Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp737521ybg; Tue, 9 Jun 2020 11:30:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxVyk1IVUUlN+4alcafE+NQQjEFnvmIug+ykb4dfY+gWTmVkQC4bHHFyb/zyP5F1wTnG8F6 X-Received: by 2002:a17:906:4716:: with SMTP id y22mr27691443ejq.125.1591727404518; Tue, 09 Jun 2020 11:30:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591727404; cv=none; d=google.com; s=arc-20160816; b=Lp66NHoPXVv67LOnylWwSfSXS2W20pQuYfETow+GRpiU4A27ipujoUs22mc0OTDBZ5 gHSXdatx65sKo5znHDTwjjwVr+MfidEDl7xVLpyChksiJydr1UCwFYg6iD9zHV3qiuY/ q4bWQER82b2eNME6rvRhlO/k7SMPeT8voGM3bOF2a3SoxzysL+M6zEWYVHSCpUpQmDOq PYKxzupurTgOrgGEpSHoi6M8zF59MJgAr8OZ+ZrnvUcLbyzW2lZiqbldGWt8I9qig3Us p283UMgWcYK1SSryURRoSXnSO1py4fjsY9nNMoTIOnEPZt0mcHuJH8VBRj/+p2Iaz3z1 KJgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :mime-version:dkim-signature; bh=ygqvsD0x+BbV1wuNC2xCZ5dHDCQ7gpdLfW+BMG8uWyI=; b=hp9OiQXIrJByKQso01sr7vP4RHuXVqYZ25RR7mKjwwWZqnnuKt+qoxApX42gE00HQq EegrLjDBAE8VNLeOmYpHXCkfUOa//Ml1UjhO99qPRY6SKlFVfWaX71G166FT2WGg7KGN 1lUMflp3DV9pg7vWqsRxnaLTUlFkvScyVI/IqqYhTeeIitECsB2R1xJtiuj/KvyiNNrk HoTwzJM0Wi1pyInuYfQBgKeptGTZ4j+AAsIk5VtewibAbpFJ/eHW+fPKJTrxmpvkafA3 w9WlVxbUGDBhIb1qefecZddvGL7SHqWGiPQGSCsO/jaFdRQTH611cRtK7oaTPltEsiDc Q+/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=gMJRP2Ex; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id be6si10101391edb.405.2020.06.09.11.29.42; Tue, 09 Jun 2020 11:30:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=gMJRP2Ex; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389012AbgFIS0z (ORCPT + 99 others); Tue, 9 Jun 2020 14:26:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731916AbgFIS0w (ORCPT ); Tue, 9 Jun 2020 14:26:52 -0400 Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF464C05BD1E for ; Tue, 9 Jun 2020 11:26:51 -0700 (PDT) Received: by mail-ed1-x543.google.com with SMTP id k8so17156612edq.4 for ; Tue, 09 Jun 2020 11:26:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:from:date:message-id:subject:to; bh=ygqvsD0x+BbV1wuNC2xCZ5dHDCQ7gpdLfW+BMG8uWyI=; b=gMJRP2ExsJ50SFbC9ybxykye/BOmpO0Mmk5xjtQXAFd+RDLthcueyJef3K6tveVy7c aetriQfEKsh+SXOFQEa3VE7ejZ9PlNXv6K3VZn4Z5u2qzJ4UKn0OTV+TFlzfvWnrHXCI vg4WbFh0pcCBwayx445MqT7dVJiY3hklyjXOA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ygqvsD0x+BbV1wuNC2xCZ5dHDCQ7gpdLfW+BMG8uWyI=; b=Y0EykXFhK6B54ZsLVTnCmtrGc8U7abXT6hpaRstOMn2w0BH1hfnDjmylElW01LWSdQ y7tr+LuxniOnPm/phFDf3wPgUZjWYJ00By5Xn/NVNTHRWFxJz7ShGcrq8/jJe44Kw413 i0hBCoH1XRYla1Jqbx+5yP0S0P2Mm1V80CmwXAB+Znn3TSm12dOzTOiOSmGuu4LlWtP8 27sueyCIaOZYvmi7QVJXUZqPlxbpnRHMv16M6hZLOeiSbmDn6NNv3ii9HOrS/WDU0taD l4hFAQ+QM3LbFJra3btz9ogp/kEX149x6L/NdK5rE4fc4Ku95qfl4a6SObXXpKL/3a6I 2xIA== X-Gm-Message-State: AOAM533Ymb6AhzxE/HReB3Asvl/e2Zper0IsYlFkKpCJ7Ohd3PNcD8YQ 01nSjerDAWDJAumiQ0TP9xo9HWjYtEH35GQR9f39+apiV2s= X-Received: by 2002:aa7:cb53:: with SMTP id w19mr26953081edt.328.1591727210443; Tue, 09 Jun 2020 11:26:50 -0700 (PDT) MIME-Version: 1.0 From: Micah Morton Date: Tue, 9 Jun 2020 11:26:39 -0700 Message-ID: Subject: [GIT PULL] SafeSetID LSM changes for v5.8 To: Linus Torvalds , Linux Kernel Mailing List , linux-security-module Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following changes since commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162: Linux 5.7 (2020-05-31 16:49:15 -0700) are available in the Git repository at: https://github.com/micah-morton/linux.git tags/LSM-add-setgid-hook-5.8 for you to fetch changes up to 04d244bcf92f525011e3df34b21fc39b0591ba93: security: Add LSM hooks to set*gid syscalls (2020-06-09 10:22:13 -0700) ---------------------------------------------------------------- Add additional LSM hooks for SafeSetID SafeSetID is capable of making allow/deny decisions for set*uid calls on a system, and we want to add similar functionality for set*gid calls. The work to do that is not yet complete, so probably won't make it in for v5.8, but we are looking to get this simple patch in for v5.8 since we have it ready. We are planning on the rest of the work for extending the SafeSetID LSM being merged during the v5.9 merge window. This patch was sent to the security mailing list and there were no objections. Signed-off-by: Micah Morton ---------------------------------------------------------------- Micah Morton (1): security: Add LSM hooks to set*gid syscalls include/linux/lsm_hook_defs.h | 2 ++ include/linux/lsm_hooks.h | 9 +++++++++ include/linux/security.h | 9 +++++++++ kernel/sys.c | 15 ++++++++++++++- security/security.c | 6 ++++++ 5 files changed, 40 insertions(+), 1 deletion(-)