| Message ID | 20250312212148.274205-3-ryan.lee@canonical.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show
Received: from smtp-relay-internal-0.canonical.com
(smtp-relay-internal-0.canonical.com [185.125.188.122])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB3711F03D8
for <linux-security-module@vger.kernel.org>;
Wed, 12 Mar 2025 21:22:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1741814580; cv=none;
b=T5zjaohg2rKgS2e+omOv7ZPVgC49XVzHTZJnTy+qLsYsK4FXHKOh3WoYbtSxgWmFoXKax7NPv6lS1BtmX+vT+b1jNzr51HHhlgWBG0S3N1qNfWuG9xvPYaLB1SMxRIMLaggiuIQlbXQ7lJ4SCxndQI2MWyiZsqlcf23qZMEvbjI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1741814580; c=relaxed/simple;
bh=b4+VVCuulTVS3lasReYQ2g8sMWbZpqYEurik+q7TDIU=;
h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version;
b=OVR6aWcMxQYZv8tHv8XIwl2rJ7S31LA7a/gtXOSkDhT6DwWOyHPjNC+8xEONpzDw7h3dmWErctV7wEnYMbg+Dz46P1DGDLqpAXVPXbaYa/xNrvBHm7Aan/HugoiIeiaUQIL536/Ke5E61Yj4CMvXjHLvv7KCAaHrwaHuTX/N+NE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=canonical.com;
spf=pass smtp.mailfrom=canonical.com;
dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
header.b=wXHZQnMA; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
header.b="wXHZQnMA"
Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com
[209.85.216.72])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
SHA256)
(No client certificate requested)
by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id EA5633FCDB
for <linux-security-module@vger.kernel.org>;
Wed, 12 Mar 2025 21:22:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
s=20210705; t=1741814567;
bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=;
h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version;
b=wXHZQnMAbweFyixm/4yjK71qO9242A1HNYoXX/nCd8p+RYITpNU5PZTBrcIvtgw7s
3Cfua9ykXolkNe8sqNhQTewpZzDEo9hJ8v22TSgfp936vThetM6T14br6KexQGwp4n
+Isc3riXaRUo2ZotDauFSLzZeYnIW3I/SI1Qh0dY1yv3rC2RXh+bC5LeZLkAE2z9vL
hBoLp6v0DiHX9j0JXXrgUEsBEpHG2OiqmOdkIOiyl5ArlJK/AmmvedXelZbphpQSgx
kr72q+roBfgDo+g6bXTg0/Ix14ooarH0l/+izy2fDMvlut42EknAd7q6yoQjnPB6Vv
WerhTrb8BANqA==
Received: by mail-pj1-f72.google.com with SMTP id
98e67ed59e1d1-2ff53a4754aso718877a91.2
for <linux-security-module@vger.kernel.org>;
Wed, 12 Mar 2025 14:22:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1741814566; x=1742419366;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=;
b=tQdFd83ClSH9jk8AX156nRA3Jot/h55anGBu831urGtcBAxR8Y8r5qNp1wmxwsnpco
XWHKoXAJgCRXOh8hOTLYedxqkp4uxzi0MQy1EDslCDEvpDSDdOM+YKTuXs8jwsjYeTwy
0gpebThW1MdoxIgYn4/I1sKCnpcBNi0E1YJVBWN6UYdfnTDpSG4GKo4gnvqzzSgwZI0S
J9oSjWgTxJyLOby9KfH+bqdnKU8Xx16turatpqr+L7e2Dq2Z2qfkrq16zhZwU78GA5Jd
LPVD5pflnjEI1MqeLaOiYhHUr0KSlo/JJOh+pzwf7KBzMsVx/MhVtYp2BFKz65iPOxeu
leQw==
X-Forwarded-Encrypted: i=1;
AJvYcCVlr3Pp+ygKSZH8Q+nG4Dt59WAWk7ldqzlzHSB2KVIc3JQIcxug1qFR57i7Ts2y157VpdDCryHG09Br27w13vlnSdd/tC0=@vger.kernel.org
X-Gm-Message-State: AOJu0YxJBBxUHFbsIlGFyTIh7EqJlZ7KiHvhYBcrXs5cmAd6z3y66T7I
4R0Z8FHByxcm0T9+YNO11anvPYP2IFHBTyqrDDUoSla8nDZ0E3OURTYVs+r6UzBx98c0ZSU/kXx
nMfWja+ESD1KXwa6SjREy7TwUFnK0H3srMDBiqOcbl0ei8mLveeYOpf4+CBS+8dW2CfO+TsPoVy
M2WSThyaEIRDoPAQ==
X-Gm-Gg: ASbGncuE/1ERn1wKncK+S/d/6lKTpC/jIStfJHCKmoOE3YemAxB1PbqS7TinCumobOi
0cKBgpfSSDVDHi80Ro1OyATmFREzIqKpfmbW5npnLHmWdR3mgafFEadzTXp6br9RnyeE5biWfEI
KWqIFTy6KKpPZo9Q1ykAy3FocEFZj3u4T+clDYuqMfvkqfqDASbaM/hZBALXehSxg092dUa4ZXL
Pfqpt3kmY/i5obpaIQD30+oJ9kJNxPJ8EDh/V0d6mZnAxpllIcQS8X4slLM+/0rK1XLg4wgoaGm
cnyMs4KWhynW/ZeeUmRRGmeQhqoq+HCul7rRWMKTX1JesROS8rDkTr/amp7siBpuX++k/Rs=
X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id
98e67ed59e1d1-2ff7cf2a4dfmr33760048a91.29.1741814566536;
Wed, 12 Mar 2025 14:22:46 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IGAh7edf+w4rzXzQLR0fkq9YMtlXCTroL93A1jr+Tsldo2r/RTEDBE9CJvpxWToVeKTIWZWGQ==
X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id
98e67ed59e1d1-2ff7cf2a4dfmr33760017a91.29.1741814566237;
Wed, 12 Mar 2025 14:22:46 -0700 (PDT)
Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net.
[76.103.38.92])
by smtp.gmail.com with ESMTPSA id
98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.44
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 12 Mar 2025 14:22:45 -0700 (PDT)
From: Ryan Lee <ryan.lee@canonical.com>
To: linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org,
apparmor@lists.ubuntu.com,
linux-security-module@vger.kernel.org,
selinux@vger.kernel.org
Cc: Ryan Lee <ryan.lee@canonical.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
John Johansen <john.johansen@canonical.com>,
Paul Moore <paul@paul-moore.com>, James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
=?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>, =?utf-8?q?G=C3=BCnt?=
=?utf-8?q?her_Noack?= <gnoack@google.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Ondrej Mosnacek <omosnace@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Kentaro Takeda <takedakn@nttdata.co.jp>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: [RFC PATCH 2/6] apparmor: explicitly skip mediation of O_PATH file
descriptors
Date: Wed, 12 Mar 2025 14:21:42 -0700
Message-ID: <20250312212148.274205-3-ryan.lee@canonical.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com>
References: <20250312212148.274205-1-ryan.lee@canonical.com>
Precedence: bulk
X-Mailing-List: linux-security-module@vger.kernel.org
List-Id: <linux-security-module.vger.kernel.org>
List-Subscribe: <mailto:linux-security-module+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-security-module+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
|
| Series |
fs, lsm: mediate O_PATH fd creation in file_open hook
|
expand
|
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 11ace667cbbf..2349a1dd41f4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -647,6 +647,16 @@ static int apparmor_file_open(struct file *file) return 0; } + /* + * Preserve the behavior of O_PATH fd creation not being mediated. + * + * TODO: we weren't handling O_PATH fds in aa_inherit_files anyways + * (all-zero request -> fds unconditionally inherited), so proper + * mediation of those will require changes in multiple places. + */ + if (file->f_flags & O_PATH) + return 0; + label = aa_get_newest_cred_label_condref(file->f_cred, &needput); if (!unconfined(label)) { struct mnt_idmap *idmap = file_mnt_idmap(file);
Previously, we saw O_PATH fds only when mediating fd inheritance on exec, but because they would have no request associated with them, we would unconditionally let them be inherited. Until we have better handling of O_PATH fds, preserve the existing behavior of unconditionally allowing them. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> --- security/apparmor/lsm.c | 10 ++++++++++ 1 file changed, 10 insertions(+)