Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1640343pxf; Fri, 19 Mar 2021 11:47:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxfZrnvC2y3T6tlQtOnzJHSeUFEa0mn0438qARrfWeLFtD/t0TO9S7qsefgFVMTncngi9e4 X-Received: by 2002:a17:907:7683:: with SMTP id jv3mr5956636ejc.450.1616179654309; Fri, 19 Mar 2021 11:47:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616179654; cv=none; d=google.com; s=arc-20160816; b=zR5KfMI3n3evkaIXJUu8z4G6BzTt1LW9bU6TrQksyaEn8ZiIPKMWRWLrF5JSldAbt4 W9/zQa8UcRCOcJFt/lNCrS45DUlozc7CJXrGS5MnEeaQUPHx+UdNB7eE7xqfukAzkSjp Chx2yDKlcnSeYV6mSJkqBeN9IBFXxz6HmbMTDjR79KcsDF+JUvPp8yWY+oOYT92XTfKe 3NeRE+F+3L6/S5t37p6KVJFWExq35HGElrmNYy8s75As8Y76TDH1ccOp4k6A4wf/sD6D VsQAKLy9bARlSyXn4KxLOUlH+MmcJG9uG75oJI6pLfwr5z47ie4b4zR5l3sOEn8uaJ0p AX0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Sb8mG2TwoLcJMKUkEkVhAmXUHbnUNYxK1v1iC8KimUA=; b=CZFIzemb6K7YaE1ffp5WW4cBGkoyug/3tTFoGxyU8A2ewATAYf3pEkH0Lgcib4cYaw r8Nf3vkRbBVuIMG1FRUQhqDvMmAcP0koamZbERKc1Vaxtd9j+dAQaemkz1VoFrG2QDty xgTDuz/jzhKIDOteXOAMU0dpnUdsmvQ/yv0xj0A+9+jf167LSCFfm3V5fBJWGlFdGPaI 4x8ySGKpRcECdhfIjcxPkVqza2mRG1pznxSUC3ePX6gbLzwcObU7S/BL0JiCuPTETQvi 26EOi5wk/xQ0lTPjNvigPf20nJGmxijhC9pLcb8oM0p+v/hlCdsTvXIsCpS4ODqojOWu aitw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=CmUS9RcC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x27si4987768edi.240.2021.03.19.11.47.11; Fri, 19 Mar 2021 11:47:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=CmUS9RcC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230341AbhCSSqD (ORCPT + 99 others); Fri, 19 Mar 2021 14:46:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230480AbhCSSpR (ORCPT ); Fri, 19 Mar 2021 14:45:17 -0400 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EE41C06175F for ; Fri, 19 Mar 2021 11:45:16 -0700 (PDT) Received: by mail-pj1-x1036.google.com with SMTP id k23-20020a17090a5917b02901043e35ad4aso7113894pji.3 for ; Fri, 19 Mar 2021 11:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=Sb8mG2TwoLcJMKUkEkVhAmXUHbnUNYxK1v1iC8KimUA=; b=CmUS9RcCmK5o96Fk6zyoSVLADipDZJ38jBX+VRx8vf9lsD2CgWWYfDsPUIj3QczMWR AaiQadC5iuMOJEZRtQ6ZIcrfB1K5dnxHEEaSckKGDMsCD0J7OswnuO4wDM0nDIwrNKLj 2OqV6blXxkO3bm9u9mMktQ68Ql9zMUKo57h4I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=Sb8mG2TwoLcJMKUkEkVhAmXUHbnUNYxK1v1iC8KimUA=; b=CebRC1FkRPMRElbayS8RjDAh0A5w8mxLQR7eNzlMR+2Sm7h/63WGjGbyTuqCLRfgwT Hbt4RQYoaF8zdCnvb5gaJUuwq9vX+vLO5F7EzBxq+rz+igUOtluURunKC+OIYl5waB1Q VGoYzEIuGJFOCJGuX0fT2+P4M4qWUQtxB3zOZMB8oMVXiOknHPuhG3Y2Bhyy6nt08Ny2 xlJHHS4Z21lw5UOHgjz8ahEpM0/W3b/GKQUd22xOoZdK2+qCME5X2N73BfxtbkQZByL7 ST6Cx0CRYNpXs+0pw7/K78UqTAB6EQpgX3aya3l+zyR/3RKdeKVw1JB6Q6sLpeyeKUEI g0iA== X-Gm-Message-State: AOAM533EEGbPSOcZQQTURD8MfUuiD8Hzcu+YqcIzsPBmc6hepShARLcw fYfs2HxBhY8q7E3680nb095XYg== X-Received: by 2002:a17:902:d481:b029:e4:8afa:8524 with SMTP id c1-20020a170902d481b02900e48afa8524mr15809510plg.52.1616179515805; Fri, 19 Mar 2021 11:45:15 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 132sm6172474pfu.158.2021.03.19.11.45.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Mar 2021 11:45:15 -0700 (PDT) Date: Fri, 19 Mar 2021 11:45:14 -0700 From: Kees Cook To: =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= Cc: James Morris , Jann Horn , "Serge E . Hallyn" , Al Viro , Andrew Morton , Andy Lutomirski , Anton Ivanov , Arnd Bergmann , Casey Schaufler , David Howells , Jeff Dike , Jonathan Corbet , Michael Kerrisk , Richard Weinberger , Shuah Khan , Vincent Dagonneau , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-security-module@vger.kernel.org, x86@kernel.org, =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= Subject: Re: [PATCH v30 03/12] landlock: Set up the security framework and manage credentials Message-ID: <202103191140.7D1F10CBFD@keescook> References: <20210316204252.427806-1-mic@digikod.net> <20210316204252.427806-4-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20210316204252.427806-4-mic@digikod.net> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 16, 2021 at 09:42:43PM +0100, Micka?l Sala?n wrote: > config LSM > string "Ordered list of enabled LSMs" > - default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK > - default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR > - default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO > - default "lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC > - default "lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf" > + default "landlock,lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK > + default "landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR > + default "landlock,lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO > + default "landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC > + default "landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf" > help > A comma-separated list of LSMs, in initialization order. > Any LSMs left off this list will be ignored. This can be There was some discussion long ago about landlock needing to be last in the list because it was unprivileged. Is that no longer true? (And what is the justification for its position in the list?) > diff --git a/security/landlock/common.h b/security/landlock/common.h > new file mode 100644 > index 000000000000..5dc0fe15707d > --- /dev/null > +++ b/security/landlock/common.h > @@ -0,0 +1,20 @@ > +/* SPDX-License-Identifier: GPL-2.0-only */ > +/* > + * Landlock LSM - Common constants and helpers > + * > + * Copyright ? 2016-2020 Micka?l Sala?n > + * Copyright ? 2018-2020 ANSSI > + */ > + > +#ifndef _SECURITY_LANDLOCK_COMMON_H > +#define _SECURITY_LANDLOCK_COMMON_H > + > +#define LANDLOCK_NAME "landlock" > + > +#ifdef pr_fmt > +#undef pr_fmt > +#endif When I see "#undef pr_fmt" I think there is a header ordering problem. > [...] Everything else looks like regular boilerplate for an LSM. :) Reviewed-by: Kees Cook -- Kees Cook