• Linus Torvalds's avatar
    Merge tag 'lsm-pr-20240105' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm · 063a7ce3
    Linus Torvalds authored
    Pull security module updates from Paul Moore:
    
     - Add three new syscalls: lsm_list_modules(), lsm_get_self_attr(), and
       lsm_set_self_attr().
    
       The first syscall simply lists the LSMs enabled, while the second and
       third get and set the current process' LSM attributes. Yes, these
       syscalls may provide similar functionality to what can be found under
       /proc or /sys, but they were designed to support multiple,
       simultaneaous (stacked) LSMs from the start as opposed to the current
       /proc based solutions which were created at a time when only one LSM
       was allowed to be active at a given time.
    
       We have spent considerable time discussing ways to extend the
       existing /proc interfaces to support multiple, simultaneaous LSMs and
       even our best ideas have been far too ugly to support as a kernel
       API; after +20 years in the kernel, I felt the LSM layer had
       established itself enough to justify a handful of syscalls.
    
       Support amongst the individual LSM developers has been nearly
       unanimous, with a single objection coming from Tetsuo (TOMOYO) as he
       is worried that the LSM_ID_XXX token concept will make it more
       difficult for out-of-tree LSMs to survive. Several members of the LSM
       community have demonstrated the ability for out-of-tree LSMs to
       continue to exist by picking high/unused LSM_ID values as well as
       pointing out that many kernel APIs rely on integer identifiers, e.g.
       syscalls (!), but unfortunately Tetsuo's objections remain.
    
       My personal opinion is that while I have no interest in penalizing
       out-of-tree LSMs, I'm not going to penalize in-tree development to
       support out-of-tree development, and I view this as a necessary step
       forward to support the push for expanded LSM stacking and reduce our
       reliance on /proc and /sys which has occassionally been problematic
       for some container users. Finally, we have included the linux-api
       folks on (all?) recent revisions of the patchset and addressed all of
       their concerns.
    
     - Add a new security_file_ioctl_compat() LSM hook to handle the 32-bit
       ioctls on 64-bit systems problem.
    
       This patch includes support for all of the existing LSMs which
       provide ioctl hooks, although it turns out only SELinux actually
       cares about the individual ioctls. It is worth noting that while
       Casey (Smack) and Tetsuo (TOMOYO) did not give explicit ACKs to this
       patch, they did both indicate they are okay with the changes.
    
     - Fix a potential memory leak in the CALIPSO code when IPv6 is disabled
       at boot.
    
       While it's good that we are fixing this, I doubt this is something
       users are seeing in the wild as you need to both disable IPv6 and
       then attempt to configure IPv6 labeled networking via
       NetLabel/CALIPSO; that just doesn't make much sense.
    
       Normally this would go through netdev, but Jakub asked me to take
       this patch and of all the trees I maintain, the LSM tree seemed like
       the best fit.
    
     - Update the LSM MAINTAINERS entry with additional information about
       our process docs, patchwork, bug reporting, etc.
    
       I also noticed that the Lockdown LSM is missing a dedicated
       MAINTAINERS entry so I've added that to the pull request. I've been
       working with one of the major Lockdown authors/contributors to see if
       they are willing to step up and assume a Lockdown maintainer role;
       hopefully that will happen soon, but in the meantime I'll continue to
       look after it.
    
     - Add a handful of mailmap entries for Serge Hallyn and myself.
    
    * tag 'lsm-pr-20240105' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: (27 commits)
      lsm: new security_file_ioctl_compat() hook
      lsm: Add a __counted_by() annotation to lsm_ctx.ctx
      calipso: fix memory leak in netlbl_calipso_add_pass()
      selftests: remove the LSM_ID_IMA check in lsm/lsm_list_modules_test
      MAINTAINERS: add an entry for the lockdown LSM
      MAINTAINERS: update the LSM entry
      mailmap: add entries for Serge Hallyn's dead accounts
      mailmap: update/replace my old email addresses
      lsm: mark the lsm_id variables are marked as static
      lsm: convert security_setselfattr() to use memdup_user()
      lsm: align based on pointer length in lsm_fill_user_ctx()
      lsm: consolidate buffer size handling into lsm_fill_user_ctx()
      lsm: correct error codes in security_getselfattr()
      lsm: cleanup the size counters in security_getselfattr()
      lsm: don't yet account for IMA in LSM_CONFIG_COUNT calculation
      lsm: drop LSM_ID_IMA
      LSM: selftests for Linux Security Module syscalls
      SELinux: Add selfattr hooks
      AppArmor: Add selfattr hooks
      Smack: implement setselfattr and getselfattr hooks
      ...
    063a7ce3
syscall_o32.tbl 17.8 KB