Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.12 2024-01-10T16:16:52+00:00 2024-01-10T16:16:52+00:00 John Johansen john.johansen@canonical.com 2023-12-18T09:10:03+00:00 urn:sha1:6d2e4e56576f37e8edbb4032778403a6423d99b6 [ Upstream commit 8026e40608b4d552216d2a818ca7080a4264bb44 ] Prevent move_mount from applying the attach_disconnected flag to move_mount(). This prevents detached mounts from appearing as / when applying mount mediation, which is not only incorrect but could result in bad policy being generated. Basic mount rules like allow mount, allow mount options=(move) -> /target/, will allow detached mounts, allowing older policy to continue to function. New policy gains the ability to specify `detached` as a source option allow mount detached -> /target/, In addition make sure support of move_mount is advertised as a feature to userspace so that applications that generate policy can respond to the addition. Note: this fixes mediation of move_mount when a detached mount is used, it does not fix the broader regression of apparmor mediation of mounts under the new mount api. Link: https://lore.kernel.org/all/68c166b8-5b4d-4612-8042-1dee3334385b@leemhuis.info/T/#mb35fdde37f999f08f0b02d58dc1bf4e6b65b8da2 Fixes: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-01-01T12:42:33+00:00 David Howells dhowells@redhat.com 2023-12-09T00:41:55+00:00 urn:sha1:afc360e8a1256acb7579a6f5b6f2c30b85b39301 [ Upstream commit 39299bdd2546688d92ed9db4948f6219ca1b9542 ] If a key has an expiration time, then when that time passes, the key is left around for a certain amount of time before being collected (5 mins by default) so that EKEYEXPIRED can be returned instead of ENOKEY. This is a problem for DNS keys because we want to redo the DNS lookup immediately at that point. Fix this by allowing key types to be marked such that keys of that type don't have this extra period, but are reclaimed as soon as they expire and turn this on for dns_resolver-type keys. To make this easier to handle, key->expiry is changed to be permanent if TIME64_MAX rather than 0. Furthermore, give such new-style negative DNS results a 1s default expiry if no other expiry time is set rather than allowing it to stick around indefinitely. This shouldn't be zero as ls will follow a failing stat call immediately with a second with AT_SYMLINK_NOFOLLOW added. Fixes: 1a4240f4764a ("DNS: Separate out CIFS DNS Resolver code") Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Markus Suvanto <markus.suvanto@gmail.com> cc: Wang Lei <wang840925@gmail.com> cc: Jeff Layton <jlayton@redhat.com> cc: Steve French <smfrench@gmail.com> cc: Marc Dionne <marc.dionne@auristor.com> cc: Jarkko Sakkinen <jarkko@kernel.org> cc: "David S. Miller" <davem@davemloft.net> cc: Eric Dumazet <edumazet@google.com> cc: Jakub Kicinski <kuba@kernel.org> cc: Paolo Abeni <pabeni@redhat.com> cc: linux-afs@lists.infradead.org cc: linux-cifs@vger.kernel.org cc: linux-nfs@vger.kernel.org cc: ceph-devel@vger.kernel.org cc: keyrings@vger.kernel.org cc: netdev@vger.kernel.org Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-12-20T16:01:51+00:00 Jens Axboe axboe@kernel.dk 2023-12-15T20:40:57+00:00 urn:sha1:207f135d819344c03333246f784f6666e652e081 commit ae1914174a63a558113e80d24ccac2773f9f7b2b upstream. This code is rarely (never?) enabled by distros, and it hasn't caught anything in decades. Let's kill off this legacy debug code. Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-11-28T17:20:07+00:00 John Johansen john.johansen@canonical.com 2023-09-10T10:35:22+00:00 urn:sha1:96af45154a0be30485ad07f70f852b1456cb13d7 [ Upstream commit 157a3537d6bc28ceb9a11fc8cb67f2152d860146 ] commit 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around") introduced a new move_mount(2) system call and a corresponding new LSM security_move_mount hook but did not implement this hook for any existing LSM. This creates a regression for AppArmor mediation of mount. This patch provides a base mapping of the move_mount syscall to the existing mount mediation. In the future we may introduce additional mediations around the new mount calls. Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around") CC: stable@vger.kernel.org Reported-by: Andreas Steinmetz <anstein99@googlemail.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 John Johansen john.johansen@canonical.com 2022-09-20T03:48:48+00:00 urn:sha1:690f33e1edf5cd996b54094409de0067ae3fa216 [ Upstream commit 90c436a64a6e20482a9a613c47eb4af2e8a5328e ] The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 John Johansen john.johansen@canonical.com 2022-09-19T07:46:09+00:00 urn:sha1:30b3669d40ad2400dfac75d1250596b5b0cb241b [ Upstream commit d20f5a1a6e792d22199c9989ec7ab9e95c48d60c ] rename audit_data's label field to subj_label to better reflect its use. Also at the same time drop unneeded assignments to ->subj_label as the later call to aa_check_perms will do the assignment if needed. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 John Johansen john.johansen@canonical.com 2022-09-14T07:20:12+00:00 urn:sha1:c57bc80f4508acd8c52bd89b01d324889065320d [ Upstream commit bd7bd201ca46c211c3ab251ca9854787d1331a2f ] Everywhere where common_audit_data is used apparmor audit_data is also used. We can simplify the code and drop the use of the aad macro everywhere by combining the two structures. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 Gaosheng Cui cuigaosheng1@huawei.com 2023-06-25T01:13:49+00:00 urn:sha1:75ae5a7883761087bdcc8d6a456fb1f174d34143 [ Upstream commit 25ff0ff2d6286928dc516c74b879809c691c2dd8 ] Fix kernel-doc warnings: security/apparmor/policy.c:294: warning: Function parameter or member 'proxy' not described in 'aa_alloc_profile' security/apparmor/policy.c:785: warning: Function parameter or member 'label' not described in 'aa_policy_view_capable' security/apparmor/policy.c:785: warning: Function parameter or member 'ns' not described in 'aa_policy_view_capable' security/apparmor/policy.c:847: warning: Function parameter or member 'ns' not described in 'aa_may_manage_policy' security/apparmor/policy.c:964: warning: Function parameter or member 'hname' not described in '__lookup_replace' security/apparmor/policy.c:964: warning: Function parameter or member 'info' not described in '__lookup_replace' security/apparmor/policy.c:964: warning: Function parameter or member 'noreplace' not described in '__lookup_replace' security/apparmor/policy.c:964: warning: Function parameter or member 'ns' not described in '__lookup_replace' security/apparmor/policy.c:964: warning: Function parameter or member 'p' not described in '__lookup_replace' Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 Gaosheng Cui cuigaosheng1@huawei.com 2023-06-25T01:13:46+00:00 urn:sha1:0e4721f553e287184634225c400d9433a9374c3d [ Upstream commit 13c1748e217078d437727eef333cb0387d13bc0e ] Fix kernel-doc warnings: security/apparmor/resource.c:111: warning: Function parameter or member 'label' not described in 'aa_task_setrlimit' security/apparmor/resource.c:111: warning: Function parameter or member 'new_rlim' not described in 'aa_task_setrlimit' security/apparmor/resource.c:111: warning: Function parameter or member 'resource' not described in 'aa_task_setrlimit' security/apparmor/resource.c:111: warning: Function parameter or member 'task' not described in 'aa_task_setrlimit' Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2023-11-28T17:20:07+00:00 Gaosheng Cui cuigaosheng1@huawei.com 2023-06-25T01:13:44+00:00 urn:sha1:73221ebe13d90d1d5ad96c1ef1825f84e961a02e [ Upstream commit 8921482286116af193980f04f2f2755775a410a5 ] Fix kernel-doc warnings: security/apparmor/lib.c:33: warning: Excess function parameter 'str' description in 'aa_free_str_table' security/apparmor/lib.c:33: warning: Function parameter or member 't' not described in 'aa_free_str_table' security/apparmor/lib.c:94: warning: Function parameter or member 'n' not described in 'skipn_spaces' security/apparmor/lib.c:390: warning: Excess function parameter 'deny' description in 'aa_check_perms' Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org>