Commit cbb51d2f authored by Stephen Rothwell's avatar Stephen Rothwell

Merge remote-tracking branch 'security/next-testing'

parents e69634bd f30160f9
...@@ -17,9 +17,8 @@ MAC extensions, other extensions can be built using the LSM to provide ...@@ -17,9 +17,8 @@ MAC extensions, other extensions can be built using the LSM to provide
specific changes to system operation when these tweaks are not available specific changes to system operation when these tweaks are not available
in the core functionality of Linux itself. in the core functionality of Linux itself.
Without a specific LSM built into the kernel, the default LSM will be the The Linux capabilities modules will always be included. This may be
Linux capabilities system. Most LSMs choose to extend the capabilities followed by any number of "minor" modules and at most one "major" module.
system, building their checks on top of the defined capability hooks.
For more details on capabilities, see ``capabilities(7)`` in the Linux For more details on capabilities, see ``capabilities(7)`` in the Linux
man-pages project. man-pages project.
...@@ -30,6 +29,14 @@ order in which checks are made. The capability module will always ...@@ -30,6 +29,14 @@ order in which checks are made. The capability module will always
be first, followed by any "minor" modules (e.g. Yama) and then be first, followed by any "minor" modules (e.g. Yama) and then
the one "major" module (e.g. SELinux) if there is one configured. the one "major" module (e.g. SELinux) if there is one configured.
Process attributes associated with "major" security modules should
be accessed and maintained using the special files in ``/proc/.../attr``.
A security module may maintain a module specific subdirectory there,
named after the module. ``/proc/.../attr/smack`` is provided by the Smack
security module and contains all its special files. The files directly
in ``/proc/.../attr`` remain as legacy interfaces for modules that provide
subdirectories.
.. toctree:: .. toctree::
:maxdepth: 1 :maxdepth: 1
......
...@@ -2319,6 +2319,10 @@ ...@@ -2319,6 +2319,10 @@
lsm.debug [SECURITY] Enable LSM initialization debugging output. lsm.debug [SECURITY] Enable LSM initialization debugging output.
lsm=lsm1,...,lsmN
[SECURITY] Choose order of LSM initialization. This
overrides CONFIG_LSM.
machvec= [IA-64] Force the use of a particular machine-vector machvec= [IA-64] Force the use of a particular machine-vector
(machvec) in a generic kernel. (machvec) in a generic kernel.
Example: machvec=hpzx1_swiotlb Example: machvec=hpzx1_swiotlb
......
...@@ -140,9 +140,13 @@ struct pid_entry { ...@@ -140,9 +140,13 @@ struct pid_entry {
#define REG(NAME, MODE, fops) \ #define REG(NAME, MODE, fops) \
NOD(NAME, (S_IFREG|(MODE)), NULL, &fops, {}) NOD(NAME, (S_IFREG|(MODE)), NULL, &fops, {})
#define ONE(NAME, MODE, show) \ #define ONE(NAME, MODE, show) \
NOD(NAME, (S_IFREG|(MODE)), \ NOD(NAME, (S_IFREG|(MODE)), \
NULL, &proc_single_file_operations, \ NULL, &proc_single_file_operations, \
{ .proc_show = show } ) { .proc_show = show } )
#define ATTR(LSM, NAME, MODE) \
NOD(NAME, (S_IFREG|(MODE)), \
NULL, &proc_pid_attr_operations, \
{ .lsm = LSM })
/* /*
* Count the number of hardlinks for the pid_entry table, excluding the . * Count the number of hardlinks for the pid_entry table, excluding the .
...@@ -2525,7 +2529,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, ...@@ -2525,7 +2529,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf,
if (!task) if (!task)
return -ESRCH; return -ESRCH;
length = security_getprocattr(task, length = security_getprocattr(task, PROC_I(inode)->op.lsm,
(char*)file->f_path.dentry->d_name.name, (char*)file->f_path.dentry->d_name.name,
&p); &p);
put_task_struct(task); put_task_struct(task);
...@@ -2574,7 +2578,9 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, ...@@ -2574,7 +2578,9 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
if (rv < 0) if (rv < 0)
goto out_free; goto out_free;
rv = security_setprocattr(file->f_path.dentry->d_name.name, page, count); rv = security_setprocattr(PROC_I(inode)->op.lsm,
file->f_path.dentry->d_name.name, page,
count);
mutex_unlock(&current->signal->cred_guard_mutex); mutex_unlock(&current->signal->cred_guard_mutex);
out_free: out_free:
kfree(page); kfree(page);
...@@ -2588,13 +2594,53 @@ static const struct file_operations proc_pid_attr_operations = { ...@@ -2588,13 +2594,53 @@ static const struct file_operations proc_pid_attr_operations = {
.llseek = generic_file_llseek, .llseek = generic_file_llseek,
}; };
#define LSM_DIR_OPS(LSM) \
static int proc_##LSM##_attr_dir_iterate(struct file *filp, \
struct dir_context *ctx) \
{ \
return proc_pident_readdir(filp, ctx, \
LSM##_attr_dir_stuff, \
ARRAY_SIZE(LSM##_attr_dir_stuff)); \
} \
\
static const struct file_operations proc_##LSM##_attr_dir_ops = { \
.read = generic_read_dir, \
.iterate = proc_##LSM##_attr_dir_iterate, \
.llseek = default_llseek, \
}; \
\
static struct dentry *proc_##LSM##_attr_dir_lookup(struct inode *dir, \
struct dentry *dentry, unsigned int flags) \
{ \
return proc_pident_lookup(dir, dentry, \
LSM##_attr_dir_stuff, \
ARRAY_SIZE(LSM##_attr_dir_stuff)); \
} \
\
static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \
.lookup = proc_##LSM##_attr_dir_lookup, \
.getattr = pid_getattr, \
.setattr = proc_setattr, \
}
#ifdef CONFIG_SECURITY_SMACK
static const struct pid_entry smack_attr_dir_stuff[] = {
ATTR("smack", "current", 0666),
};
LSM_DIR_OPS(smack);
#endif
static const struct pid_entry attr_dir_stuff[] = { static const struct pid_entry attr_dir_stuff[] = {
REG("current", S_IRUGO|S_IWUGO, proc_pid_attr_operations), ATTR(NULL, "current", 0666),
REG("prev", S_IRUGO, proc_pid_attr_operations), ATTR(NULL, "prev", 0444),
REG("exec", S_IRUGO|S_IWUGO, proc_pid_attr_operations), ATTR(NULL, "exec", 0666),
REG("fscreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations), ATTR(NULL, "fscreate", 0666),
REG("keycreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations), ATTR(NULL, "keycreate", 0666),
REG("sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations), ATTR(NULL, "sockcreate", 0666),
#ifdef CONFIG_SECURITY_SMACK
DIR("smack", 0555,
proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
#endif
}; };
static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx) static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)
......
...@@ -81,6 +81,7 @@ union proc_op { ...@@ -81,6 +81,7 @@ union proc_op {
int (*proc_show)(struct seq_file *m, int (*proc_show)(struct seq_file *m,
struct pid_namespace *ns, struct pid *pid, struct pid_namespace *ns, struct pid *pid,
struct task_struct *task); struct task_struct *task);
const char *lsm;
}; };
struct proc_inode { struct proc_inode {
......
...@@ -15,7 +15,6 @@ ...@@ -15,7 +15,6 @@
#include <linux/capability.h> #include <linux/capability.h>
#include <linux/init.h> #include <linux/init.h>
#include <linux/key.h> #include <linux/key.h>
#include <linux/selinux.h>
#include <linux/atomic.h> #include <linux/atomic.h>
#include <linux/uidgid.h> #include <linux/uidgid.h>
#include <linux/sched.h> #include <linux/sched.h>
......
...@@ -1286,7 +1286,7 @@ ...@@ -1286,7 +1286,7 @@
* @cred contains the credentials to use. * @cred contains the credentials to use.
* @ns contains the user namespace we want the capability in * @ns contains the user namespace we want the capability in
* @cap contains the capability <include/linux/capability.h>. * @cap contains the capability <include/linux/capability.h>.
* @audit contains whether to write an audit message or not * @opts contains options for the capable check <include/linux/security.h>
* Return 0 if the capability is granted for @tsk. * Return 0 if the capability is granted for @tsk.
* @syslog: * @syslog:
* Check permission before accessing the kernel message ring or changing * Check permission before accessing the kernel message ring or changing
...@@ -1462,8 +1462,10 @@ union security_list_options { ...@@ -1462,8 +1462,10 @@ union security_list_options {
const kernel_cap_t *effective, const kernel_cap_t *effective,
const kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
const kernel_cap_t *permitted); const kernel_cap_t *permitted);
int (*capable)(const struct cred *cred, struct user_namespace *ns, int (*capable)(const struct cred *cred,
int cap, int audit); struct user_namespace *ns,
int cap,
unsigned int opts);
int (*quotactl)(int cmds, int type, int id, struct super_block *sb); int (*quotactl)(int cmds, int type, int id, struct super_block *sb);
int (*quota_on)(struct dentry *dentry); int (*quota_on)(struct dentry *dentry);
int (*syslog)(int type); int (*syslog)(int type);
...@@ -2048,6 +2050,18 @@ struct security_hook_list { ...@@ -2048,6 +2050,18 @@ struct security_hook_list {
char *lsm; char *lsm;
} __randomize_layout; } __randomize_layout;
/*
* Security blob size or offset data.
*/
struct lsm_blob_sizes {
int lbs_cred;
int lbs_file;
int lbs_inode;
int lbs_ipc;
int lbs_msg_msg;
int lbs_task;
};
/* /*
* Initializing a security_hook_list structure takes * Initializing a security_hook_list structure takes
* up a lot of space in a source file. This macro takes * up a lot of space in a source file. This macro takes
...@@ -2063,9 +2077,21 @@ extern char *lsm_names; ...@@ -2063,9 +2077,21 @@ extern char *lsm_names;
extern void security_add_hooks(struct security_hook_list *hooks, int count, extern void security_add_hooks(struct security_hook_list *hooks, int count,
char *lsm); char *lsm);
#define LSM_FLAG_LEGACY_MAJOR BIT(0)
#define LSM_FLAG_EXCLUSIVE BIT(1)
enum lsm_order {
LSM_ORDER_FIRST = -1, /* This is only for capabilities. */
LSM_ORDER_MUTABLE = 0,
};
struct lsm_info { struct lsm_info {
const char *name; /* Required. */ const char *name; /* Required. */
enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */
unsigned long flags; /* Optional: flags describing LSM */
int *enabled; /* Optional: controlled by CONFIG_LSM */
int (*init)(void); /* Required. */ int (*init)(void); /* Required. */
struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */
}; };
extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
...@@ -2105,17 +2131,11 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, ...@@ -2105,17 +2131,11 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,
#define __lsm_ro_after_init __ro_after_init #define __lsm_ro_after_init __ro_after_init
#endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */
extern int __init security_module_enable(const char *module); extern int lsm_inode_alloc(struct inode *inode);
extern void __init capability_add_hooks(void);
#ifdef CONFIG_SECURITY_YAMA #ifdef CONFIG_SECURITY
extern void __init yama_add_hooks(void); void __init lsm_early_cred(struct cred *cred);
#else void __init lsm_early_task(struct task_struct *task);
static inline void __init yama_add_hooks(void) { }
#endif
#ifdef CONFIG_SECURITY_LOADPIN
void __init loadpin_add_hooks(void);
#else
static inline void loadpin_add_hooks(void) { };
#endif #endif
#endif /* ! __LINUX_LSM_HOOKS_H */ #endif /* ! __LINUX_LSM_HOOKS_H */
...@@ -57,9 +57,12 @@ struct fs_context; ...@@ -57,9 +57,12 @@ struct fs_context;
struct fs_parameter; struct fs_parameter;
enum fs_value_type; enum fs_value_type;
/* Default (no) options for the capable function */
#define CAP_OPT_NONE 0x0
/* If capable should audit the security request */ /* If capable should audit the security request */
#define SECURITY_CAP_NOAUDIT 0 #define CAP_OPT_NOAUDIT BIT(1)
#define SECURITY_CAP_AUDIT 1 /* If capable is being called by a setid function */
#define CAP_OPT_INSETID BIT(2)
/* LSM Agnostic defines for fs_context::lsm_flags */ /* LSM Agnostic defines for fs_context::lsm_flags */
#define SECURITY_LSM_NATIVE_LABELS 1 #define SECURITY_LSM_NATIVE_LABELS 1
...@@ -75,7 +78,7 @@ enum lsm_event { ...@@ -75,7 +78,7 @@ enum lsm_event {
/* These functions are in security/commoncap.c */ /* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns, extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, int audit); int cap, unsigned int opts);
extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
extern int cap_ptrace_traceme(struct task_struct *parent); extern int cap_ptrace_traceme(struct task_struct *parent);
...@@ -210,10 +213,10 @@ int security_capset(struct cred *new, const struct cred *old, ...@@ -210,10 +213,10 @@ int security_capset(struct cred *new, const struct cred *old,
const kernel_cap_t *effective, const kernel_cap_t *effective,
const kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
const kernel_cap_t *permitted); const kernel_cap_t *permitted);
int security_capable(const struct cred *cred, struct user_namespace *ns, int security_capable(const struct cred *cred,
int cap); struct user_namespace *ns,
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, int cap,
int cap); unsigned int opts);
int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry); int security_quota_on(struct dentry *dentry);
int security_syslog(int type); int security_syslog(int type);
...@@ -371,8 +374,10 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); ...@@ -371,8 +374,10 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd);
int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
unsigned nsops, int alter); unsigned nsops, int alter);
void security_d_instantiate(struct dentry *dentry, struct inode *inode); void security_d_instantiate(struct dentry *dentry, struct inode *inode);
int security_getprocattr(struct task_struct *p, char *name, char **value); int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
int security_setprocattr(const char *name, void *value, size_t size); char **value);
int security_setprocattr(const char *lsm, const char *name, void *value,
size_t size);
int security_netlink_send(struct sock *sk, struct sk_buff *skb); int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name); int security_ismaclabel(const char *name);
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
...@@ -467,14 +472,11 @@ static inline int security_capset(struct cred *new, ...@@ -467,14 +472,11 @@ static inline int security_capset(struct cred *new,
} }
static inline int security_capable(const struct cred *cred, static inline int security_capable(const struct cred *cred,
struct user_namespace *ns, int cap) struct user_namespace *ns,
int cap,
unsigned int opts)
{ {
return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT); return cap_capable(cred, ns, cap, opts);
}
static inline int security_capable_noaudit(const struct cred *cred,
struct user_namespace *ns, int cap) {
return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
} }
static inline int security_quotactl(int cmds, int type, int id, static inline int security_quotactl(int cmds, int type, int id,
...@@ -1128,15 +1130,18 @@ static inline int security_sem_semop(struct kern_ipc_perm *sma, ...@@ -1128,15 +1130,18 @@ static inline int security_sem_semop(struct kern_ipc_perm *sma,
return 0; return 0;
} }
static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) static inline void security_d_instantiate(struct dentry *dentry,
struct inode *inode)
{ } { }
static inline int security_getprocattr(struct task_struct *p, char *name, char **value) static inline int security_getprocattr(struct task_struct *p, const char *lsm,
char *name, char **value)
{ {
return -EINVAL; return -EINVAL;
} }
static inline int security_setprocattr(char *name, void *value, size_t size) static inline int security_setprocattr(const char *lsm, char *name,
void *value, size_t size)
{ {
return -EINVAL; return -EINVAL;
} }
......
/*
* SELinux services exported to the rest of the kernel.
*
* Author: James Morris <jmorris@redhat.com>
*
* Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
* Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
* Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
#ifndef _LINUX_SELINUX_H
#define _LINUX_SELINUX_H
struct selinux_audit_rule;
struct audit_context;
struct kern_ipc_perm;
#ifdef CONFIG_SECURITY_SELINUX
/**
* selinux_is_enabled - is SELinux enabled?
*/
bool selinux_is_enabled(void);
#else
static inline bool selinux_is_enabled(void)
{
return false;
}
#endif /* CONFIG_SECURITY_SELINUX */
#endif /* _LINUX_SELINUX_H */
...@@ -299,7 +299,7 @@ bool has_ns_capability(struct task_struct *t, ...@@ -299,7 +299,7 @@ bool has_ns_capability(struct task_struct *t,
int ret; int ret;
rcu_read_lock(); rcu_read_lock();
ret = security_capable(__task_cred(t), ns, cap); ret = security_capable(__task_cred(t), ns, cap, CAP_OPT_NONE);
rcu_read_unlock(); rcu_read_unlock();
return (ret == 0); return (ret == 0);
...@@ -340,7 +340,7 @@ bool has_ns_capability_noaudit(struct task_struct *t, ...@@ -340,7 +340,7 @@ bool has_ns_capability_noaudit(struct task_struct *t,
int ret; int ret;
rcu_read_lock(); rcu_read_lock();
ret = security_capable_noaudit(__task_cred(t), ns, cap); ret = security_capable(__task_cred(t), ns, cap, CAP_OPT_NOAUDIT);
rcu_read_unlock(); rcu_read_unlock();
return (ret == 0); return (ret == 0);
...@@ -363,7 +363,9 @@ bool has_capability_noaudit(struct task_struct *t, int cap) ...@@ -363,7 +363,9 @@ bool has_capability_noaudit(struct task_struct *t, int cap)
return has_ns_capability_noaudit(t, &init_user_ns, cap); return has_ns_capability_noaudit(t, &init_user_ns, cap);
} }
static bool ns_capable_common(struct user_namespace *ns, int cap, bool audit) static bool ns_capable_common(struct user_namespace *ns,
int cap,
unsigned int opts)
{ {
int capable; int capable;
...@@ -372,8 +374,7 @@ static bool ns_capable_common(struct user_namespace *ns, int cap, bool audit) ...@@ -372,8 +374,7 @@ static bool ns_capable_common(struct user_namespace *ns, int cap, bool audit)
BUG(); BUG();
} }
capable = audit ? security_capable(current_cred(), ns, cap) : capable = security_capable(current_cred(), ns, cap, opts);
security_capable_noaudit(current_cred(), ns, cap);
if (capable == 0) { if (capable == 0) {
current->flags |= PF_SUPERPRIV; current->flags |= PF_SUPERPRIV;
return true; return true;
...@@ -394,7 +395,7 @@ static bool ns_capable_common(struct user_namespace *ns, int cap, bool audit) ...@@ -394,7 +395,7 @@ static bool ns_capable_common(struct user_namespace *ns, int cap, bool audit)
*/ */
bool ns_capable(struct user_namespace *ns, int cap) bool ns_capable(struct user_namespace *ns, int cap)
{ {
return ns_capable_common(ns, cap, true); return ns_capable_common(ns, cap, CAP_OPT_NONE);
} }
EXPORT_SYMBOL(ns_capable); EXPORT_SYMBOL(ns_capable);
...@@ -412,7 +413,7 @@ EXPORT_SYMBOL(ns_capable); ...@@ -412,7 +413,7 @@ EXPORT_SYMBOL(ns_capable);
*/ */
bool ns_capable_noaudit(struct user_namespace *ns, int cap) bool ns_capable_noaudit(struct user_namespace *ns, int cap)
{ {
return ns_capable_common(ns, cap, false); return ns_capable_common(ns, cap, CAP_OPT_NOAUDIT);
} }
EXPORT_SYMBOL(ns_capable_noaudit); EXPORT_SYMBOL(ns_capable_noaudit);
...@@ -448,10 +449,11 @@ EXPORT_SYMBOL(capable); ...@@ -448,10 +449,11 @@ EXPORT_SYMBOL(capable);
bool file_ns_capable(const struct file *file, struct user_namespace *ns, bool file_ns_capable(const struct file *file, struct user_namespace *ns,
int cap) int cap)
{ {
if (WARN_ON_ONCE(!cap_valid(cap))) if (WARN_ON_ONCE(!cap_valid(cap)))
return false; return false;
if (security_capable(file->f_cred, ns, cap) == 0) if (security_capable(file->f_cred, ns, cap, CAP_OPT_NONE) == 0)
return true; return true;
return false; return false;
...@@ -500,10 +502,12 @@ bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns) ...@@ -500,10 +502,12 @@ bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns)
{ {
int ret = 0; /* An absent tracer adds no restrictions */ int ret = 0; /* An absent tracer adds no restrictions */
const struct cred *cred; const struct cred *cred;
rcu_read_lock(); rcu_read_lock();
cred = rcu_dereference(tsk->ptracer_cred); cred = rcu_dereference(tsk->ptracer_cred);
if (cred) if (cred)
ret = security_capable_noaudit(cred, ns, CAP_SYS_PTRACE); ret = security_capable(cred, ns, CAP_SYS_PTRACE,
CAP_OPT_NOAUDIT);
rcu_read_unlock(); rcu_read_unlock();
return (ret == 0); return (ret == 0);
} }
...@@ -760,19 +760,6 @@ bool creds_are_invalid(const struct cred *cred) ...@@ -760,19 +760,6 @@ bool creds_are_invalid(const struct cred *cred)
{ {
if (cred->magic != CRED_MAGIC) if (cred->magic != CRED_MAGIC)
return true; return true;
#ifdef CONFIG_SECURITY_SELINUX
/*
* cred->security == NULL if security_cred_alloc_blank() or
* security_prepare_creds() returned an error.
*/
if (selinux_is_enabled() && cred->security) {
if ((unsigned long) cred->security < PAGE_SIZE)
return true;
if ((*(u32 *)cred->security & 0xffffff00) ==
(POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
return true;
}
#endif
return false; return false;
} }
EXPORT_SYMBOL(creds_are_invalid); EXPORT_SYMBOL(creds_are_invalid);
......
...@@ -443,8 +443,8 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) ...@@ -443,8 +443,8 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog)
* behavior of privileged children. * behavior of privileged children.
*/ */
if (!task_no_new_privs(current) && if (!task_no_new_privs(current) &&
security_capable_noaudit(current_cred(), current_user_ns(), security_capable(current_cred(), current_user_ns(),
CAP_SYS_ADMIN) != 0) CAP_SYS_ADMIN, CAP_OPT_NOAUDIT) != 0)
return ERR_PTR(-EACCES); return ERR_PTR(-EACCES);
/* Allocate a new seccomp_filter */ /* Allocate a new seccomp_filter */
......
...@@ -239,42 +239,15 @@ source "security/yama/Kconfig" ...@@ -239,42 +239,15 @@ source "security/yama/Kconfig"
source "security/integrity/Kconfig" source "security/integrity/Kconfig"
choice config LSM
prompt "Default security module" string "Ordered list of enabled LSMs"
default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor"
default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
default DEFAULT_SECURITY_DAC
help help
Select the security module that will be used by default if the A comma-separated list of LSMs, in initialization order.
kernel parameter security= is not specified. Any LSMs left off this list will be ignored. This can be
controlled at boot with the "lsm=" parameter.
config DEFAULT_SECURITY_SELINUX
bool "SELinux" if SECURITY_SELINUX=y
config DEFAULT_SECURITY_SMACK
bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
config DEFAULT_SECURITY_TOMOYO
bool "TOMOYO" if SECURITY_TOMOYO=y
config DEFAULT_SECURITY_APPARMOR
bool "AppArmor" if SECURITY_APPARMOR=y
config DEFAULT_SECURITY_DAC
bool "Unix Discretionary Access Controls"
endchoice
config DEFAULT_SECURITY If unsure, leave this as the default.
string
default "selinux" if DEFAULT_SECURITY_SELINUX
default "smack" if DEFAULT_SECURITY_SMACK
default "tomoyo" if DEFAULT_SECURITY_TOMOYO
default "apparmor" if DEFAULT_SECURITY_APPARMOR
default "" if DEFAULT_SECURITY_DAC
endmenu endmenu
...@@ -14,22 +14,6 @@ config SECURITY_APPARMOR ...@@ -14,22 +14,6 @@ config SECURITY_APPARMOR
If you are unsure how to answer this question, answer N. If you are unsure how to answer this question, answer N.
config SECURITY_APPARMOR_BOOTPARAM_VALUE
int "AppArmor boot parameter default value"
depends on SECURITY_APPARMOR
range 0 1
default 1
help
This option sets the default value for the kernel parameter
'apparmor', which allows AppArmor to be enabled or disabled
at boot. If this option is set to 0 (zero), the AppArmor
kernel parameter will default to 0, disabling AppArmor at
boot. If this option is set to 1 (one), the AppArmor
kernel parameter will default to 1, enabling AppArmor at
boot.
If you are unsure how to answer this question, answer 1.
config SECURITY_APPARMOR_HASH config SECURITY_APPARMOR_HASH
bool "Enable introspection of sha1 hashes for loaded profiles" bool "Enable introspection of sha1 hashes for loaded profiles"
depends on SECURITY_APPARMOR depends on SECURITY_APPARMOR
......
...@@ -110,13 +110,13 @@ static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile, ...@@ -110,13 +110,13 @@ static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile,
* profile_capable - test if profile allows use of capability @cap * profile_capable - test if profile allows use of capability @cap
* @profile: profile being enforced (NOT NULL, NOT unconfined) * @profile: profile being enforced (NOT NULL, NOT unconfined)
* @cap: capability to test if allowed * @cap: capability to test if allowed
* @audit: whether an audit record should be generated * @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
* @sa: audit data (MAY BE NULL indicating no auditing) * @sa: audit data (MAY BE NULL indicating no auditing)
* *
* Returns: 0 if allowed else -EPERM * Returns: 0 if allowed else -EPERM
*/ */
static int profile_capable(struct aa_profile *profile, int cap, int audit, static int profile_capable(struct aa_profile *profile, int cap,
struct common_audit_data *sa) unsigned int opts, struct common_audit_data *sa)
{ {
int error;