1. 27 Nov, 2016 29 commits
  2. 24 Nov, 2016 1 commit
  3. 22 Nov, 2016 3 commits
  4. 21 Nov, 2016 1 commit
    • Stephen Smalley's avatar
      selinux: keep SELinux in sync with new capability definitions · 3322d0d6
      Stephen Smalley authored
      When a new capability is defined, SELinux needs to be updated.
      Trigger a build error if a new capability is defined without
      corresponding update to security/selinux/include/classmap.h's
      COMMON_CAP2_PERMS.  This is similar to BUILD_BUG_ON() guards
      in the SELinux nlmsgtab code to ensure that SELinux tracks
      new netlink message types as needed.
      
      Note that there is already a similar build guard in
      security/selinux/hooks.c to detect when more than 64
      capabilities are defined, since that will require adding
      a third capability class to SELinux.
      
      A nicer way to do this would be to extend scripts/selinux/genheaders
      or a similar tool to auto-generate the necessary definitions and code
      for SELinux capability checking from include/uapi/linux/capability.h.
      AppArmor does something similar in its Makefile, although it only
      needs to generate a single table of names.  That is left as future
      work.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      [PM: reformat the description to keep checkpatch.pl happy]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      3322d0d6
  5. 20 Nov, 2016 1 commit
    • Stephen Smalley's avatar
      selinux: normalize input to /sys/fs/selinux/enforce · ea49d10e
      Stephen Smalley authored
      At present, one can write any signed integer value to
      /sys/fs/selinux/enforce and it will be stored,
      e.g. echo -1 > /sys/fs/selinux/enforce or echo 2 >
      /sys/fs/selinux/enforce. This makes no real difference
      to the kernel, since it only ever cares if it is zero or non-zero,
      but some userspace code compares it with 1 to decide if SELinux
      is enforcing, and this could confuse it. Only a process that is
      already root and is allowed the setenforce permission in SELinux
      policy can write to /sys/fs/selinux/enforce, so this is not considered
      to be a security issue, but it should be fixed.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      ea49d10e
  6. 15 Nov, 2016 1 commit
    • Casey Schaufler's avatar
      Smack: Remove unnecessary smack_known_invalid · 152f91d4
      Casey Schaufler authored
      The invalid Smack label ("") and the Huh ("?") Smack label
      serve the same purpose and having both is unnecessary.
      While pulling out the invalid label it became clear that
      the use of smack_from_secid() was inconsistent, so that
      is repaired. The setting of inode labels to the invalid
      label could never happen in a functional system, has
      never been observed in the wild and is not what you'd
      really want for a failure behavior in any case. That is
      removed.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      152f91d4
  7. 14 Nov, 2016 4 commits