kernel/linux.git/security/apparmor/net.c, branch v6.1.168Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.1.1682026-03-04T12:20:08+00:00apparmor: fix NULL sock in aa_sock_file_perm2026-03-04T12:20:08+00:00John Johansenjohn.johansen@canonical.com2025-11-24T23:07:42+00:00urn:sha1:c11b7c3280d000376e27ebfed17ec7046699eab4
[ Upstream commit 00b67657535dfea56e84d11492f5c0f61d0af297 ]
Deal with the potential that sock and sock-sk can be NULL during
socket setup or teardown. This could lead to an oops. The fix for NULL
pointer dereference in __unix_needs_revalidation shows this is at
least possible for af_unix sockets. While the fix for af_unix sockets
applies for newer mediation this is still the fall back path for older
af_unix mediation and other sockets, so ensure it is covered.
Fixes: 56974a6fcfef6 ("apparmor: add base infastructure for socket mediation")
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: add a kernel label to use on kernel objects2022-07-13T23:37:21+00:00John Johansenjohn.johansen@canonical.com2022-05-24T09:38:12+00:00urn:sha1:95c0581f9bfdfbe97126ba1c7f5650a9dd064dda
Separate kernel objects from unconfined. This is done so we can
distinguish between the two in debugging, auditing and in preparation
for being able to replace unconfined, which is not appropriate for the
kernel.
The kernel label will continue to behave similar to unconfined.
Acked-by: Jon Tourville <jon.tourville@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security: add const qualifier to struct sock in various places2020-12-03T20:56:03+00:00Florian Westphalfw@strlen.de2020-11-30T15:36:29+00:00urn:sha1:41dd9596d6b239a125c3d19f9d0ca90bdbfbf876
A followup change to tcp_request_sock_op would have to drop the 'const'
qualifier from the 'route_req' function as the
'security_inet_conn_request' call is moved there - and that function
expects a 'struct sock *'.
However, it turns out its also possible to add a const qualifier to
security_inet_conn_request instead.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: James Morris <jamorris@linux.microsoft.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
audit: purge audit_log_string from the intra-kernel audit API2020-07-21T15:12:31+00:00Richard Guy Briggsrgb@redhat.com2020-07-13T19:51:59+00:00urn:sha1:f1d9b23cabc61e58509164c3c3132556476491d2
audit_log_string() was inteded to be an internal audit function and
since there are only two internal uses, remove them. Purge all external
uses of it by restructuring code to use an existing audit_log_format()
or using audit_log_format().
Please see the upstream issue
https://github.com/linux-audit/audit-kernel/issues/84
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 4412019-06-05T15:37:17+00:00Thomas Gleixnertglx@linutronix.de2019-06-01T08:08:55+00:00urn:sha1:b886d83c5b621abc84ff9616f14c529be3f6b147
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation version 2 of the license
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 315 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Armijn Hemel <armijn@tjaldur.nl>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
apparmor: add #ifdef checks for secmark filtering2018-10-13T00:09:56+00:00Arnd Bergmannarnd@arndb.de2018-10-05T16:11:47+00:00urn:sha1:e1af4779617928efa84562de4de5dc071e7deb08
The newly added code fails to build when either SECMARK or
NETFILTER are disabled:
security/apparmor/lsm.c: In function 'apparmor_socket_sock_rcv_skb':
security/apparmor/lsm.c:1138:12: error: 'struct sk_buff' has no member named 'secmark'; did you mean 'mark'?
security/apparmor/lsm.c:1671:21: error: 'struct nf_hook_state' declared inside parameter list will not be visible outside of this definition or declaration [-Werror]
Add a set of #ifdef checks around it to only enable the code that
we can compile and that makes sense in that configuration.
Fixes: ab9f2115081a ("apparmor: Allow filtering based on secmark policy")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: Allow filtering based on secmark policy2018-10-03T13:18:55+00:00Matthew Garrettmjg59@google.com2018-05-24T20:27:47+00:00urn:sha1:ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f
Add support for dropping or accepting packets based on their secmark
tags.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: Fix network performance issue in aa_label_sk_perm2018-09-07T16:33:52+00:00Tony Jonestonyj@suse.de2018-09-07T04:33:57+00:00urn:sha1:5f997580e8b12b9f585e34cc16304925d26ce49e
The netperf benchmark shows a 5.73% reduction in throughput for
small (64 byte) transfers by unconfined tasks.
DEFINE_AUDIT_SK() in aa_label_sk_perm() should not be performed
unconditionally, rather only when the label is confined.
netperf-tcp
56974a6fc^ 56974a6fc
Min 64 563.48 ( 0.00%) 531.17 ( -5.73%)
Min 128 1056.92 ( 0.00%) 999.44 ( -5.44%)
Min 256 1945.95 ( 0.00%) 1867.97 ( -4.01%)
Min 1024 6761.40 ( 0.00%) 6364.23 ( -5.87%)
Min 2048 11110.53 ( 0.00%) 10606.20 ( -4.54%)
Min 3312 13692.67 ( 0.00%) 13158.41 ( -3.90%)
Min 4096 14926.29 ( 0.00%) 14457.46 ( -3.14%)
Min 8192 18399.34 ( 0.00%) 18091.65 ( -1.67%)
Min 16384 21384.13 ( 0.00%) 21158.05 ( -1.06%)
Hmean 64 564.96 ( 0.00%) 534.38 ( -5.41%)
Hmean 128 1064.42 ( 0.00%) 1010.12 ( -5.10%)
Hmean 256 1965.85 ( 0.00%) 1879.16 ( -4.41%)
Hmean 1024 6839.77 ( 0.00%) 6478.70 ( -5.28%)
Hmean 2048 11154.80 ( 0.00%) 10671.13 ( -4.34%)
Hmean 3312 13838.12 ( 0.00%) 13249.01 ( -4.26%)
Hmean 4096 15009.99 ( 0.00%) 14561.36 ( -2.99%)
Hmean 8192 18975.57 ( 0.00%) 18326.54 ( -3.42%)
Hmean 16384 21440.44 ( 0.00%) 21324.59 ( -0.54%)
Stddev 64 1.24 ( 0.00%) 2.85 (-130.64%)
Stddev 128 4.51 ( 0.00%) 6.53 ( -44.84%)
Stddev 256 11.67 ( 0.00%) 8.50 ( 27.16%)
Stddev 1024 48.33 ( 0.00%) 75.07 ( -55.34%)
Stddev 2048 54.82 ( 0.00%) 65.16 ( -18.86%)
Stddev 3312 153.57 ( 0.00%) 56.29 ( 63.35%)
Stddev 4096 100.25 ( 0.00%) 88.50 ( 11.72%)
Stddev 8192 358.13 ( 0.00%) 169.99 ( 52.54%)
Stddev 16384 43.99 ( 0.00%) 141.82 (-222.39%)
Signed-off-by: Tony Jones <tonyj@suse.de>
Fixes: 56974a6fcfef ("apparmor: add base infastructure for socket
mediation")
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: add base infastructure for socket mediation2018-03-14T00:25:48+00:00John Johansenjohn.johansen@canonical.com2017-07-19T06:18:33+00:00urn:sha1:56974a6fcfef69ee0825bd66ed13e92070ac5224
version 2 - Force an abi break. Network mediation will only be
available in v8 abi complaint policy.
Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.
the user space rule hav the basic form of
NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
[ TYPE | PROTOCOL ]
DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
'vsock' | 'mpls' | 'ib' | 'kcm' ) ','
TYPE = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' |
'packet' )
PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )
eg.
network,
network inet,
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Revert "apparmor: add base infastructure for socket mediation"2017-10-26T17:35:35+00:00Linus Torvaldstorvalds@linux-foundation.org2017-10-26T17:35:35+00:00urn:sha1:80c094a47dd4ea63375e3f60b5e076064f16e857
This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e.
This caused a regression:
"The specific problem is that dnsmasq refuses to start on openSUSE Leap
42.2. The specific cause is that and attempt to open a PF_LOCAL socket
gets EACCES. This means that networking doesn't function on a system
with a 4.14-rc2 system."
Sadly, the developers involved seemed to be in denial for several weeks
about this, delaying the revert. This has not been a good release for
the security subsystem, and this area needs to change development
practices.
Reported-and-bisected-by: James Bottomley <James.Bottomley@hansenpartnership.com>
Tracked-by: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Seth Arnold <seth.arnold@canonical.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>