Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp947603ybl; Fri, 16 Aug 2019 06:37:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqwxFpxVhGHA99k0EQnTX5JDf4eCrXAkA7WgOQYfg51nR+FYrdyU9GvFRQAZUyUAos0x3vxq X-Received: by 2002:a63:ff0c:: with SMTP id k12mr7516928pgi.186.1565962660806; Fri, 16 Aug 2019 06:37:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565962660; cv=none; d=google.com; s=arc-20160816; b=b8Qs233Cmq5vvG0EYkBY1p1CDr3Ch75SB6E8Q8zr+25AGwSy6zyVOIhj2BbVhkFZ/g ZPvNI35ZGWTSxneu5qvQIT7RVXuA0dA+RgJE+TxzawaBZMk3dxeR2x1oIwLPDiHwn6yw 1/kDGsyecIQsPXGhuml+xBULpSDLPSIHNgfvL7XKxGOgDu5IXoEnSM0K/AR3YrlK4UDl M8iH/Yn2JqEoMTq14zjQZwRc/7ojylRRcdru/E6Gl6tWaVXQlDXGC4OpeEhE5HuKHYaa LNoS8biiauKqfteoCesoCZFwUbCmOz6yVLVFKxY0Gmt9VrSzG1omjaLFX0RxszJzYoUl Sb7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-transfer-encoding :mime-version:subject:cc:to:references:in-reply-to:from:organization; bh=zFboZxw8BM2x8SRJFkvem9gDCplCYWfxsnX7wSlqtBM=; b=MHL+0x38Xv9AQj8A6j6ZipXduHbIt9HUGrn/Iko3fs9449mIwdtIuON9K8qisqPgGI 9rxFg56MCuGDs2wZ+IZIRGq9a2yiq2YNLe9hCotTPPBjNehBjhwXytgvXEtl9BV+RKmI fHJjH3jNJmE/T0emEGoSCjzkmdSm9MeItyy8C/DNM09Av9oeDKDwj/vXOLkOUU+pHhSk d555lqDQdXmKY4V/FlLRGpVxbNmAtd4lspRPuAek6X3pMbBHJnU+S1z64s7YXzUCCs/s Hk1RjBrwWUYV9RQLkN4pqnd1fpx41spSDUmBikdolJhvkQS8Yf9ibvV9F5o4KLytx2Qd c83g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 185si4497982pfv.39.2019.08.16.06.37.25; Fri, 16 Aug 2019 06:37:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727345AbfHPNgr convert rfc822-to-8bit (ORCPT + 99 others); Fri, 16 Aug 2019 09:36:47 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56118 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726597AbfHPNgq (ORCPT ); Fri, 16 Aug 2019 09:36:46 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 335931108; Fri, 16 Aug 2019 13:36:46 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-255.rdu2.redhat.com [10.10.120.255]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5ED0BA4FAC; Fri, 16 Aug 2019 13:36:43 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <1562814435.4014.11.camel@linux.ibm.com> References: <1562814435.4014.11.camel@linux.ibm.com> <28477.1562362239@warthog.procyon.org.uk> <20190710194620.GA83443@gmail.com> <20190710201552.GB83443@gmail.com> To: Mimi Zohar Cc: dhowells@redhat.com, Linus Torvalds , James Morris , keyrings@vger.kernel.org, Netdev , linux-nfs@vger.kernel.org, CIFS , linux-afs@lists.infradead.org, linux-fsdevel , linux-integrity@vger.kernel.org, LSM List , Linux List Kernel Mailing Subject: Re: [GIT PULL] Keys: Set 4 - Key ACLs for 5.3 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Date: Fri, 16 Aug 2019 14:36:42 +0100 Message-ID: <23498.1565962602@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 16 Aug 2019 13:36:46 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Mimi Zohar wrote: > Sorry for the delay.  An exception is needed for loading builtin keys > "KEY_ALLOC_BUILT_IN" onto a keyring that is not writable by userspace. >  The following works, but probably is not how David would handle the > exception. I think the attached is the right way to fix it. load_system_certificate_list(), for example, when it creates keys does this: key = key_create_or_update(make_key_ref(builtin_trusted_keys, 1), marking the keyring as "possessed" in make_key_ref(). This allows the possessor permits to be used - and that's the *only* way to use them for internal keyrings like this because you can't link to them and you can't join them. David --- diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 57be78b5fdfc..1f8f26f7bb05 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -99,7 +99,7 @@ static __init int system_trusted_keyring_init(void) builtin_trusted_keys = keyring_alloc(".builtin_trusted_keys", KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), - &internal_key_acl, KEY_ALLOC_NOT_IN_QUOTA, + &internal_keyring_acl, KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); if (IS_ERR(builtin_trusted_keys)) panic("Can't allocate builtin trusted keyring\n"); diff --git a/security/keys/permission.c b/security/keys/permission.c index fc84d9ef6239..86efd3eaf083 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -47,7 +47,7 @@ struct key_acl internal_keyring_acl = { .usage = REFCOUNT_INIT(1), .nr_ace = 2, .aces = { - KEY_POSSESSOR_ACE(KEY_ACE_SEARCH), + KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE), KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_SEARCH), } };