Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective... | linux-security-module

[RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants · Paul Moore <paul@paul-moore.com> · 2021-02-19
[RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Paul Moore <paul@paul-moore.com> · 2021-02-19
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · James Morris <jmorris@namei.org> · 2021-02-20
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Paul Moore <paul@paul-moore.com> · 2021-02-20
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Jeffrey Vander Stoep <hidden> · 2021-03-04
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Paul Moore <paul@paul-moore.com> · 2021-03-04
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Jeffrey Vander Stoep <hidden> · 2021-03-10
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Paul Moore <paul@paul-moore.com> · 2021-03-11
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · John Johansen <john.johansen@canonical.com> · 2021-02-21
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Paul Moore <paul@paul-moore.com> · 2021-02-21
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Paul Moore <paul@paul-moore.com> · 2021-03-04
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Paul Moore <paul@paul-moore.com> · 2021-03-10
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · John Johansen <john.johansen@canonical.com> · 2021-03-10
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Mimi Zohar <zohar@linux.ibm.com> · 2021-02-24
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Richard Guy Briggs <hidden> · 2021-03-08
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Paul Moore <paul@paul-moore.com> · 2021-03-10
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · John Johansen <john.johansen@canonical.com> · 2021-03-10
Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants · Paul Moore <paul@paul-moore.com> · 2021-03-11
[RFC PATCH 2/4] selinux: clarify task subjective and objective credentials · Paul Moore <paul@paul-moore.com> · 2021-02-19
Re: [RFC PATCH 2/4] selinux: clarify task subjective and objective credentials · John Johansen <john.johansen@canonical.com> · 2021-02-21
Re: [RFC PATCH 2/4] selinux: clarify task subjective and objective credentials · Richard Guy Briggs <hidden> · 2021-03-08
Re: [RFC PATCH 2/4] selinux: clarify task subjective and objective credentials · John Johansen <john.johansen@canonical.com> · 2021-03-10
Re: [RFC PATCH 2/4] selinux: clarify task subjective and objective credentials · Paul Moore <paul@paul-moore.com> · 2021-03-11
Re: [RFC PATCH 2/4] selinux: clarify task subjective and objective credentials · Paul Moore <paul@paul-moore.com> · 2021-03-17
[RFC PATCH 3/4] smack: differentiate between subjective and objective task credentials · Paul Moore <paul@paul-moore.com> · 2021-02-19
Re: [RFC PATCH 3/4] smack: differentiate between subjective and objective task credentials · John Johansen <john.johansen@canonical.com> · 2021-02-21
Re: [RFC PATCH 3/4] smack: differentiate between subjective and objective task credentials · Richard Guy Briggs <hidden> · 2021-03-08
Re: [RFC PATCH 3/4] smack: differentiate between subjective and objective task credentials · John Johansen <john.johansen@canonical.com> · 2021-03-10
[RFC PATCH 4/4] apparmor: differentiate between subjective and objective task credentials · Paul Moore <paul@paul-moore.com> · 2021-02-19
Re: [RFC PATCH 4/4] apparmor: differentiate between subjective and objective task credentials · John Johansen <john.johansen@canonical.com> · 2021-02-21
Re: [RFC PATCH 4/4] apparmor: differentiate between subjective and objective task credentials · Paul Moore <paul@paul-moore.com> · 2021-02-21
Re: [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants · Casey Schaufler <casey@schaufler-ca.com> · 2021-02-20
Re: [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants · Paul Moore <paul@paul-moore.com> · 2021-02-20
Re: [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants · Casey Schaufler <casey@schaufler-ca.com> · 2021-02-23
Re: [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants · Mimi Zohar <zohar@linux.ibm.com> · 2021-02-23
Re: [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants · Paul Moore <paul@paul-moore.com> · 2021-02-24
Re: [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants · Paul Moore <paul@paul-moore.com> · 2021-03-04
Re: [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants · Casey Schaufler <casey@schaufler-ca.com> · 2021-03-04
Re: [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants · Paul Moore <paul@paul-moore.com> · 2021-03-04

Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants

From: Paul Moore <paul@paul-moore.com>
Date: 2021-03-10 00:29:37
Also in: selinux

On Wed, Mar 3, 2021 at 7:44 PM Paul Moore [off-list ref] wrote:

On Sun, Feb 21, 2021 at 7:51 AM John Johansen
[off-list ref] wrote:

quoted

On 2/19/21 3:29 PM, Paul Moore wrote:

quoted

Of the three LSMs that implement the security_task_getsecid() LSM
hook, all three LSMs provide the task's objective security
credentials.  This turns out to be unfortunate as most of the hook's
callers seem to expect the task's subjective credentials, although
a small handful of callers do correctly expect the objective
credentials.

This patch is the first step towards fixing the problem: it splits
the existing security_task_getsecid() hook into two variants, one
for the subjective creds, one for the objective creds.

  void security_task_getsecid_subj(struct task_struct *p,
                                 u32 *secid);
  void security_task_getsecid_obj(struct task_struct *p,
                                u32 *secid);

While this patch does fix all of the callers to use the correct
variant, in order to keep this patch focused on the callers and to
ease review, the LSMs continue to use the same implementation for
both hooks.  The net effect is that this patch should not change
the behavior of the kernel in any way, it will be up to the latter
LSM specific patches in this series to change the hook
implementations and return the correct credentials.

Signed-off-by: Paul Moore <paul@paul-moore.com>

So far this looks good. I want to take another stab at it and give
it some testing

Checking in as I know you said you needed to fix/release the AppArmor
patch in this series ... is this patch still looking okay to you?  If
so, can I get an ACK at least on this patch?

Hi John,

Any objections if I merge the LSM, SELinux, and Smack patches into the
selinux/next tree so that we can start getting some wider testing?  If
I leave out my poor attempt at an AppArmor patch, the current in-tree
AppArmor code should behave exactly as it does today with the
apparmor_task_getsecid() function handling both the subjective and
objective creds.  I can always merge the AppArmor patch later when you
have it ready, or you can merge it via your AppArmor tree at a later
date.

-- 
paul moore
www.paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help