Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp2837100ioo; Tue, 24 May 2022 07:06:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxgq8P91VZuGNOuWebisgREOL4cFcapQl9uI3OvkM/rNF8uuTyb2fuhF9ZlwGTnYEPN+Sq0 X-Received: by 2002:a17:90b:1d90:b0:1df:d0ae:1443 with SMTP id pf16-20020a17090b1d9000b001dfd0ae1443mr4754025pjb.122.1653401177496; Tue, 24 May 2022 07:06:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653401177; cv=none; d=google.com; s=arc-20160816; b=JDhTNY102aXfcCiJ/FJjjfrVg2vCCdWg02z6rn65NrB/YDiitN+DweBGP7kVn8GgHd Je2b11c9NToyCtjBJ2g/vxbzesgG2z0Z5Bp7NHls0OG4MGMP2+IGKGrff2nqj9S5MHlX HrBuFzXlA+KgFOoHrjWgaH3/+SNmSsSOizxhr4RmacKMj9rH6GHq2rm3Jgt5pnzSkTIK jFNdVdanI8ZzAimynxv8LE92HqJMRg0YlcaRs+uKaBLX4MNbnePOz3w+lgmUOU//kEFd CLL5O7TZbQprxY95zwC/CSHQLwrWARTXxzqG5YFPVLydRZC/qOhFOKS6YX76RkVeiruf aB3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=qZODpqFwVOu9imLO2DLb89vkcW+eAv0FCCFk93WM9fQ=; b=YkG2eCi0fGiP59iD9ZLXkpEgGqld85oZjbQjQLyDxcZOQJf+cGTsvuBLQecrBhJYii /HMgNBgLqABTDODdPgBZEhIDwidxb1jh7oX29O879Gr9N342gzkzPjUgucBV/DIe/9hi gQ2CWCQyf+0YQR/UEK2YAxHIhkxt2U2hZLkrZPVO/hUpHQ9a8OokqIu6HO5sg2UdmK/7 +BF5G7GmjG8ndt3ftmtXP5Zx1YQiwU4eOS3t0KRcdYa/5Tfj6nQNnhaWZ18DGr94wcC2 nbGShPIMdd5j3C7EF36fDUywAhtOscuEDYquSnTnxLvLNEnl1ZSMhwSWYVAAsX0pA807 +7gA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="raCpb/Wv"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nv12-20020a17090b1b4c00b001cb133b45f3si3657212pjb.143.2022.05.24.07.05.59; Tue, 24 May 2022 07:06:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="raCpb/Wv"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237699AbiEXNUE (ORCPT + 99 others); Tue, 24 May 2022 09:20:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235487AbiEXNUC (ORCPT ); Tue, 24 May 2022 09:20:02 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 495D198095; Tue, 24 May 2022 06:20:01 -0700 (PDT) Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 24OCjcAb029586; Tue, 24 May 2022 13:19:32 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=qZODpqFwVOu9imLO2DLb89vkcW+eAv0FCCFk93WM9fQ=; b=raCpb/Wvwimv+0qs58BtbqK29AbF0EbRuF+oRdpZtLs4XGYlbn1b711MbZu2xR5Deai7 HjXFfHg9+0j+So74CmMyp52dIZdkY1wHv2PRD1a66Oc8fs4BWDGv/IuOmNn2JT5Zgf5+ fFK2NE/ypHwENKE365U38WDeZH6BbROAt7C++stztTGyp83Za5kq1Ur49apAwyPBPLMC jHWcLTnoK8v6YXtgYSYgu2tgLrYfk8SNW7n5Of9/emwVrPtjYYqX2wp87CLk3jgPPUXF rPmgdlF5UYYwiUX9vCrSoGcGxMxsxXIvnJ5go0/QHxyAlLrc5PIVwFzRuaY9cN48UsVF kw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3g8yna8shk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 May 2022 13:19:31 +0000 Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 24OD7aif027682; Tue, 24 May 2022 13:19:31 GMT Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3g8yna8sha-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 May 2022 13:19:31 +0000 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 24ODIuH6012350; Tue, 24 May 2022 13:19:30 GMT Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma03wdc.us.ibm.com with ESMTP id 3g6qq9r4fv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 May 2022 13:19:30 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 24ODJTas24576346 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 May 2022 13:19:29 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2080978063; Tue, 24 May 2022 13:19:29 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9DF7878067; Tue, 24 May 2022 13:19:26 +0000 (GMT) Received: from [9.47.158.152] (unknown [9.47.158.152]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 24 May 2022 13:19:26 +0000 (GMT) Message-ID: Date: Tue, 24 May 2022 09:19:26 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0 Subject: Re: [PATCH v12 23/26] ima: Show owning user namespace's uid and gid when displaying policy Content-Language: en-US To: "Serge E. Hallyn" Cc: linux-integrity@vger.kernel.org, zohar@linux.ibm.com, christian.brauner@ubuntu.com, containers@lists.linux.dev, dmitry.kasatkin@gmail.com, ebiederm@xmission.com, krzysztof.struczynski@huawei.com, roberto.sassu@huawei.com, mpeters@redhat.com, lhinds@redhat.com, lsturman@redhat.com, puiterwi@redhat.com, jejb@linux.ibm.com, jamjoom@us.ibm.com, linux-kernel@vger.kernel.org, paul@paul-moore.com, rgb@redhat.com, linux-security-module@vger.kernel.org, jmorris@namei.org, jpenumak@redhat.com References: <20220420140633.753772-1-stefanb@linux.ibm.com> <20220420140633.753772-24-stefanb@linux.ibm.com> <20220522175452.GB24519@mail.hallyn.com> From: Stefan Berger In-Reply-To: <20220522175452.GB24519@mail.hallyn.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: rtUV8HzU-sn-srON6l5ot-o0FFSQ1kLt X-Proofpoint-ORIG-GUID: ksryRKuSnqf6b1Ga2LNHDakXKDApaO99 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.874,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-05-24_07,2022-05-23_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 clxscore=1015 mlxscore=0 priorityscore=1501 bulkscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2205240066 X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/22/22 13:54, Serge E. Hallyn wrote: > On Wed, Apr 20, 2022 at 10:06:30AM -0400, Stefan Berger wrote: >> Show the uid and gid values relative to the user namespace that is >> currently active. The effect of this changes is that when one displays > > When you say "is currently active", in my mind it's not clear whether you > mean in the process which opened the seq_file, or is active in the ima_ns, > or the reader (which might I guess be differenet still). The code of > course does make it clear. Can you change it to say "the user namespace > which opened the policy_show file" or something like that? > > Also, s/The effect of this changes/The effect of this change/. > >> the policy from the user namespace that originally set the policy, >> the same uid and gid values are shown in the policy as those that were >> used when the policy was set. >> >> Signed-off-by: Stefan Berger >> Reviewed-by: Mimi Zohar >> > > Reviewed-by: Serge Hallyn I modified the text above now to state: Show the uid and gid values relative to the user namespace that opened the IMA policy file. The effect of this change is that when one displays the policy from the user namespace that originally set the policy, the same uid and gid values are shown in the policy as those that were used when the policy was set. Thanks. Stefan > >> --- >> v9: >> - use seq_user_ns and from_k{g,u}id_munged() >> --- >> security/integrity/ima/ima_policy.c | 19 +++++++++++++------ >> 1 file changed, 13 insertions(+), 6 deletions(-) >> >> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c >> index eb10d895923d..4f8c50ddb777 100644 >> --- a/security/integrity/ima/ima_policy.c >> +++ b/security/integrity/ima/ima_policy.c >> @@ -2018,6 +2018,7 @@ static void ima_policy_show_appraise_algos(struct seq_file *m, >> >> int ima_policy_show(struct seq_file *m, void *v) >> { >> + struct user_namespace *user_ns = seq_user_ns(m); >> struct ima_rule_entry *entry = v; >> int i; >> char tbuf[64] = {0,}; >> @@ -2103,7 +2104,8 @@ int ima_policy_show(struct seq_file *m, void *v) >> } >> >> if (entry->flags & IMA_UID) { >> - snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); >> + snprintf(tbuf, sizeof(tbuf), >> + "%d", from_kuid_munged(user_ns, entry->uid)); >> if (entry->uid_op == &uid_gt) >> seq_printf(m, pt(Opt_uid_gt), tbuf); >> else if (entry->uid_op == &uid_lt) >> @@ -2114,7 +2116,8 @@ int ima_policy_show(struct seq_file *m, void *v) >> } >> >> if (entry->flags & IMA_EUID) { >> - snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); >> + snprintf(tbuf, sizeof(tbuf), >> + "%d", from_kuid_munged(user_ns, entry->uid)); >> if (entry->uid_op == &uid_gt) >> seq_printf(m, pt(Opt_euid_gt), tbuf); >> else if (entry->uid_op == &uid_lt) >> @@ -2125,7 +2128,8 @@ int ima_policy_show(struct seq_file *m, void *v) >> } >> >> if (entry->flags & IMA_GID) { >> - snprintf(tbuf, sizeof(tbuf), "%d", __kgid_val(entry->gid)); >> + snprintf(tbuf, sizeof(tbuf), >> + "%d", from_kgid_munged(user_ns, entry->gid)); >> if (entry->gid_op == &gid_gt) >> seq_printf(m, pt(Opt_gid_gt), tbuf); >> else if (entry->gid_op == &gid_lt) >> @@ -2136,7 +2140,8 @@ int ima_policy_show(struct seq_file *m, void *v) >> } >> >> if (entry->flags & IMA_EGID) { >> - snprintf(tbuf, sizeof(tbuf), "%d", __kgid_val(entry->gid)); >> + snprintf(tbuf, sizeof(tbuf), >> + "%d", from_kgid_munged(user_ns, entry->gid)); >> if (entry->gid_op == &gid_gt) >> seq_printf(m, pt(Opt_egid_gt), tbuf); >> else if (entry->gid_op == &gid_lt) >> @@ -2147,7 +2152,8 @@ int ima_policy_show(struct seq_file *m, void *v) >> } >> >> if (entry->flags & IMA_FOWNER) { >> - snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner)); >> + snprintf(tbuf, sizeof(tbuf), >> + "%d", from_kuid_munged(user_ns, entry->fowner)); >> if (entry->fowner_op == &uid_gt) >> seq_printf(m, pt(Opt_fowner_gt), tbuf); >> else if (entry->fowner_op == &uid_lt) >> @@ -2158,7 +2164,8 @@ int ima_policy_show(struct seq_file *m, void *v) >> } >> >> if (entry->flags & IMA_FGROUP) { >> - snprintf(tbuf, sizeof(tbuf), "%d", __kgid_val(entry->fgroup)); >> + snprintf(tbuf, sizeof(tbuf), >> + "%d", from_kgid_munged(user_ns, entry->fgroup)); >> if (entry->fgroup_op == &gid_gt) >> seq_printf(m, pt(Opt_fgroup_gt), tbuf); >> else if (entry->fgroup_op == &gid_lt) >> -- >> 2.34.1