The Linux audit system includes LSM based security "context" information in its events. Historically, only one LSM that uses security contexts can be active on a system. One of the few obsticles to allowing multiple LSM support is the inability to report more than one security context in an audit event. This patchset provides a mechanism to provide supplimental records containing more than one security context for subjects and objects. The mechanism for reporting multiple security contexts inspired considerable discussion. It would have been possible to add multiple contexts to existing records using sophisticated formatting. This would have significant backward compatibility issues, and require additional parsing in user space code. Adding new records for an event that contain the contexts is more in keeping with the way audit events have been constructed in the past. Only audit events associated with system calls have required multiple records prior to this. Mechanism has been added allowing any event to be composed of multiple records. This should make it easier to add information to existing audit events without breaking backward compatability. v3: Rework how security modules identify that they provide security contexts to the audit system. Maintain a list within the audit system of the security modules that provide security contexts. Revert the separate counts of subject and object contexts. v2: Maintain separate counts for LSMs using subject contexts and object contexts. AppArmor uses the former but not the latter. Correct error handling in object record creation. https://github.com/cschaufler/lsm-stacking#audit-6.14-rc1-v3 Casey Schaufler (5): Audit: Create audit_stamp structure LSM: security_lsmblob_to_secctx module selection Audit: Add record for multiple task security contexts Audit: multiple subject lsm values for netlabel Audit: Add record for multiple object contexts include/linux/audit.h | 19 +++ include/linux/security.h | 6 +- include/uapi/linux/audit.h | 2 + kernel/audit.c | 255 +++++++++++++++++++++++++++++------ kernel/audit.h | 13 +- kernel/auditsc.c | 65 +++------ net/netlabel/netlabel_user.c | 8 +- security/apparmor/lsm.c | 3 + security/security.c | 13 +- security/selinux/hooks.c | 3 + security/smack/smack_lsm.c | 3 + 11 files changed, 291 insertions(+), 99 deletions(-) -- 2.47.0
