Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp5689805pxb; Wed, 26 Jan 2022 18:57:02 -0800 (PST) X-Google-Smtp-Source: ABdhPJzVlMSn3mETcJEPTqgNKiWDbcqnIZRxmjRXLzP2i7Bz+Mw+GXMGc2UYacgxAn+BoJxVZ6// X-Received: by 2002:a17:906:3c16:: with SMTP id h22mr1300485ejg.691.1643252222643; Wed, 26 Jan 2022 18:57:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643252222; cv=none; d=google.com; s=arc-20160816; b=cu5N/8g/RwVnUrx7cmm+A2k94GtJFgpMxF7BDsyCi2/lURoOymZWpyQCFJ2UCbwmMR B6aqBNCp4rwVrNHOiBm0lREAUOmAX1A4547un3e6muQfL0kilcUt/z2SBks59TBsWq3a ZKau0KErjP36uyIy+nF+uAg0j8LJXN+T7bJfRLsGl0SdOouf8KV3uZ2rQV/NYbrUHR7j +CLMpqveRIvDCjv4IUbJwUbX92dbX434TJr4QP3Xzt3Z2utKSpUG4huIzOxezQkkTMYK SZngXNNMYOXt07cJyeEhlq4Xf46WW3af/lBTAN6bVJcpNyxib1vJLge78YMBEJ+3Lnub ls7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=hrY2ypU0UcUzpuu0HvUTLlqvcOyvCuZ5uizVCmG3Y+w=; b=augvmWl3b/fdTIIKYU0o3GfPUGK8RYDK3GE5QS7oqM/sgNQGWy3v1MXP7EPyTE+I5G ezqWm7o/9Vtt1vfzuByePk81jDzaBs+4Qo/tQ0YYcCJ2Y8SrwDG6lVVze4Gns+O7Ty+/ 9cATR1NvBVCZulWYG0UMBuM72st4USZCgcWpWxaChJLHUYTpEsDAZovd3gPbakdiMhdC DW/M3ry24KmiOyMndvec5SOYaopTMM2o+adLxjGmTwlC3PzTKuWMLFOj+ytb+yU0c/8U iMDdMZ9ihUnbWDdjH34QW+5q+3aSXLSUl4InO2Jn9h1IW6e5LLuqxF9hT76nS3MAymvC BRVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=156HEm9g; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 13si609026ejk.406.2022.01.26.18.56.37; Wed, 26 Jan 2022 18:57:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=156HEm9g; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232705AbiAZXBo (ORCPT + 99 others); Wed, 26 Jan 2022 18:01:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37032 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230166AbiAZXBn (ORCPT ); Wed, 26 Jan 2022 18:01:43 -0500 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C8F17C06161C for ; Wed, 26 Jan 2022 15:01:42 -0800 (PST) Received: by mail-ed1-x52e.google.com with SMTP id l5so1222241edv.3 for ; Wed, 26 Jan 2022 15:01:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hrY2ypU0UcUzpuu0HvUTLlqvcOyvCuZ5uizVCmG3Y+w=; b=156HEm9ggPBMtKmoA1cSwYVY8LRaPIaePKKm5brqfy6Hg5Vd33JEYnRffn1YfXbjBu 5PQzcEDO2OOp7L+L6hE8FjtNF0o+9euUc80AUFcW7DsXEZuOsgyf7fn/a2Kr+k81kO0h X501ZPQTRFaCNdwavx84Jv8iUjqaVQfhEI96RUn7DENBN30GVn6NnsRFBOyAAWk+KYXC An/BnQdJQbQlNc/xdYqaDO28aQ4WChARmRIfQZMcgbols5NU8GKsDcgem0fX8YQor+1n 97Aa0aEfyAwAgVtcZFHN/yWwZmevAJrOHiD7oktGU3yyrHiCHwAI8/hupVG/wMRZqQ9d uTZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hrY2ypU0UcUzpuu0HvUTLlqvcOyvCuZ5uizVCmG3Y+w=; b=6eU6FSedJz+yS/8NOHnJXGmHPv0rl/ADX6kqhpDISU27db0k4YqFcQLnTeYxGMjbqt rpH161jZEkee+epzqURS3WTf+Ky3Axo0pTTSWSm2RT9pJwEwHh8vI8g9qqBKQ/8+mqHF CIvJ/oSkNbXCN4hdLEru2JxnHEdDmzNLXyCpaP/t73FYocnd6qI++j2E52jq/j7v2nGG 15MVBGBZs9dGsIviLtgPdwNPOxjnNL0kR5IekmM/VuiUwQ88aE5CZWkXSlhY6Lq8f/yo ilPZwuNlqGHe2G57lmQCilGuzjcm/cn9+KWBXTTWyNQx78ekBldftmRoC9t6VzBTYyyJ En/g== X-Gm-Message-State: AOAM530F2oMU+IPiSzQdKA2jJzBADfp4nbI3HAanCtZGKQJWTs6Mrvf5 b2eL3Ixs58JQbO/MijfcK4kKxdAJuqLW5xBv7/+U X-Received: by 2002:a50:ef16:: with SMTP id m22mr1130661eds.340.1643238101310; Wed, 26 Jan 2022 15:01:41 -0800 (PST) MIME-Version: 1.0 References: <20220125143304.34628-1-cgzones@googlemail.com> In-Reply-To: <20220125143304.34628-1-cgzones@googlemail.com> From: Paul Moore Date: Wed, 26 Jan 2022 18:01:30 -0500 Message-ID: Subject: Re: [RFC PATCH] mm: create security context for memfd_secret inodes To: =?UTF-8?Q?Christian_G=C3=B6ttsche?= Cc: selinux@vger.kernel.org, James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, Stephen Smalley , Eric Paris , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 25, 2022 at 9:33 AM Christian G=C3=B6ttsche wrote: > > Create a security context for the inodes created by memfd_secret(2) via > the LSM hook inode_init_security_anon to allow a fine grained control. > As secret memory areas can affect hibernation and have a global shared > limit access control might be desirable. > > Signed-off-by: Christian G=C3=B6ttsche > --- > An alternative way of checking memfd_secret(2) is to create a new LSM > hook and e.g. for SELinux check via a new process class permission. > --- > mm/secretmem.c | 9 +++++++++ > 1 file changed, 9 insertions(+) This seems reasonable to me, and I like the idea of labeling the anon inode as opposed to creating a new set of LSM hooks. If we want to apply access control policy to the memfd_secret() fds we are going to need to attach some sort of LSM state to the inode, we might as well use the mechanism we already have instead of inventing another one. > diff --git a/mm/secretmem.c b/mm/secretmem.c > index 22b310adb53d..b61cd2f661bc 100644 > --- a/mm/secretmem.c > +++ b/mm/secretmem.c > @@ -164,11 +164,20 @@ static struct file *secretmem_file_create(unsigned = long flags) > { > struct file *file =3D ERR_PTR(-ENOMEM); > struct inode *inode; > + const char *anon_name =3D "[secretmem]"; > + const struct qstr qname =3D QSTR_INIT(anon_name, strlen(anon_name= )); > + int err; > > inode =3D alloc_anon_inode(secretmem_mnt->mnt_sb); > if (IS_ERR(inode)) > return ERR_CAST(inode); > > + err =3D security_inode_init_security_anon(inode, &qname, NULL); > + if (err) { > + file =3D ERR_PTR(err); > + goto err_free_inode; > + } > + > file =3D alloc_file_pseudo(inode, secretmem_mnt, "secretmem", > O_RDWR, &secretmem_fops); > if (IS_ERR(file)) > -- > 2.34.1 --=20 paul-moore.com