Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp586581imu; Mon, 26 Nov 2018 15:23:45 -0800 (PST) X-Google-Smtp-Source: AFSGD/VFdVFF8/U8a/HEsT0JqmjYNQanDWraPNAGSAk1K2Xjv7OVB19sxh2KOvxTDCOPKBbZYK7l X-Received: by 2002:a17:902:e101:: with SMTP id cc1-v6mr30397961plb.165.1543274625044; Mon, 26 Nov 2018 15:23:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543274625; cv=none; d=google.com; s=arc-20160816; b=zST0PH49maU3hulAea+Q5CBaAQG4Rm1d3nJT7VJ6HqWKhksrTAI4XLwZUk1fdBY7aI NAL5TXNvwY7Z5Tkp8uDF2f5LG56PuFYYR4b8xnM83D4R0IzbOiNaCbKXDUWckjUGL0o4 rtKRkdI5lX0MnpHVY2zxj5Lcvw/2LEMCp4NnMaWiIaRJwfGrguygAvlJ2LQhR9vrEYOs 3BJ5KEojjJMosafkrbhPTLMSpzmjHPlYf4YkLMZSWwLxlupRr0V9SUfMMi7P4ogX6keZ ielSr8F8cZLQDSjCGLYJSIk00mGZhlA5iA8eUev+EaBFW66DuFATKM9Gi+yFOkPKwckX cQZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:mime-version:user-agent:date:message-id :subject:cc:from:to:dkim-signature; bh=K00PF8JPHI9bzQkvZYFvbvZvCj8ZciWak9UFgtmEYGM=; b=Qgqt49AdXJOerSWIryRWjVIG+rfY5VHxPWalDeDFv9BYqzXv01qaocpdZf8fVcT9sK fg+fn4zCVg87cTYwZoZcD7aLxCgTTHpcO7RHE/55VTb9H8GiEusAa7fQOQn1+OjhE/oB 7u/A5Mme76Z52RpZda8XkFpeUBTRXtfgzYADVXjyU4RB4ltp3xmICZrP5EQiKPXw5d8F OkTn40b7OLavJ40zz0FDR4wrMzJCP3m390UcJ7SB9Gvt6HeGwGCPvthaQROIcFCfh9U/ ShxpaLYOGh1FDa5R5M62W6PszBWIX6q7bklxH8ooSlyJPhkdQJbzgPrfMtOkthJ5MUNO Uw8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=P77Plwwl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f81si1899249pfh.33.2018.11.26.15.23.29; Mon, 26 Nov 2018 15:23:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=P77Plwwl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727487AbeK0KSi (ORCPT + 99 others); Tue, 27 Nov 2018 05:18:38 -0500 Received: from sonic304-28.consmr.mail.ne1.yahoo.com ([66.163.191.154]:33693 "EHLO sonic304-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726448AbeK0KSh (ORCPT ); Tue, 27 Nov 2018 05:18:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1543274570; bh=K00PF8JPHI9bzQkvZYFvbvZvCj8ZciWak9UFgtmEYGM=; h=To:From:Cc:Subject:Date:From:Subject; b=P77PlwwldKhx7WDgHxODiQghD3cgX8B1POIIXPAAYPXolZjhde4+49lP4496a4KJt+1sc/3sDypCeE7B6Ehlqe4njM4LQxKx6NWNdTHfnSW4ldvYwt8TnoFrW2q9E8dxxYkSkSrg/ClZ6k5NtqmfgqkOMB4fDqIGhGXIndBDuTWSITcKfPh7DPTDqODAyFV5RSaa/TZX/ILRz7L+J7I1IAwW95ULPHBQ+i67rGApbt7OBEeycmzSY1O79XvNC9jciHH3pIzxQqUB2flYSxvABd/B++GMESfnV7XjwPzrqgu0Z/rAcIdBFSVEG/+tpdl2YGDoMp1LBcWb2NHmxzbe7A== X-YMail-OSG: 6Q7.LAIVM1m4Fez3pCSkMFjN7RHq4tGQ2d8qWA8QC29yA8VKM6UYLP5Jzwcg2d0 PNg.JVoZOrw7yapUd6mQE2TVbHQ8SDBAUc4wLAO0XKqUjNzO.FDqccHs77e5_kdMuO8XeJVqC8nX pfpzUJC75UWB8bCd97DMRPyHd5WYw9XtBo7Aa5zXJW4YK_gnOFTMZIukOpVMkaTzK9138d7i0Fk_ DYkGHsqz3BS1B4H4lIUcIo3XDxsE1zPNF0cT5DTaUxWJL2vwx0PB9s.jeWX6SuOYMEbGOuyjwXKz oXQWrI51vaTQbzYFD_6JKfyTpP7t7CIL0f1y1.FaUm2Nio_LqjPT0ypt_A6XqEcEKuOaH.l3xq4Q D8TG0TyEMT2B3aFzf.clF1mfjYplPVBqfRTlLJLKeF7VzS_q_l9dCk1sj5v9FvET1.jf.aoGfLLb M1elctMf.wAAxrr0vsn04UsTVyViFN7PGYyQUCI8IpXInvtZXCDAtAGVilPOAt73qrTm5d4Yre8l VdW87xq4KnkwPqaUe3D0zHvJojFYD4Fbs9.9_3vb6GJFpKYyKctrKvBrOFZLapE6nj70pvTvM9g9 ZVHJw.iDOfomFMjOhUhBykV8OV.N9p6ln2GSxBaRNB_.BUarSGqpAG9yZQJyX62Wt9m3z9DPMvhB fuE5x.78H0cGv.RdDg.1SEJs1QLlikT.2CUbnFCXx4.FEqgMcnI9lITGBo31uFgPuNalxXG2xX6C UoFQGB4u6YHkua16Xn_PF7OaC0l53AVsj.3Fb895nI1oGMoTAIM0wJBtlgP0kuW0UhFIP1wttQga euRdtD17jr.4kR.g6bS8l1TIE6lOqDcMzbGcc8DTPbSAe90DOcK29QfR7oDHaSMI1B.tipOhP_72 Vr.OKIS3MWsQjM9Q1vq9nW3sZ6lGeGvM7k1RGeDE7Fb2cL5tOjqCRU8j.7yQ6SYDMu97aPVSoKwf QcTwwkFTBirrzXC18xhB6gkueZvworL8P5A0S2T.zf8_SCjTpvWQgjm6ntFIt3Olk.3385y1h.31 ICiVmoeoz5i3bMksNMUKT5C22gerfgQBDArHTAnU7d3eYzyy75ziJAHuWNFm8uzXfqiWn1HMkzUD PQUwdlqnKvrE_.vxxfgk4d29wkqVJc4KsQCHBOi9BOTc1bTMHoWg1dYU- Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Mon, 26 Nov 2018 23:22:50 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp428.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 7d36ae424f480cb3fa200502c1ff140e; Mon, 26 Nov 2018 23:22:46 +0000 (UTC) To: James Morris , LSM , LKLM , SE Linux From: Casey Schaufler Cc: John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , "linux-fsdevel@vger.kernel.org" , Stephen Smalley , Alexey Dobriyan , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Salvatore Mesoraca , Casey Schaufler Subject: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock Message-ID: <50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com> Date: Mon, 26 Nov 2018 15:22:43 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org v5: Include Kees Cook's rework of the lsm command line interface. Stacking is not conditional. v4: Finer granularity in the patches and other cleanups suggested by Kees Cook. Removed dead code created by the removal of SELinux credential blob poisoning. v3: Add ipc blob for SARA and task blob for Landlock. Removing the SELinux cred blob pointer poisoning results selinux_is_enabled() being unused, so it and all it's overhead has been removed. Broke up the cred infrastructure patch. v2: Reduce the patchset to what is required to support the proposed SARA and LandLock security modules The SARA security module is intended to be used in conjunction with other security modules. It requires state to be maintained for the credential, which in turn requires a mechanism for sharing the credential security blob. It also uses the ipc security blob. The module also requires mechanism for user space manipulation of the credential information, hence an additional subdirectory in /proc/.../attr. The LandLock security module provides user configurable policy in the secmark mechanism. It requires data in the credential, file, inode and task security blobs. For this to be used along side the existing "major" security modules mechanism for sharing these blobs are provided. A side effect of providing sharing of the crendential security blob is that the TOMOYO module can be used at the same time as the other "major" modules. The "security=" option works as before. A new "lsm=" option allows the order of module execution to be supplied at boot time. The security module stacking issues around networking and IPC are not addressed here as they are beyond what is required for TOMOYO, SARA and LandLock. git://github.com/cschaufler/lsm-stacking.git#blob-4.20-rc2 Signed-off-by: Casey Schaufler --- Documentation/admin-guide/LSM/index.rst | 13 +- Documentation/admin-guide/kernel-parameters.txt | 4 + fs/proc/base.c | 64 ++- fs/proc/internal.h | 1 + include/linux/cred.h | 1 - include/linux/lsm_hooks.h | 40 +- include/linux/security.h | 15 +- include/linux/selinux.h | 35 -- kernel/cred.c | 13 - security/Kconfig | 41 +- security/apparmor/Kconfig | 16 - security/apparmor/domain.c | 2 +- security/apparmor/include/cred.h | 16 +- security/apparmor/include/file.h | 5 +- security/apparmor/include/lib.h | 4 + security/apparmor/include/task.h | 18 +- security/apparmor/lsm.c | 65 ++- security/apparmor/task.c | 6 +- security/commoncap.c | 9 +- security/loadpin/loadpin.c | 8 +- security/security.c | 635 +++++++++++++++++++++--- security/selinux/Kconfig | 15 - security/selinux/Makefile | 2 +- security/selinux/exports.c | 23 - security/selinux/hooks.c | 345 ++++--------- security/selinux/include/audit.h | 3 - security/selinux/include/objsec.h | 38 +- security/selinux/selinuxfs.c | 4 +- security/selinux/ss/services.c | 1 - security/selinux/xfrm.c | 4 +- security/smack/smack.h | 44 +- security/smack/smack_access.c | 4 +- security/smack/smack_lsm.c | 316 ++++-------- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 22 +- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 15 +- security/tomoyo/tomoyo.c | 49 +- security/yama/yama_lsm.c | 8 +- 39 files changed, 1133 insertions(+), 793 deletions(-)