On Mon, 2021-02-22 at 15:58 -0800, Casey Schaufler wrote: > On 2/20/2021 6:41 AM, Paul Moore wrote: > > On Fri, Feb 19, 2021 at 8:49 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > >> On 2/19/2021 3:28 PM, Paul Moore wrote: > >>> As discussed briefly on the list (lore link below), we are a little > >>> sloppy when it comes to using task credentials, mixing both the > >>> subjective and object credentials. This patch set attempts to fix > >>> this by replacing security_task_getsecid() with two new hooks that > >>> return either the subjective (_subj) or objective (_obj) credentials. > >>> > >>> https://lore.kernel.org/linux-security-module/806848326.0ifERbkFSE@x2/T/ > >>> > >>> Casey and John, I made a quick pass through the Smack and AppArmor > >>> code in an effort to try and do the right thing, but I will admit > >>> that I haven't tested those changes, just the SELinux code. I > >>> would really appreciate your help in reviewing those changes. If > >>> you find it easier, feel free to wholesale replace my Smack/AppArmor > >>> patch with one of your own. > >> A quick test pass didn't show up anything obviously > >> amiss with the Smack changes. I have will do some more > >> through inspection, but they look fine so far. > > Thanks for testing it out and giving it a look. Beyond the Smack > > specific changes, I'm also interested in making sure all the hook > > callers are correct; I believe I made the correct substitutions, but a > > second (or third (or fourth ...)) set of eyes is never a bad idea. > > I'm still not seeing anything that looks wrong. I'd suggest that Mimi > have a look at the IMA bits. Thanks, Casey, Paul. The IMA changes look fine. IMA policy rules are normally written in terms of a file's LSM labels, the obj_type, so hopefully this change has minimal, if any, impact. Mimi