This is a sync and squash to the apparmor 3 RC 1 development snapshot.
The set of patches in this squash are available at the apparmor-3.RC1
tag in git://kernel.ubuntu.com/jj/ubuntu-utopic.git.
This cleans up several functions over the alpha6 sync, and includes
multiple bug fixes. In addition it picks up
- new network mediation
- fine grained mediation of all unix socket types
In addition to the apparmor 3 RC 1 sync this contains the backport patch
series for the 3.4 goldfish kernel
- apparmor: 3.4 backport alias file_open 83d49856
- apparmor: 3.4 backport fake no_new_privs 259e5e6c
- apparmor: 3.4 backport cap_mmap_addr d007794a
- apparmor: 3.4 backport revert file_mmap e5467859
- apparmor: 3.5 backport dentry_open params 765927b2
- apparmor: 3.6 backport provide replace_fd 8280d161
- apparmor: 3.6 backport provide iterate_fd c3c073f8
- apparmor: 3.6 backport remove const from sb_mount 808d4e3c
- apparmor: 3.6 backport kuid_t support for audit 2db81452
- apparmor: 3.6 backport define kuid_t d2b31ca64
- apparmor: 3.6 backport revert uapi for resnames 8a1ab315
- apparmor: 3.6 backport revert uapi for capnames 43c422ed
- apparmor: 3.8 backport provide file_inode helper 496ad9aa
- apparmor: 3.10 backport revert no delay vfree()
- apparmor: 3.11 backport revert module/lsm: Have apparm 5265fc62
- apparmor: 3.12 backport mtd: Move major number f83c3838
- apparmor: 3.15 backport revert nick kvfree() from apparmor
- apparmor: backport setup base backport files
BugLink: http://bugs.launchpad.net/bugs/1362199
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This is a sync and squash to the apparmor 3 alpha 6 development snapshot
backported from 3.13. The set of patches in this squash are available
is the aa3.0-presquash branch of the dev tree.
Several of the patches in the squash have been submitted upstream.
Several more will be submitted soon, and other parts are still in
active review and development.
This squash will be updated to remove patches as they are pulled
into the upstream tree, and add new patches as they become available
to the stable apparmor dev branch.
In addition to the apparmor 3 sync this contains the backport patch
series for the 3.4 goldfish kernel
- apparmor: backport setup base backport files
- apparmor: 3.12 backport mtd: Move major number f83c3838
- apparmor: 3.11 backport revert module/lsm: Have apparm 5265fc62
- apparmor: 3.10 backport revert no delay vfree()
- apparmor: 3.8 backport provide file_inode helper 496ad9aa
- apparmor: 3.6 backport revert uapi for capnames 43c422ed
- apparmor: 3.6 backport revert uapi for resnames 8a1ab315
- apparmor: 3.6 backport define kuid_t d2b31ca64
- apparmor: 3.6 backport kuid_t support for audit 2db81452
- apparmor: 3.6 backport remove const from sb_mount 808d4e3c
- apparmor: 3.6 backport provide iterate_fd c3c073f8
- apparmor: 3.6 backport provide replace_fd 8280d161
- apparmor: 3.5 backport dentry_open params 765927b2
- apparmor: 3.4 backport revert file_mmap e5467859
- apparmor: 3.4 backport cap_mmap_addr d007794a
- apparmor: 3.4 backport fake no_new_privs 259e5e6c
- apparmor: 3.4 backport alias file_open 83d49856
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This is a sync and squash to the apparmor 3 alpha 4 development snapshot
backported from 3.12. The set of patches in this squash are available
is the aa3.0-presquash branch of the dev tree.
Several of the patches in the squash have been submitted upstream.
Several more will be submitted soon, and other parts are still in
active review and development.
This squash will be updated to remove patches as they are pulled
into the upstream tree, and add new patches as they become available
to the stable apparmor dev branch.
In addition to the apparmor 3 sync this contains the backport patch
series for the 3.4 manta kernel
- apparmor: 3.10 backport revert no delay vfree()
- apparmor: 3.8 backport provide file_inode helper 496ad9aa
- apparmor: 3.6 backport revert uapi for capnames 43c422ed
- apparmor: 3.6 backport revert uapi for resnames 8a1ab315
- apparmor: 3.6 backport define kuid_t d2b31ca64
- apparmor: 3.6 backport kuid_t support for audit 2db81452
- apparmor: 3.6 backport remove const from sb_mount 808d4e3c
- apparmor: 3.4 backport revert file_mmap e5467859
- apparmor: 3.4 backport cap_mmap_addr d007794a
- apparmor: 3.4 backport fake no_new_privs 259e5e6c
- apparmor: 3.4 backport revert task audi_data 0972c74e
- apparmor: 3.4 backport alias file_open 83d49856
- UBUNTU: SAUCE: (no-up) apparmor: update config options
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This is a squash of the following commits from the branch
v3.4-backport-of-apparmor3
Signed-off-by: John Johansen <john.johansen@canonical.com>
----------------------------------------------------------------
sync to Linux 3.10 apparmor
UBUNTU SAUCE: apparmor: sync apparmor3 dev snapshot
----------------------------------------------------------------
John Johansen (67):
apparmor: fix auditing of domain transition failures due to incomplete policy
apparmor: Remove -W1 warnings
apparmor: refactor profile mode macros
apparmor: fix error code to failure message mapping for name lookup
apparmor: add utility function to get an arbitrary tasks profile.
apparmor: add kvzalloc to handle zeroing for kvmalloc
apparmor: use common fn to clear task_context for domain transitions
apparmor: remove "permipc" command
apparmor: relax the restrictions on setting rlimits
apparmor: misc cleanup of match
apparmor: move perm defines into policy_unpack
apparmor: remove sid from profiles
apparmor: move the free_profile fn ahead of aa_alloc_profile
apparmor: reserve and mask off the top 8 bits of the base field
apparmor: fix the audit type table
apparmor: add a features/policy dir to interface
apparmor: Fix smatch warning in aa_remove_profiles
apparmor: fix sparse warnings
apparmor: localize getting the security context to a few macros
apparmor: fix setprocattr arg processing for onexec
apparmor: fix fully qualified name parsing
apparmor: enable users to query whether apparmor is enabled
apparmor: provide base for multiple profiles to be replaced at once
apparmor: convert profile lists to RCU based locking
apparmor: change how profile replacement update is done
apparmor: update how unconfined is handled
apparmor: fix namespace to be freeded via RCU
apparmor: rework namespace free path
apparmor: make free_profile available outside of policy.c
apparmor: allow setting any profile into the unconfined state
apparmor: provide the ability to boot with a default profile set on init
apparmor: fix fs extry display for default profile
apparmor: Add interface files for profiles and namespaces
FIX: collapse aa_fs_entry to a single entry instead of a null terminated array
apparmor: merge profile mode names
apparmor: fix the locking etc. in the new policy interface
apparmor: add an optional profile attachment string
apparmor: Add profile introspection file to interface
apparmor: update compatibility patch for RCU locking
FIX: more fixes to aafs/profiles file
apparmor: reuse name string from previous profile
apparmor: add basic support for implicit labeling of files
apparmor: directly free a label if it has not been added to a labelset
FIX: ensure label is only inserted if not already in tree
apparmor: baby step - now add labels to the labelset trees
FIX: ensure all profiles get added to the correct lists
apparmor: move replacedby to use labels instead of profiles
apparmor: introduce using labels from contexts
apparmor: add abilitiy to print labels and update interface to use
apparmor: rework auditing to use the label
apparmor: audit the profile and namespace for all messages
apparmor: treat each task as if the label can have mutiple entries
apparmor: use most recent label available, when possible.
apparmor: remove FLAG_MEDIATE_DELETED
apparmor: move aa_label_insert
apparmor: add a log fn to generate log message for each profile in a label
apparmor: add helper for getting the newest profile
apparmor: add the ability to create a new label based on merging 2 labels
apparmor: invalidate compound labels, and replace
apparmor: set up base labeling on sockets
apparmor: Add the ability to mediate mount
apparmor: convert mount to label instead of profile
apparmor: treat mount as if each task may have multi-profile labels
apparmor: implement profile-based query interface in apparmorfs
apparmor: update profile permission query interface to use labels
apparmor: fix returning -einval when should be no perms on query interface
apparmor: add a features/dbus dir to securityfs interface
security/apparmor/.gitignore | 1 +
security/apparmor/Kconfig | 35 ++
security/apparmor/Makefile | 42 ++-
security/apparmor/apparmorfs.c | 757 +++++++++++++++++++++++++++++++++++++-
security/apparmor/audit.c | 30 +-
security/apparmor/context.c | 122 ++++---
security/apparmor/domain.c | 123 ++++---
security/apparmor/file.c | 173 +++++----
security/apparmor/include/apparmor.h | 58 ++-
security/apparmor/include/apparmorfs.h | 39 ++
security/apparmor/include/audit.h | 21 +-
security/apparmor/include/context.h | 158 +++++---
security/apparmor/include/domain.h | 2 +
security/apparmor/include/file.h | 23 +-
security/apparmor/include/ipc.h | 4 +-
security/apparmor/include/label.h | 325 +++++++++++++++++
security/apparmor/include/match.h | 21 +-
security/apparmor/include/mount.h | 54 +++
security/apparmor/include/net.h | 54 +++
security/apparmor/include/path.h | 2 +-
security/apparmor/include/policy.h | 214 ++++++-----
security/apparmor/include/policy_unpack.h | 21 +-
security/apparmor/include/procattr.h | 3 +-
security/apparmor/include/resource.h | 4 +-
security/apparmor/include/sid.h | 4 +-
security/apparmor/ipc.c | 48 +--
security/apparmor/label.c | 1626 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
security/apparmor/lib.c | 37 +-
security/apparmor/lsm.c | 645 ++++++++++++++++++++++++++++-----
security/apparmor/match.c | 23 +-
security/apparmor/mount.c | 704 ++++++++++++++++++++++++++++++++++++
security/apparmor/net.c | 169 +++++++++
security/apparmor/path.c | 2 +-
security/apparmor/policy.c | 871 +++++++++++++++++++++++++++-----------------
security/apparmor/policy_unpack.c | 188 ++++++++--
security/apparmor/procattr.c | 57 +--
security/apparmor/resource.c | 91 +++--
37 files changed, 5790 insertions(+), 961 deletions(-)
create mode 100644 security/apparmor/include/label.h
create mode 100644 security/apparmor/include/mount.h
create mode 100644 security/apparmor/include/net.h
create mode 100644 security/apparmor/label.c
create mode 100644 security/apparmor/mount.c
create mode 100644 security/apparmor/net.c
UBUNTU SAUCE: apparmor: 3.8 backport provide file_inode helper 496ad9aa
support changes from commit 496ad9aa8ef448058e36ca7a787c61f2e63f0f54
UBUNTU SAUCE: apparmor: 3.6 backport revert uapi for capnames 43c422ed
partial revert of 43c422eda99b894f18d1cca17bcd2401efaf7bd0
UBUNTU SAUCE: apparmor: 3.6 backport revert uapi for resnames 8a1ab315
partial revert 8a1ab3155c2ac7fbe5f2038d6e26efeb607a1498
UBUNTU SAUCE: apparmor: 3.6 backport define kuid_t d2b31ca64
support changes from commit d2b31ca644fdc8704de3367a6a56a5c958c77f53
UBUNTU SAUCE: apparmor: 3.6 backport kuid_t support for audit 2db81452
support changes from commit 2db81452931eb51cc739d6e495cf1bd4860c3c99
UBUNTU SAUCE: apparmor: 3.6 backport remove const from sb_mount 808d4e3c
partial revert of 808d4e3cfdcc52b19276175464f6dbca4df13b09
UBUNTU SAUCE: apparmor: 3.4 backport revert file_mmap e5467859
partial revert of e5467859f7f79b69fc49004403009dfdba3bec53
UBUNTU SAUCE: apparmor: 3.4 backport cap_mmap_addr d007794a
support changes from d007794a182bc072a7b7479909dbd0d67ba341be
UBUNTU SAUCE: apparmor: 3.4 backport fake no_new_privs 259e5e6c
support interface from 259e5e6c75a910f3b5e656151dc602f53f9d7548
c29bceb3967398cf2ac8bf8edf9634fdb722df7d
UBUNTU SAUCE: apparmor: 3.4 backport alias file_open 83d49856
add support for 83d498569e9a7a4b92c4c5d3566f2d6a604f28c9
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ipc:
AppArmor ipc is currently limited to mediation done by file mediation
and basic ptrace tests. Improved mediation is a wip.
rlimits:
AppArmor provides basic abilities to set and control rlimits at
a per profile level. Only resources specified in a profile are controled
or set. AppArmor rules set the hard limit to a value <= to the current
hard limit (ie. they can not currently raise hard limits), and if
necessary will lower the soft limit to the new hard limit value.
AppArmor does not track resource limits to reset them when a profile
is left so that children processes inherit the limits set by the
parent even if they are not confined by the same profile.
Capabilities: AppArmor provides a per profile mask of capabilities,
that will further restrict.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
