| Message ID | 20221025184519.13231-5-casey@schaufler-ca.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp1161911wru;
Tue, 25 Oct 2022 11:48:58 -0700 (PDT)
X-Google-Smtp-Source:
AMsMyM4gzqhIQMluFwjEd+8T9ksZ7u4FrP50ZSHJGGJseQ7JAwW4B6zJX6YQQnCzXsb6E43A30gd
X-Received: by 2002:a63:5164:0:b0:43b:e57c:a15f with SMTP id
r36-20020a635164000000b0043be57ca15fmr33452394pgl.586.1666723738460;
Tue, 25 Oct 2022 11:48:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666723738; cv=none;
d=google.com; s=arc-20160816;
b=AZTLhnQoQY/3oYWo2fYtZI7O2FVK5YILj6vOvq3FcxjotMhUwko5qD8dMFi1GpC0y7
cbcyMdlXcij4ZkNOHgyyPVU2qfonTvR+EyaivFSBpr7r73DdKxh7kNWIupZvqtiVbvTC
VHZ9CkvPpEpRtAcGOC5WqMKa6juSW5bPALJ39TlCy8n3rK7aEYJ1UW3a67F9R0odhAhe
sfs6Xa962e3W5SufAB8e0a9iF1HarRs73nX1Gcpy8H9viYWfpCZIazSzzScF09L43Z2B
2QTL1EvpMGeLIv9ZswzPn/yAlk2segeFO3VmSPm4YgTAj4fQQ4F0LsQyz3ab9ZKOfegF
qe2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=Df7bQuU86RtfRmA6zmLEew+17FaTUT67EczNgrIKLuU=;
b=wbOHtOTHUJY19HjR/djMniJWPvxFGPNtWGMMyiXKXIEz792VnrtV30RZv7QmaTla6R
PnPoWelLL9dwULftVNvxJ/xatfCYJ0QNM3MZvnzbS4I7dIPWPuOsRs9VkZczkvh936Y7
3KxZiWElya5RU+E3+fyQNVp8yqmKKbLlCYvZDX67QlAkAdNaOGcnTY88RPet9TVmi3Al
bgp0/RtZ2TOH02wq5zEu+r7oLKgRTAj5e1wpdLKKjZBhhWiVZrwDMTpPW8onGEIanhoi
5cVkf8C7mGODaMS4HXZgQXrXCJ8wBUd1UKR57q7EQLIrn1Q794kcre70luRePO4Hhgox
wPqQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@yahoo.com header.s=s2048 header.b=Marrr2ww;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
k3-20020a170902c40300b00186c3afbd25si3163808plk.349.2022.10.25.11.48.42;
Tue, 25 Oct 2022 11:48:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@yahoo.com header.s=s2048 header.b=Marrr2ww;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232963AbiJYSrf (ORCPT <rfc822;pwkd43@gmail.com> + 99 others);
Tue, 25 Oct 2022 14:47:35 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48166 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233037AbiJYSrK (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 25 Oct 2022 14:47:10 -0400
Received: from sonic308-15.consmr.mail.ne1.yahoo.com
(sonic308-15.consmr.mail.ne1.yahoo.com [66.163.187.38])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F277DE5ED7
for <linux-kernel@vger.kernel.org>;
Tue, 25 Oct 2022 11:47:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1666723622; bh=Df7bQuU86RtfRmA6zmLEew+17FaTUT67EczNgrIKLuU=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
b=Marrr2wwAhXAjdt1DKtepS/1MIuYV+fAxWJpPp+4EuyFRkTia9dWWfGWtHSvt1BRtz1AE39fS4HLFTjUwn2S8wmLQd1e8SCLm6yWwjEPBLiagWN7XziaqYr9UOt3xjb1PL7thyPNQc533305goGqB2ty4ejXxbQ7riNBfYDi0DsUr9yl/2Tr/VIq52ze0dJV8LNLgliC9fKzo0SP5gX8mSGUVaPd4cG0v8i2uHtbVD7plXmozyErq6pdtIqEPkEp4rBDhaClgMWcg9Y9CYWZEYMOSoc5uP+bqUyxh0VEcqbuX/AW+Q+zsPUZ2rxh1us+Far6bf9cAMeN2TrOaUcXLw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1666723622; bh=2+qxWdlvbDrXZH4AZuQxgBlCvBcOsyXmDdIdkkqYg8T=;
h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
b=RkTunHKN3ZTpKpuV9WN/0eN2p6Cjp8vfFKtr7Sjnm6XWcYZKp86jtQ2GCfkSptzb3wp7js6yEDDbd/L0tWM2Iswh8b1mN8TTk+OEIK9OSDgcFhEYAmHT/l87F+Al/eFlXykQmRvpAJSAiqVY7nkhDpeX3b2gaYUNzS1wdA4IsM7OnBp8FhcfKR95huMBpkdpWkpxvs1qiALbfVzjBUNdptXbUu4OPp7bM5OpebjHnbjy/JrXrs5xQ6G1Sqjo3pUZK8PANo/fZW1lNb+zfVGWct+s5Ni+Fl/w/11dgO6KKK2wLQOchXDPS6N/QEhAROfvRThasbknbF9bI3mW3ECYrQ==
X-YMail-OSG: Qae11hcVM1l7mtaIMdkZNBuhFEqNOMGmC3vof1l.q25LV0RTuo0a1qzR8Ldlpzq
IM8oWysWCXDpXLFk7iO8ttoGqVBVOlvUFsCvwmafwywmafAB6n6Gv.BcI3S63nkaAC5u38C9THxA
_g.VfecuosWTs7HuDj6SThvAt_whUlGGa_zOf7N2qCJ4WP_xP2ZBWHop6MzRMSI6HWL2WkYAPjzl
zlhTgr0_HraNibXgmhLbCZBeljVEE7AuKJGM1fdFL9XsQI.rPgHVzncRvln.PXzRQ8J_BH7ji0mG
Ff8GogrV.4.rrhURevmZvOc6eb99a48iqkW.nyCQEFzl3kDUEScWaqJ..4ipc5YACZly1ORagw6I
CcmDCx5Oe_Iv05Ct1gGtNS9V.iwDTMhyymeffwJ.RfJ0dpzmjhXo4g_JQOatbg2UTHuFQ8XhTIY.
tuhzHvpCcY9udpAtbTzimu.64lU_4RQ6ddNhqGQtMBtYqtQg0ug.VIogr.RtOVhanGZ3LMMoW5RH
75Y.BWwmgSH0TtwffEzF1UkMdw9Si.cs3jbLOO9S5zGNu3WmWlkhUphQZf9xg.BqYTx8M8YOETsk
GpGqr3FcJ.64_xEDGJn6Klom95uiZ.HdreV9MVZyHLglYAzwZaPQtPiTmzCRxMm8ITeVuqxrixs0
5iUq2_wzRCngbN9F.7EJkQ6fattPkG98KQMLSUdDYtUXupgPJ3H3nRqeMzchvWnIywAT0RaPcAil
O7fxUCUBtax32EVQ7N21CcvPU2YeH0xf0QihD8xEttIMmeAkYN5edAa0JInELQZIhIkcA2fa2qX4
720jI9V7I6ND1sOqTWDm9128qWDAYaz6vyFbv0qjNY_e9A26gDdV0tPyC52pbFPzqJOfCXrfSpeX
t5XRTgALq01juw7xJPJqYh39eoXWtew7t_UlkG_QDaMr0wKOWhkdSBh50ClyCmwAzgCKr.YG5aKh
hdndUwHF4Mk047wLcQtqRMhb0pr2Y7tntnwBnG1aojPqEG.LcsW3G2wV2aBBA611oDjW4hHAMrxK
tOWGUVPXdw9QlcRqK9loQt9KluqEEl2zMXFwZqvVq2FIJ6D_cPuhOmvXo_GByC2LNumZBWrB2tc6
5_iabRkydANTDXzS2Q__ZIbSKNMYWWNymSCSW3w9I63sYh69W.1bm.8cq9gOjLrYFx4AKCj3iUTH
QEvGlh9EqariDn5e1ACIzVXbLV9DDwf3CY374U0w8Fy.o4Myz7uYeC.Vm1pwLlgTTsVfVOipCJqD
cH2ei1ux8Py19A5_XwUUAmuTX2I_2Cpaepw_OyGHG.6RpcUu0zSfrqQ89dm7tI3mRmNGQPlXX3fm
fdxcC1V8tk4MOBL0hWFVtEiSNNAsXLB7BqSG3pq1DFLbIefdPrCCIBJlfvNMDAFPI_fGhglHt8lz
Z99G9YYkRvNpp6cWikQkcsNSmHHZtUESZTQbbJ4jkrGtFSUGXi7bFHDzTppaKWdiQMoyt4Zp6rvw
4oHL_z78rShY45WHoyElhGX0bGPygXOoRJ.w8k1mDtevayrQQEWkQobBWxSH_89sNX82JuEZiFdA
k10a.I.cE._qVV50dkgLv6ThPU9tCXRv9tNdyJSfPxvnk7b_tmjrT_gudh_liAZUNS25KZOYIH8i
c0pdh9IoCgyWpGCHrcx9dJwCynBYwNJ_mIjwPAikIdRZ2JJo70Y126C.V9K4FqDX1NFVFPOt4p74
xz54wG3WGRkH61WBEvLBTGdf4_DC3C5LnknueAKnMEwVnU5vdiLbwRLHbTSX2kD3hB46iaT5wseK
TGqpmh0AeDygIdVO5QesIDdZgUBJvLlhP2YPNTuo03WFjNqeiQYDCdZNuKjCNyif4DAVfcSnF1_5
Dpb7e6NAt.9UzN_Pph5IeZSVIkii2JwNxQN7z0zO.LxnDxDMhS2LueY3hvmuEh.fWBHOumVp5MY2
VWKnFvnIY1HkyU7bGNBMeVQrQ9XfhSw5OL07A4T8.uJQmjh_BvQxNIZJNmG0TLOrt8F12dz5czk.
Y4HsNWcn1cL5VX9kjGFC69ShwfPtLI0uDbpdvl2PbTBM4d06hIMG18dawFY.kL8qZjB4FfSkFOZq
Qn28HuBtLlZ_g5juCuG24CX9P4pwfovw6VZwMigxn.qrLnIVS1vPbfMw8sTD4HJxxvb4soDzmUUP
.YSVabc5TW7JanMn9KXPKGgGCmFKYdoRy.F67CtnVmHM6VXRsX4zEXeRDOBL9MgLfsUFsxbF6Y2B
2kQGEEH_PavyW34hJCmX9Kagb1uefA.Ojgo463RGOKn6P
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic308.consmr.mail.ne1.yahoo.com with HTTP; Tue, 25 Oct 2022 18:47:02 +0000
Received: by hermes--production-ne1-c47ffd5f5-mfswp (Yahoo Inc. Hermes SMTP
Server) with ESMTPA ID 6ff43769a0d5883148e3027385165ea8;
Tue, 25 Oct 2022 18:47:01 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, paul@paul-moore.com,
linux-security-module@vger.kernel.org
Cc: casey@schaufler-ca.com, jmorris@namei.org, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, mic@digikod.net
Subject: [PATCH v1 4/8] LSM: Maintain a table of LSM attribute data
Date: Tue, 25 Oct 2022 11:45:15 -0700
Message-Id: <20221025184519.13231-5-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.37.3
In-Reply-To: <20221025184519.13231-1-casey@schaufler-ca.com>
References: <20221025184519.13231-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1747686510704408162?=
X-GMAIL-MSGID: =?utf-8?q?1747686510704408162?=
|
| Series |
LSM: Two basic syscalls
|
|
Commit Message
Casey Schaufler
Oct. 25, 2022, 6:45 p.m. UTC
As LSMs are registered add their lsm_id pointers to a table.
This will be used later for attribute reporting.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
include/linux/security.h | 17 +++++++++++++++++
security/security.c | 18 ++++++++++++++++++
2 files changed, 35 insertions(+)
Comments
On Tue, Oct 25, 2022 at 11:45:15AM -0700, Casey Schaufler wrote: > As LSMs are registered add their lsm_id pointers to a table. > This will be used later for attribute reporting. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > --- > include/linux/security.h | 17 +++++++++++++++++ > security/security.c | 18 ++++++++++++++++++ > 2 files changed, 35 insertions(+) > > diff --git a/include/linux/security.h b/include/linux/security.h > index ca1b7109c0db..e1678594d983 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -138,6 +138,23 @@ enum lockdown_reason { > > extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; > > +#define LSMID_ENTRIES ( \ > + 1 + /* capabilities */ \ No #define for capabilities? > + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ > + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) > + > +extern int lsm_id; u64? thanks, greg k-h
On 10/25/2022 11:00 PM, Greg KH wrote: > On Tue, Oct 25, 2022 at 11:45:15AM -0700, Casey Schaufler wrote: >> As LSMs are registered add their lsm_id pointers to a table. >> This will be used later for attribute reporting. >> >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> >> --- >> include/linux/security.h | 17 +++++++++++++++++ >> security/security.c | 18 ++++++++++++++++++ >> 2 files changed, 35 insertions(+) >> >> diff --git a/include/linux/security.h b/include/linux/security.h >> index ca1b7109c0db..e1678594d983 100644 >> --- a/include/linux/security.h >> +++ b/include/linux/security.h >> @@ -138,6 +138,23 @@ enum lockdown_reason { >> >> extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; >> >> +#define LSMID_ENTRIES ( \ >> + 1 + /* capabilities */ \ > No #define for capabilities? Nope. There isn't one. CONFIG_SECURITY takes care of it. >> + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ >> + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) >> + >> +extern int lsm_id; > u64? u32. I doubt we'll get more than 32K security modules. > > thanks, > > greg k-h
On Wed, Oct 26, 2022 at 05:38:21PM -0700, Casey Schaufler wrote: > On 10/25/2022 11:00 PM, Greg KH wrote: > > On Tue, Oct 25, 2022 at 11:45:15AM -0700, Casey Schaufler wrote: > >> As LSMs are registered add their lsm_id pointers to a table. > >> This will be used later for attribute reporting. > >> > >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > >> --- > >> include/linux/security.h | 17 +++++++++++++++++ > >> security/security.c | 18 ++++++++++++++++++ > >> 2 files changed, 35 insertions(+) > >> > >> diff --git a/include/linux/security.h b/include/linux/security.h > >> index ca1b7109c0db..e1678594d983 100644 > >> --- a/include/linux/security.h > >> +++ b/include/linux/security.h > >> @@ -138,6 +138,23 @@ enum lockdown_reason { > >> > >> extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; > >> > >> +#define LSMID_ENTRIES ( \ > >> + 1 + /* capabilities */ \ > > No #define for capabilities? > > Nope. There isn't one. CONFIG_SECURITY takes care of it. > > >> + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ > >> + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) > >> + > >> +extern int lsm_id; > > u64? > > u32. I doubt we'll get more than 32K security modules. These should be bits, not values, right? Wait, this magic entry value is going to change depeneding on what is, or is not, enabled. How is that a stable user/kernel api at all? confused. greg k-h
On 10/26/2022 11:29 PM, Greg KH wrote: > On Wed, Oct 26, 2022 at 05:38:21PM -0700, Casey Schaufler wrote: >> On 10/25/2022 11:00 PM, Greg KH wrote: >>> On Tue, Oct 25, 2022 at 11:45:15AM -0700, Casey Schaufler wrote: >>>> As LSMs are registered add their lsm_id pointers to a table. >>>> This will be used later for attribute reporting. >>>> >>>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> >>>> --- >>>> include/linux/security.h | 17 +++++++++++++++++ >>>> security/security.c | 18 ++++++++++++++++++ >>>> 2 files changed, 35 insertions(+) >>>> >>>> diff --git a/include/linux/security.h b/include/linux/security.h >>>> index ca1b7109c0db..e1678594d983 100644 >>>> --- a/include/linux/security.h >>>> +++ b/include/linux/security.h >>>> @@ -138,6 +138,23 @@ enum lockdown_reason { >>>> >>>> extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; >>>> >>>> +#define LSMID_ENTRIES ( \ >>>> + 1 + /* capabilities */ \ >>> No #define for capabilities? >> Nope. There isn't one. CONFIG_SECURITY takes care of it. >> >>>> + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ >>>> + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) >>>> + >>>> +extern int lsm_id; >>> u64? >> u32. I doubt we'll get more than 32K security modules. > These should be bits, not values, right? lsm_id is the count of security modules that are registered. It seemed like a good name for the value at the time, but as it's causing confusion I should probably change it. > Wait, this magic entry value is going to change depeneding on what is, > or is not, enabled. How is that a stable user/kernel api at all? > > confused. I'll clarify. This patch isn't implementing an API, but is required by subsequent patches that do. Does linux-api want to see patches that are in support of APIs, or just those with actual API implementation? Thank you. > greg k-h
On Thu, Oct 27, 2022 at 10:08:23AM -0700, Casey Schaufler wrote: > On 10/26/2022 11:29 PM, Greg KH wrote: > > On Wed, Oct 26, 2022 at 05:38:21PM -0700, Casey Schaufler wrote: > >> On 10/25/2022 11:00 PM, Greg KH wrote: > >>> On Tue, Oct 25, 2022 at 11:45:15AM -0700, Casey Schaufler wrote: > >>>> As LSMs are registered add their lsm_id pointers to a table. > >>>> This will be used later for attribute reporting. > >>>> > >>>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > >>>> --- > >>>> include/linux/security.h | 17 +++++++++++++++++ > >>>> security/security.c | 18 ++++++++++++++++++ > >>>> 2 files changed, 35 insertions(+) > >>>> > >>>> diff --git a/include/linux/security.h b/include/linux/security.h > >>>> index ca1b7109c0db..e1678594d983 100644 > >>>> --- a/include/linux/security.h > >>>> +++ b/include/linux/security.h > >>>> @@ -138,6 +138,23 @@ enum lockdown_reason { > >>>> > >>>> extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; > >>>> > >>>> +#define LSMID_ENTRIES ( \ > >>>> + 1 + /* capabilities */ \ > >>> No #define for capabilities? > >> Nope. There isn't one. CONFIG_SECURITY takes care of it. > >> > >>>> + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ > >>>> + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) > >>>> + > >>>> +extern int lsm_id; > >>> u64? > >> u32. I doubt we'll get more than 32K security modules. > > These should be bits, not values, right? > > lsm_id is the count of security modules that are registered. > It seemed like a good name for the value at the time, but as > it's causing confusion I should probably change it. Yeah, that's confusing. "lsm_num_availble" might be better. > > Wait, this magic entry value is going to change depeneding on what is, > > or is not, enabled. How is that a stable user/kernel api at all? > > > > confused. > > I'll clarify. > > This patch isn't implementing an API, but is required by subsequent > patches that do. Does linux-api want to see patches that are in support > of APIs, or just those with actual API implementation? There's nothing wrong with seeing this patch, I was just confused as it seemed to be a user facing api. It wasn't obvious to me, sorry. greg k-h
On Wed, Oct 26, 2022 at 8:38 PM Casey Schaufler <casey@schaufler-ca.com> wrote: > On 10/25/2022 11:00 PM, Greg KH wrote: > > On Tue, Oct 25, 2022 at 11:45:15AM -0700, Casey Schaufler wrote: > >> As LSMs are registered add their lsm_id pointers to a table. > >> This will be used later for attribute reporting. > >> > >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > >> --- > >> include/linux/security.h | 17 +++++++++++++++++ > >> security/security.c | 18 ++++++++++++++++++ > >> 2 files changed, 35 insertions(+) > >> > >> diff --git a/include/linux/security.h b/include/linux/security.h > >> index ca1b7109c0db..e1678594d983 100644 > >> --- a/include/linux/security.h > >> +++ b/include/linux/security.h > >> @@ -138,6 +138,23 @@ enum lockdown_reason { > >> > >> extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; > >> > >> +#define LSMID_ENTRIES ( \ > >> + 1 + /* capabilities */ \ > > No #define for capabilities? > > Nope. There isn't one. CONFIG_SECURITY takes care of it. I guess we might as well use the existing pattern just in case this header ever gets pulled into somewhere unexpected. (IS_ENABLED(CONFIG_SECURITY) ? 1 : 0) + ... -- paul-moore.com
On Thu, Oct 27, 2022 at 1:14 PM Greg KH <gregkh@linuxfoundation.org> wrote: > On Thu, Oct 27, 2022 at 10:08:23AM -0700, Casey Schaufler wrote: > > On 10/26/2022 11:29 PM, Greg KH wrote: > > > On Wed, Oct 26, 2022 at 05:38:21PM -0700, Casey Schaufler wrote: > > >> On 10/25/2022 11:00 PM, Greg KH wrote: > > >>> On Tue, Oct 25, 2022 at 11:45:15AM -0700, Casey Schaufler wrote: > > >>>> As LSMs are registered add their lsm_id pointers to a table. > > >>>> This will be used later for attribute reporting. > > >>>> > > >>>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > > >>>> --- > > >>>> include/linux/security.h | 17 +++++++++++++++++ > > >>>> security/security.c | 18 ++++++++++++++++++ > > >>>> 2 files changed, 35 insertions(+) > > >>>> > > >>>> diff --git a/include/linux/security.h b/include/linux/security.h > > >>>> index ca1b7109c0db..e1678594d983 100644 > > >>>> --- a/include/linux/security.h > > >>>> +++ b/include/linux/security.h > > >>>> @@ -138,6 +138,23 @@ enum lockdown_reason { > > >>>> > > >>>> extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; > > >>>> > > >>>> +#define LSMID_ENTRIES ( \ > > >>>> + 1 + /* capabilities */ \ > > >>> No #define for capabilities? > > >> Nope. There isn't one. CONFIG_SECURITY takes care of it. > > >> > > >>>> + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ > > >>>> + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) > > >>>> + > > >>>> +extern int lsm_id; > > >>> u64? > > >> u32. I doubt we'll get more than 32K security modules. > > > These should be bits, not values, right? > > > > lsm_id is the count of security modules that are registered. > > It seemed like a good name for the value at the time, but as > > it's causing confusion I should probably change it. > > Yeah, that's confusing. "lsm_num_availble" might be better. Yes, this really should be named something else. I'm partial to "lsm_count" as it is shorter than the other suggestion, but this is hardly something to worry too much about. -- paul-moore.com
diff --git a/include/linux/security.h b/include/linux/security.h index ca1b7109c0db..e1678594d983 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -138,6 +138,23 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +#define LSMID_ENTRIES ( \ + 1 + /* capabilities */ \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0)) + +extern int lsm_id; +extern struct lsm_id *lsm_idlist[]; + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); diff --git a/security/security.c b/security/security.c index b2eb0ccd954b..bf206996a2af 100644 --- a/security/security.c +++ b/security/security.c @@ -28,6 +28,7 @@ #include <linux/backing-dev.h> #include <linux/string.h> #include <linux/msg.h> +#include <uapi/linux/lsm.h> #include <net/flow.h> #define MAX_LSM_EVM_XATTR 2 @@ -320,6 +321,12 @@ static void __init lsm_early_task(struct task_struct *task); static int lsm_append(const char *new, char **result); +/* + * Current index to use while initializing the lsm id list. + */ +int lsm_id __lsm_ro_after_init; +struct lsm_id *lsm_idlist[LSMID_ENTRIES] __lsm_ro_after_init; + static void __init ordered_lsm_init(void) { struct lsm_info **lsm; @@ -364,6 +371,7 @@ static void __init ordered_lsm_init(void) for (lsm = ordered_lsms; *lsm; lsm++) initialize_lsm(*lsm); + init_debug("lsm count = %d\n", lsm_id); kfree(ordered_lsms); } @@ -485,6 +493,16 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, { int i; + /* + * A security module may call security_add_hooks() more + * than once. Landlock is one such case. + */ + if (lsm_id == 0 || lsm_idlist[lsm_id - 1] != lsmid) + lsm_idlist[lsm_id++] = lsmid; + + if (lsm_id > LSMID_ENTRIES) + panic("%s Too many LSMs registered.\n", __func__); + for (i = 0; i < count; i++) { hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);