Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: 2024-01-27 11:23:51
Also in:
linux-fsdevel, linux-mm, lkml
On 2024/01/27 20:00, Tetsuo Handa wrote:
On 2024/01/27 16:04, Tetsuo Handa wrote:quoted
If we can accept revival of security_bprm_free(), we can "get rid of current->in_execve flag" and "stop saving things across two *independent* execve() calls".Oops, I found a bug in TOMOYO (and possibly in AppArmor as well). TOMOYO has to continue depending on current->in_execve flag even if security_bprm_free() is revived.
No. We can "get rid of current->in_execve flag" and "stop saving things across two *independent* execve() calls".
quoted hunk ↗ jump to hunk
@@ -327,9 +322,13 @@ static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, */ static int tomoyo_file_open(struct file *f) { - /* Don't check read permission here if called from execve(). */ - /* Illogically, FMODE_EXEC is in f_flags, not f_mode. */ - if (f->f_flags & __FMODE_EXEC) + /* + * Don't check read permission here if called from execve() for + * the first time of that execve() request, for execute permission + * will be checked at tomoyo_bprm_check_security() with argv/envp + * taken into account. + */ + if (current->in_execve && !tomoyo_task(current)->old_domain_info)
Since "f->f_flags & __FMODE_EXEC" == "current->in_execve", TOMOYO can continue using "f->f_flags & __FMODE_EXEC", provided that tomoyo_task(current)->old_domain_info is reset to NULL via security_bprm_free() callback when previous execve() request failed. That is, if security_bprm_free() is revived, we can also get rid of current->in_execve.