Hi Linus,
Below is the SELinux pull request for v5.16 with a note about merge
conflicts following the highlight reel (you'll see something similar
on the audit pull request, and hopefully the io_uring and block/dm
trees but I have no idea if they track the LSM/audit work - likely
not).
** Highlights
- Add LSM/SELinux/Smack controls and auditing for io-uring. As usual,
the individual commit descriptions have more detail, but we were
basically missing two things which we're adding here: establishment of
a proper audit context so that auditing of io-uring ops works
similarly to how it does for syscalls (with some io-uring additions
because io-uring ops are *not* syscalls), additional LSM hooks to
enable access control points for some of the more unusual io-uring
features, e.g. credential overrides. The additional audit callouts
and LSM hooks were done in conjunction with the io-uring folks, based
on conversations and RFC patches earlier in the year.
- Fixup the binder credential handling so that the proper credentials
are used in the LSM hooks; the
commit description and the code comment which is removed in these
patches are helpful to understand the background and why this is the
proper fix.
- Enable SELinux genfscon policy support for securityfs, allowing
improved SELinux filesystem labeling for other subsystems which make
use of securityfs, e.g. IMA.
** Merge Notes
- I'm expecting three trees to add new audit record types during this
merge window: SELinux, block/device-mapper, and audit. I've already
talked with the different maintainers and there shouldn't be any
duplicated values, but I expect you will see some merge conflicts in
include/uapi/linux/audit.h; the "correct" values should end up as:
+#define AUDIT_URINGOP 1336 /* io_uring operation */
+#define AUDIT_OPENAT2 1337 /* Record showing openat2 how args */
+#define AUDIT_DM_CTRL 1338 /* Device Mapper target control */
+#define AUDIT_DM_EVENT 1339 /* Device Mapper events */
- Based on your tree from this afternoon you will see a merge conflict
in fs/io-wq.c, but it's just an include collision, the fixup is
trivial.
- Based on your tree from this afternoon you will see a merge conflict
in fs/io_uring.c in the io_op_def struct definition; the fixup is also
pretty easy, just make sure the "audit_skip" field is added to the
struct.
Thanks,
-Paul
--
The following changes since commit 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f:
Linux 5.15-rc1 (2021-09-12 16:28:37 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20211101
for you to fetch changes up to 15bf32398ad488c0df1cbaf16431422c87e4feea:
security: Return xattr name from security_dentry_init_security()
(2021-10-20 08:17:08 -0400)
----------------------------------------------------------------
selinux/stable-5.16 PR 20211101
----------------------------------------------------------------
Casey Schaufler (1):
Smack: Brutalist io_uring support
Christian Göttsche (1):
selinux: enable genfscon labeling for securityfs
Florian Westphal (1):
selinux: remove unneeded ipv6 hook wrappers
Kees Cook (1):
LSM: Avoid warnings about potentially unused hook variables
Ondrej Mosnacek (1):
selinux: fix race condition when computing ocontext SIDs
Paul Moore (11):
audit: prepare audit_context for use in calling contexts beyond syscalls
audit,io_uring,io-wq: add some basic audit support to io_uring
audit: add filtering for io_uring records
fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure()
io_uring: convert io_uring to the secure anon inode interface
lsm,io_uring: add LSM hooks to io_uring
selinux: add support for the io_uring access controls
selinux: remove the SELinux lockdown implementation
selinux: make better use of the nf_hook_state passed to the NF hooks
selinux: fix all of the W=1 build warnings
selinux: fix a sock regression in selinux_ip_postroute_compat()
Todd Kjos (3):
binder: use euid from cred instead of using task
binder: use cred instead of task for selinux checks
binder: use cred instead of task for getsecid
Vivek Goyal (1):
security: Return xattr name from security_dentry_init_security()
drivers/android/binder.c | 27 +--
drivers/android/binder_internal.h | 4 +
fs/anon_inodes.c | 29 +++
fs/ceph/xattr.c | 3 +-
fs/io-wq.c | 4 +
fs/io_uring.c | 69 +++++-
fs/nfs/nfs4proc.c | 3 +-
include/linux/anon_inodes.h | 4 +
include/linux/audit.h | 26 ++
include/linux/lsm_hook_defs.h | 22 +-
include/linux/lsm_hooks.h | 30 ++-
include/linux/security.h | 55 +++--
include/uapi/linux/audit.h | 4 +-
kernel/audit.h | 7 +-
kernel/audit_tree.c | 3 +-
kernel/audit_watch.c | 3 +-
kernel/auditfilter.c | 15 +-
kernel/auditsc.c | 468 +++++++++++++++++++++++++-----
security/security.c | 35 ++-
security/selinux/avc.c | 13 +-
security/selinux/hooks.c | 239 +++++++-----------
security/selinux/include/classmap.h | 4 +-
security/selinux/netlabel.c | 7 +-
security/selinux/netport.c | 2 +-
security/selinux/ss/hashtab.c | 1 +
security/selinux/ss/mls.c | 4 +
security/selinux/ss/services.c | 176 +++++++-------
security/smack/smack_lsm.c | 46 ++++
28 files changed, 882 insertions(+), 421 deletions(-)
--
paul moore
www.paul-moore.com
