Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2959105yba; Mon, 8 Apr 2019 08:13:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqwYN5WjKOY2YKXE46epUc6P/2C2Np0ELd+E7ZPtosROnYPOLyr0rQEcEWKEYDKXCNksN5Ti X-Received: by 2002:a62:f24e:: with SMTP id y14mr29739634pfl.209.1554736407826; Mon, 08 Apr 2019 08:13:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554736407; cv=none; d=google.com; s=arc-20160816; b=XeaC9Mu22QyjMPoHhTcdic5RY6HHMjKZAonwifFw1Atl//HC8rrr7UQ1llfAs3wv7y UDoMNOdlluFl3DaSTgUjxfnrOagedwgWYpgVgdhXAYus9aWCRpYCesoonW6WO5l/rVU5 EiI+g+aLHxWaJI1zYcQJjNXq7H8i50D2TD4wRJTyNy++dvWulThROcah2KeEVLEeyC4P vOOPJAvvYPpETATLgIzuc5DcMt3McTMXdegG+3/YWaw7PqVw9KBzi+Pfku+w8jbu+7po NL7z7Ous3GPn1rB/dQR+/zD4MzJLHvLobmWi8WX6/7tl3vhygFsL58K3UwELS+IPCyym NG/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=GG5EnYnMlbn7HpOwBGU4nQCGdfn3UOPmyGhAFDOMTgc=; b=c51PQs1K21D2c9tOYIuHJ+w5BuQUyxCuEbWoP3dWA00PGqGW/nDxYKf4pTSLgLVg58 94EMd3SV9viqX/25QO6yG6BKEQtcsG0I9iXq9C+pTsFurtbshI9Ix9GNluDanQrpEqqn EO0I5qPf7KspTy5uGrMoVvAGDwuzmPvcQ3d6dqD8dL2i30yPdmQAtXN7Cg0zW6ems88U uHmVBBW2k4v+j1tpkMeSI3gt3u8eSY6F8n/QsxwVUYvINZc+4CwUaa9SoYUnnaBmLQhj Z++Z/BXSWTj99LpzTBdnqMA/ThDPWPkIzGYfPxzhN3gAkY6z5QX42vMfer7VVEGHNSQt ibXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=PgSR3bmD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j184si28966075pfb.106.2019.04.08.08.13.10; Mon, 08 Apr 2019 08:13:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=PgSR3bmD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727854AbfDHPDG (ORCPT + 99 others); Mon, 8 Apr 2019 11:03:06 -0400 Received: from mail-ua1-f47.google.com ([209.85.222.47]:44013 "EHLO mail-ua1-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726615AbfDHPDG (ORCPT ); Mon, 8 Apr 2019 11:03:06 -0400 Received: by mail-ua1-f47.google.com with SMTP id n16so4382582uae.10 for ; Mon, 08 Apr 2019 08:03:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GG5EnYnMlbn7HpOwBGU4nQCGdfn3UOPmyGhAFDOMTgc=; b=PgSR3bmDXWWuwH3xQHgwQ+UYts1iRpMTckoeVAu0LnkhorNY0kunm0SllpO2mwT0Wf qt9/DpfE/vR6Xh+SyS2mlHqbnumjNBp+V7bvUYpKrWLoKUBr5guavjXf51mF5Ku1zObX +CraGH8VuQVcZ+c/mlCORZGN/kW+ImY7EzXCE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GG5EnYnMlbn7HpOwBGU4nQCGdfn3UOPmyGhAFDOMTgc=; b=Sq5QqApVzO/g4l6P9ESSkSl7hJUnmY+hU4EKAO2gIXCUpGN41c4Z2x3PswKYrc+hUP co8Iy5D/+HLXtUJGMQW8STmJtW6sH4D0UH84DqhZvL5Jlh8GB7Bb0Zv5w+EHxOuBYkK+ yiaocz9shrJqYRwtJ8R6gM031zV9duhx+hrm1eCslk28sAC0LvkfYOT2/f6qIFV9jKVQ KVGjDvwHLCCERsbJc2A6wCZ0tRFCFLtl8+Oeq5bDXu27lD+WsK0/NlsbnUunuIZfunWy boeCk+uY8EYZRCiFRLIcvP3UG4m40v7U5W0vw3dxgZ5OmFJcXby3rVrDsYxiOrwzH3Tv GM5Q== X-Gm-Message-State: APjAAAU2r7Tiq29V3viNX7kvLqHBENtEf0VVR6WBaKr0cPRaRubWUIPG F/qMtN1O96H1sYuWaHqueKsKrsU6ObI= X-Received: by 2002:ab0:7042:: with SMTP id v2mr15287116ual.101.1554735784719; Mon, 08 Apr 2019 08:03:04 -0700 (PDT) Received: from mail-ua1-f45.google.com (mail-ua1-f45.google.com. [209.85.222.45]) by smtp.gmail.com with ESMTPSA id d6sm2164240uad.10.2019.04.08.08.03.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Apr 2019 08:03:04 -0700 (PDT) Received: by mail-ua1-f45.google.com with SMTP id c6so4410780uan.1 for ; Mon, 08 Apr 2019 08:03:03 -0700 (PDT) X-Received: by 2002:ab0:a97:: with SMTP id d23mr14537862uak.99.1554735783323; Mon, 08 Apr 2019 08:03:03 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Kees Cook Date: Mon, 8 Apr 2019 08:02:51 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [REGRESSION] AppArmor module parameter layout changed with c5459b829b716 To: David Rheinsberg Cc: LKML , John Johansen , James Morris , "Serge E. Hallyn" , linux-security-module , Casey Schaufler Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 8, 2019 at 12:21 AM David Rheinsberg wrote: > > Hi > > A recent commit changed how `/sys/module/apparmor/parameters/enabled` > looks. It was "Y"/"N" before, now it is an integer. I *think* the > commit that changed this was: Oooh... the _output_ appears differently based on the type. Argh. Let me work something up... > commit c5459b829b716dafd226ad270f25c9a3050f7586 > Author: Kees Cook > Date: Thu Sep 13 22:28:48 2018 -0700 > > LSM: Plumb visibility into optional "enabled" state > > I haven't recompiled with a revert, but changing the module-parameter > type looks like the obvious culprit. I don't see how this change can > be safe? > > This breaks the AppArmor detection of `dbus-broker`. Can the commit be reverted? Thanks for catching this! -- Kees Cook