the security blobs that are shared can be selected. Additionally, one other "major" module can be selected. The security module stacking issues around networking and IPC are not addressed here as they are beyond what is required for TOMOYO, S.A.R.A and LandLock. git://github.com/cschaufler/lsm-stacking.git#stacking-4.19-rc2-saralock Signed-off-by: Casey Schaufler --- Documentation/admin-guide/LSM/index.rst | 23 ++- fs/proc/base.c | 64 ++++++- fs/proc/internal.h | 1 + include/linux/lsm_hooks.h | 20 ++- include/linux/security.h | 15 +- kernel/cred.c | 13 -- security/Kconfig | 92 ++++++++++ security/apparmor/domain.c | 2 +- security/apparmor/include/cred.h | 24 ++- security/apparmor/include/file.h | 9 +- security/apparmor/include/lib.h | 4 + security/apparmor/lsm.c | 53 ++++-- security/apparmor/task.c | 6 +- security/security.c | 293 ++++++++++++++++++++++++++++++-- security/selinux/hooks.c | 215 ++++++++--------------- security/selinux/include/objsec.h | 37 +++- security/selinux/selinuxfs.c | 5 +- security/selinux/xfrm.c | 4 +- security/smack/smack.h | 42 ++++- security/smack/smack_access.c | 4 +- security/smack/smack_lsm.c | 283 +++++++++++------------------- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 31 +++- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 15 +- security/tomoyo/tomoyo.c | 57 +++++-- 26 files changed, 899 insertions(+), 435 deletions(-)