kernel/linux.git/security/apparmor/file.c, branch v4.14.263Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v4.14.2632017-10-26T17:35:35+00:00Revert "apparmor: add base infastructure for socket mediation"2017-10-26T17:35:35+00:00Linus Torvaldstorvalds@linux-foundation.org2017-10-26T17:35:35+00:00urn:sha1:80c094a47dd4ea63375e3f60b5e076064f16e857
This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e.
This caused a regression:
"The specific problem is that dnsmasq refuses to start on openSUSE Leap
42.2. The specific cause is that and attempt to open a PF_LOCAL socket
gets EACCES. This means that networking doesn't function on a system
with a 4.14-rc2 system."
Sadly, the developers involved seemed to be in denial for several weeks
about this, delaying the revert. This has not been a good release for
the security subsystem, and this area needs to change development
practices.
Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com>
Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Seth Arnold <seth.arnold@canonical.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
apparmor: add base infastructure for socket mediation2017-09-22T20:00:58+00:00John Johansenjohn.johansen@canonical.com2017-07-19T06:18:33+00:00urn:sha1:651e28c5537abb39076d3949fb7618536f1d242e
Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.
the user space rule hav the basic form of
NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
[ TYPE | PROTOCOL ]
DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
'vsock' | 'mpls' | 'ib' | 'kcm' ) ','
TYPE = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' |
'packet' )
PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )
eg.
network,
network inet,
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: put back designators in struct initialisers2017-06-28T05:50:43+00:00Stephen Rothwellsfr@canb.auug.org.au2017-06-20T04:50:36+00:00urn:sha1:c4758fa59285fe4dbfeab4364a6957936d040fbf
Fixes: 8014370f1257 ("apparmor: move path_link mediation to using labels")
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
apparmor: rework file permission to cache file access in file->ctx2017-06-11T00:11:44+00:00John Johansenjohn.johansen@canonical.com2017-06-09T23:19:02+00:00urn:sha1:496c93196654d3e604013d750b7047886af14506
This is a temporary step, towards using the file->ctx for delegation,
and also helps speed up file queries, until the permission lookup
cache is introduced.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: move path_link mediation to using labels2017-06-11T00:11:44+00:00John Johansenjohn.johansen@canonical.com2017-06-09T23:06:21+00:00urn:sha1:8014370f1257619226b79cb6de8e28563fbbc070
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: refactor path name lookup and permission checks around labels2017-06-11T00:11:43+00:00John Johansenjohn.johansen@canonical.com2017-06-09T23:02:25+00:00urn:sha1:aebd873e8d3e34757c9295eef074d1be229f5893
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: update aa_audit_file() to use labels2017-06-11T00:11:43+00:00John Johansenjohn.johansen@canonical.com2017-06-09T22:48:20+00:00urn:sha1:98c3d182321d489d8bfaa596127020ec3027edb2
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: move aa_file_perm() to use labels2017-06-11T00:11:42+00:00John Johansenjohn.johansen@canonical.com2017-06-09T21:59:51+00:00urn:sha1:190a95189eb9e2233ed71a85cd6dd0c8efc9d392
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: switch from profiles to using labels on contexts2017-06-11T00:11:38+00:00John Johansenjohn.johansen@canonical.com2017-06-09T15:14:28+00:00urn:sha1:637f688dc3dc304a89f441d76f49a0e35bc49c08
Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: revalidate files during exec2017-06-11T00:11:37+00:00John Johansenjohn.johansen@canonical.com2017-06-09T18:58:42+00:00urn:sha1:192ca6b55a866e838aee98d9cb6a0b5086467c03
Instead of running file revalidation lazily when read/write are called
copy selinux and revalidate the file table on exec. This avoids
extra mediation overhead in read/write and also prevents file handles
being passed through to a grand child unchecked.
Signed-off-by: John Johansen <john.johansen@canonical.com>