Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4725549rwd; Tue, 23 May 2023 11:31:06 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4oS39CCYK/wJnTnopJhtV8vPmNNJ6kAcT/+lmahh8naiISastJ7IAKkwPYSpkJ4BVLN4RA X-Received: by 2002:a05:6a00:1acc:b0:63d:4752:4da3 with SMTP id f12-20020a056a001acc00b0063d47524da3mr19096434pfv.25.1684866666628; Tue, 23 May 2023 11:31:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684866666; cv=none; d=google.com; s=arc-20160816; b=dW+BwB4+J1u4YDPRHn/3XdVjYuW7crd5vF6HR3pVmIN1+gWjARjHl4fY3OL3oe0E5K HeHV0YK8v7hGl86JSWRiCDqYzOF4u7iPyZ5T1+YaicBLnoN75DNL5XRUIENZL0DtuSPs V/IEX97XMohrOJJOEpNFclRDDHWUoe/1XT6fT7oXHLIV2QJzWeLeispHZ4zT1CQtEsVM kgSWE/SfeR/wq7NmIDC/BoaQX6jpsknX7trlEaXtZW8WYY5DZ3j0iaDNHi87s4Eskv+H yrD1v7ctX+Yjg2L++IL6K29OuXBNmM10IOj29SdWOlMSLycqCpauPBhkGg8+L9UyjUVu 5myQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=BDi0EUIF+xc//kmdFaxsPGdDVrHBBOXPVNcw7FtRbqk=; b=sXfujQ3RkOvV5liJ1a0etSemzov0110slPkaxWuI4A12jB6/Yo436oJvT+p/7FciWo UfJGpvYrnHWpAiWKWWSW+JYNohen+uWv98NCtuMhYnR/8uWWcMDAKdrPohAAO6bECX2n 8CE4wqgQmlybZBUcCo84W3vVIRYU1fb1PRdbksbchQ91/z/e6xGZHEOpXwRwW2BZ2Q30 4IVDR4m2nF8Tszwl1Z30egXaqusD8zVPiUdgw0Msa6U/oAcQ0wZ6hWrfKFfjaozxQk8y zGJhuM4lSpLT0ff5MYaJpDtKJvnALCaWZ//lX3z71YmleRIN1+P7BWMWrLIXweRt8Sb2 qZYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=rv2cB8Hb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r12-20020aa7988c000000b0063b7bb98251si1202820pfl.216.2023.05.23.11.30.51; Tue, 23 May 2023 11:31:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=rv2cB8Hb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237681AbjEWSZt (ORCPT + 99 others); Tue, 23 May 2023 14:25:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237518AbjEWSZr (ORCPT ); Tue, 23 May 2023 14:25:47 -0400 Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29E4D120; Tue, 23 May 2023 11:25:37 -0700 (PDT) Received: by mail-vs1-xe30.google.com with SMTP id ada2fe7eead31-4392f532cdaso2764622137.3; Tue, 23 May 2023 11:25:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1684866336; x=1687458336; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=BDi0EUIF+xc//kmdFaxsPGdDVrHBBOXPVNcw7FtRbqk=; b=rv2cB8HbB9ut8R7MKZXeukWX44msdpuRltrNUIk6Q76XBMc78At3Kq3IbuHkRRa6/z iWK65yAuwSsOI8OIQTv+rG1Z8bdaju5opZh946ZoE5nahGgDJD2XqiL3WAqmJ6yZtZSZ ZdHtcAbARaedT51hBcSrB5rPSwfVPKD83HRYjRZUpPJ84K/1pL5nIRp3BtQ9/qZDlkE+ tv36teekdfSNbs4Reb+qXVJAeorRHZVb59XSF19NWM0Tme3aC5OEWobCGrGJiCu+8zcR RgglftdqqZszYbLQ5tK0JQIISLN391T8b/nWRbNE8z9nHuvtW7BZfZAjGXLJWN8AlzTZ y3NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684866336; x=1687458336; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BDi0EUIF+xc//kmdFaxsPGdDVrHBBOXPVNcw7FtRbqk=; b=AiG3Ql74CzHXx/w250cYDQnXQQkI/HjT8amUwY0I4I5ELg5KpCXmpX5dG3yluRz+G4 RFtPZGBPMynQldQ0d/AJcw9+wC4CmkoZ5uiWimm4CflI1e0Jr8x7j4Bq1VYVxc3TCxP8 5ANjDkeCKv2pALBO/OY5mjXWGGnBYjYud/dK7uLsjL2yQf18OCKD0xNEwZY+bP/42KXv bC1S7pnhJ466eOEpsinjlRyUFnJKYiCdAEL5de9YUxk+wbe4XubJVljZFK6Yh+RY0WQ8 Mh3d1IUZ8Knquh8irb1/mFVWTUGNjP2i96vnrU1Chg1RLqmFOFoJvc/iljgIwuyrc00i rMyw== X-Gm-Message-State: AC+VfDwh+LvEP4mcJsTfaYPIdd7d4qZWJHWQNnA2t4oS5AzEGTEpfLVx 88L48POWusqoPgy7/4oxaWls268OKocoEWrB7hr/yKxRNOs= X-Received: by 2002:a67:ed8d:0:b0:434:6d1f:9032 with SMTP id d13-20020a67ed8d000000b004346d1f9032mr4370411vsp.14.1684866336124; Tue, 23 May 2023 11:25:36 -0700 (PDT) MIME-Version: 1.0 References: <20230511123213.722912-1-cgzones@googlemail.com> <6301fdfd0927df2b2fd7a4f2b384e477.paul@paul-moore.com> In-Reply-To: From: =?UTF-8?Q?Christian_G=C3=B6ttsche?= Date: Tue, 23 May 2023 20:25:25 +0200 Message-ID: Subject: Re: [PATCH] selinux: deprecated fs ocon To: Paul Moore Cc: selinux@vger.kernel.org, Stephen Smalley , Eric Paris , Xiu Jianfeng , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 18 May 2023 at 22:18, Paul Moore wrote: > > On Thu, May 18, 2023 at 1:56=E2=80=AFPM Paul Moore = wrote: > > On May 11, 2023 =3D?UTF-8?q?Christian=3D20G=3DC3=3DB6ttsche?=3D wrote: > > > > > > The object context type `fs`, not to be confused with the well used > > > object context type `fscon`, was introduced in the initial git commit > > > 1da177e4c3f4 ("Linux-2.6.12-rc2") but never actually used since. > > > > > > The paper "A Security Policy Configuration for the Security-Enhanced > > > Linux" [1] mentions it under `7.2 File System Contexts` but also stat= es: > > > > > > Currently, this configuration is unused. > > > > > > The policy statement defining such object contexts is `fscon`, e.g.: > > > > > > fscon 2 3 gen_context(system_u:object_r:conA_t,s0) gen_context(sy= stem_u:object_r:conB_t,s0) > > > > > > It is not documented at selinuxproject.org or in the SELinux notebook > > > and not supported by the Reference Policy buildsystem - the statement= is > > > not properly sorted - and thus not used in the Reference or Fedora > > > Policy. > > > > > > Print a warning message at policy load for each such object context: > > > > > > SELinux: void and deprecated fs ocon 02:03 > > > > > > This topic was initially highlighted by Nicolas Iooss [2]. > > > > > > [1]: https://media.defense.gov/2021/Jul/29/2002815735/-1/-1/0/SELINUX= -SECURITY-POLICY-CONFIGURATION-REPORT.PDF > > > [2]: https://lore.kernel.org/selinux/CAJfZ7=3DmP2eJaq2BfO3y0VnwUJaY2c= S2p=3DHZMN71z1pKjzaT0Eg@mail.gmail.com/ > > > > > > Signed-off-by: Christian G=C3=B6ttsche > > > --- > > > security/selinux/ss/policydb.c | 4 ++++ > > > security/selinux/ss/policydb.h | 2 +- > > > 2 files changed, 5 insertions(+), 1 deletion(-) > > > > Thanks, this is a nice catch, although some minor suggestions below ... > > > > > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/pol= icydb.c > > > index 97c0074f9312..31b08b34c722 100644 > > > --- a/security/selinux/ss/policydb.c > > > +++ b/security/selinux/ss/policydb.c > > > @@ -2257,6 +2257,10 @@ static int ocontext_read(struct policydb *p, c= onst struct policydb_compat_info * > > > if (rc) > > > goto out; > > > > > > + if (i =3D=3D OCON_FS) > > > + pr_warn("SELinux: void and dep= recated fs ocon %s\n", > > > + c->u.name); > > > > Instead of having to check if 'i =3D=3D OCON_FS', why not simply put th= e > > pr_warn() call up in the OCON_FS case block on line ~2249 and let it > > continue to fallthrough to the OCON_NETIF block? > > Bah, nevermind, you need to leave it here because of the 'c->u.name' > in the pr_warn(). If you're okay with me adjusting the deprecation > comment (below) during the merge I'll can merge this now ... ? Yes, please feel free to adjust the inline comment. > > > > rc =3D context_read_and_validate(&c->co= ntext[0], p, fp); > > > if (rc) > > > goto out; > > > diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/pol= icydb.h > > > index ffc4e7bad205..39cd6222e1a8 100644 > > > --- a/security/selinux/ss/policydb.h > > > +++ b/security/selinux/ss/policydb.h > > > @@ -225,7 +225,7 @@ struct genfs { > > > > > > /* object context array indices */ > > > #define OCON_ISID 0 /* initial SIDs */ > > > -#define OCON_FS 1 /* unlabeled file systems */ > > > +#define OCON_FS 1 /* unlabeled file systems (deprecated= in 6.5) */ > > > > Since you are likely re-spinning this (see above), I would just leave > > it as "(deprecated)"; those that want to know where it was deprecated > > can always check the git log/tags. > > > > > #define OCON_PORT 2 /* TCP and UDP port numbers */ > > > #define OCON_NETIF 3 /* network interfaces */ > > > #define OCON_NODE 4 /* nodes */ > > > -- > > > 2.40.1 > > -- > paul-moore.com