Re: [PATCH] selinux: add __randomize_layout to selinux_audit_data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 17, 2022 at 9:21 PM GONG, Ruiqi <gongruiqi1@xxxxxxxxxx> wrote:
>
> Randomize the layout of struct selinux_audit_data as suggested in [1],
> since it contains a pointer to struct selinux_state, an already
> randomized strucure.
>
> [1]: https://github.com/KSPP/linux/issues/188
>
> Signed-off-by: GONG, Ruiqi <gongruiqi1@xxxxxxxxxx>
> ---
>  security/selinux/include/avc.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
> index 2b372f98f2d7..5525b94fd266 100644
> --- a/security/selinux/include/avc.h
> +++ b/security/selinux/include/avc.h
> @@ -53,7 +53,7 @@ struct selinux_audit_data {
>         u32 denied;
>         int result;
>         struct selinux_state *state;
> -};
> +} __randomize_layout;

I'll apologize in advance for the stupid question, but does
__randomize_layout result in any problems when the struct is used in a
trace event?  (see include/trace/events/avc.h)

-- 
paul-moore.com



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux