Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp2240538rdb; Thu, 21 Sep 2023 12:31:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGJfcsfQeVdsPQaNCmCvOAYDi1PN1fCHyJA0VAde1OsrL3fj6o/5sOwCkMiFZ2IcdMCsi1L X-Received: by 2002:a17:903:1cc:b0:1bc:9c70:b955 with SMTP id e12-20020a17090301cc00b001bc9c70b955mr4917190plh.28.1695324694545; Thu, 21 Sep 2023 12:31:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695324694; cv=none; d=google.com; s=arc-20160816; b=jl1cr+ATmdOfDFvGmYDCmB+6LjygoBMNQYf/Q+s0e9qX5W3XGyT+m83gp2wXC66aTF yXMTIORrf5T1VzcRCKdj23UUZ2fKTMiggtEyiCkkXyZB5IfPuPiBWX2DOehkAy/SxWZc 23MeH7MD0vFGMQVN1WNKrslgrdvapEvRJdBNtIZRWLnj5DW2t7k/nFsO39Q5HACAnYAr 1Kpm8sEh+3GF/oqZLNf3y8/ivlixDqV5NKO7Xpt3NVS1LsZPxUFXQQSaObSMaeqTYcMv uaerZsXFISvjTlXypp1x0uEemleEK7KJPtHS2oXmSY6XNxHVhuFfzs2daxDUJj8oxEQz QMhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=FkyOCOQFc6H9zbM4H9XKWw9B2NihKl4yiT3D9RHdXjw=; fh=dumNNbCJCjvHrFPBOgtHY87pJHoJgAB5Wq5oWhKArCo=; b=lnLw2SoJUfqGrYiNvVRkoqqP/LxTbIr89xtKb1fCysprPFPySU6vrj3UnecZYD/sn1 9OQb0eT4OyIHThYez0Ss3Wu0+mFa+cnhPVdo6fhNsyV78SuZhdGvcUQGDBrPxAZ8S0jY iiPMEo3Cbvo2B6cSsJ20dv3TXXtfysWJd4vEUu2Dxty4/z6JKpxAHMgGOVeqv561902G 4swM7OMuSwltYxMi+uKPEpKUg4dXyj/c3Y/jFpF/C2IwAOXSNpk4aN97Sl0KeRR8fIs2 Cwr+NcDEUg1Of3rKsvPpvve+8PTaUr08+dPfWBe8KkGn+WIr0HViFb4vzX9xRsoGAdRV YLcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=KkZZDXG0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id h7-20020a170902f54700b001c3e9b0bae1si2198941plf.443.2023.09.21.12.31.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Sep 2023 12:31:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=KkZZDXG0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id A96A081A9A60; Thu, 21 Sep 2023 12:28:39 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230315AbjIUT20 (ORCPT + 99 others); Thu, 21 Sep 2023 15:28:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43688 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229849AbjIUT1w (ORCPT ); Thu, 21 Sep 2023 15:27:52 -0400 Received: from smtp-8fac.mail.infomaniak.ch (smtp-8fac.mail.infomaniak.ch [IPv6:2001:1600:4:17::8fac]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35688A9FF for ; Thu, 21 Sep 2023 10:07:29 -0700 (PDT) Received: from smtp-2-0000.mail.infomaniak.ch (unknown [10.5.36.107]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4RrlYB1SMrzMqhBb; Thu, 21 Sep 2023 06:17:02 +0000 (UTC) Received: from unknown by smtp-2-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4RrlY94vr5zMpnPm; Thu, 21 Sep 2023 08:17:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1695277022; bh=pwiClldhXZTIfu2VonXNuU9Opgc7X09SctOzocW98K0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KkZZDXG0h5eg5qf9E5uRpx65dfe7+huAplBMEQEh2rZJAX7DRa8SoWlQwaBZsd4md hMgYWcsBPnorxQyG6aAANU34q5RipSKJIFqxAR4pakJujsnoKb1KohJ9LUfeitYlEv fj+woUen9V4VTxCXcOd9rMxfs3wKs5gaJOOziVXQ= From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: Eric Paris , James Morris , Paul Moore , "Serge E . Hallyn" Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Ben Scarlato , =?UTF-8?q?G=C3=BCnther=20Noack?= , Jeff Xu , Jorge Lucangeli Obes , Konstantin Meskhidze , Shervin Oloumi , audit@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [RFC PATCH v1 4/7] landlock: Log domain creation and enforcement Date: Thu, 21 Sep 2023 08:16:38 +0200 Message-ID: <20230921061641.273654-5-mic@digikod.net> In-Reply-To: <20230921061641.273654-1-mic@digikod.net> References: <20230921061641.273654-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Infomaniak-Routing: alpha X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 21 Sep 2023 12:28:39 -0700 (PDT) Add audit support for domain creation, i.e. task self-restriction. Signed-off-by: Mickaël Salaün --- security/landlock/audit.c | 24 ++++++++++++++++++++++++ security/landlock/audit.h | 8 ++++++++ security/landlock/syscalls.c | 4 ++++ 3 files changed, 36 insertions(+) diff --git a/security/landlock/audit.c b/security/landlock/audit.c index f58bd529784a..d9589d07e126 100644 --- a/security/landlock/audit.c +++ b/security/landlock/audit.c @@ -84,6 +84,30 @@ void landlock_log_create_ruleset(struct landlock_ruleset *const ruleset) audit_log_end(ab); } +void landlock_log_restrict_self(struct landlock_ruleset *const domain, + struct landlock_ruleset *const ruleset) +{ + struct audit_buffer *ab; + + WARN_ON_ONCE(domain->id); + WARN_ON_ONCE(!ruleset->id); + + ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_LANDLOCK); + if (!ab) + /* audit_log_lost() call */ + return; + + domain->hierarchy->id = + atomic64_inc_return(&ruleset_and_domain_counter); + log_task(ab); + audit_log_format(ab, " op=restrict-self domain=%llu ruleset=%llu", + domain->hierarchy->id, ruleset->id); + audit_log_format( + ab, " parent=%llu", + domain->hierarchy->parent ? domain->hierarchy->parent->id : 0); + audit_log_end(ab); +} + /* * This is useful to know when a domain or a ruleset will never show again in * the audit log. diff --git a/security/landlock/audit.h b/security/landlock/audit.h index 2666e9151627..bc17dc8ca6f1 100644 --- a/security/landlock/audit.h +++ b/security/landlock/audit.h @@ -16,6 +16,8 @@ #ifdef CONFIG_AUDIT void landlock_log_create_ruleset(struct landlock_ruleset *const ruleset); +void landlock_log_restrict_self(struct landlock_ruleset *const domain, + struct landlock_ruleset *const ruleset); void landlock_log_release_ruleset(const struct landlock_ruleset *const ruleset); #else /* CONFIG_AUDIT */ @@ -25,6 +27,12 @@ landlock_log_create_ruleset(struct landlock_ruleset *const ruleset) { } +static inline void +landlock_log_restrict_self(struct landlock_ruleset *const domain, + struct landlock_ruleset *const ruleset) +{ +} + static inline void landlock_log_release_ruleset(const struct landlock_ruleset *const ruleset) { diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c index 373997a356e7..bfe5417a06c3 100644 --- a/security/landlock/syscalls.c +++ b/security/landlock/syscalls.c @@ -452,6 +452,10 @@ SYSCALL_DEFINE2(landlock_restrict_self, const int, ruleset_fd, const __u32, landlock_put_ruleset(new_llcred->domain); new_llcred->domain = new_dom; + // FIXME: Must be atomic between the ruleset merge and the audit log to + // be sure about the content of the domain. + // -> move mutex_lock() from merge_ruleset() into this function + landlock_log_restrict_self(new_dom, ruleset); landlock_put_ruleset(ruleset); return commit_creds(new_cred); -- 2.42.0