From patchwork Wed Mar 12 21:21:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013914 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D068C1EF099 for ; Wed, 12 Mar 2025 21:22:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814577; cv=none; b=B3ojBVf8e+dBJ6idKcKcNps1S1IW5YjlHHXpRwSF+SiNg3l9IvqrLIeimjkCFpluS5X9d6CeZiRHV/ILejI/koe0g2tLItF56i4XNFgg+y/sKHl1rnammBUvY1BMXl6MIkQDWyozN4UgD6FP3aBIivwHf5Vsvp5Aoy0bLowLVQ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814577; c=relaxed/simple; bh=mvIFvWIp9NnNpqjlb78s7uPPK/9pOen0F/aXj53TS9k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YLEGP1P5iZ/qiZRblCFIJRKtZvurkM3WytutlCnPyGqNRgFEVH4xT8IYZH0luf2yyc73LkFKY2BA1RLpfJ4QJeecGrr7l5IcKjqxH4ZI/DOzId3B5LsNzKCvfUPO2P8bo3vRTNjrbeT6FBsgUveha/vigppWYVVufHciuyN3vXA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=uI6awYxi; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="uI6awYxi" Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 2BE743F715 for ; Wed, 12 Mar 2025 21:22:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814566; bh=JJCUu0nnTlIAwhQtLazst1i1S2GtJ41RAYnP5gniTzw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uI6awYxim82/z5f5cvID+u84PqHGP29jae936qURO6TZh3kPt3VKdd6QkBG0BPfDN nUFwZr5tefTaOWSeS2C1nLfySfDhDJYGEOMPcNLyo1JercStvR0sjcr8JcA3BSP8CK CXfGsdg1q9o4/fLkUpopNjz8jQFiSWePp5XRQ71WBH3tEa46uHhl24Z4Tk0xb6yvNP VGn10AfZCM+I28zcs3gUYpiRDmr/i5RXMMN9X4f7mX78WGGTZha8SQN7PG23HA38h/ cJTkaQFJ0AFxLq54T1zwnCLYIE7CCBh9gYTmcOsNK5LZUHECkkY8JzkQWJrF+Y0+Jh h412IuCb3sapA== Received: by mail-pl1-f197.google.com with SMTP id d9443c01a7336-2240a960f9cso4453795ad.0 for ; Wed, 12 Mar 2025 14:22:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814564; x=1742419364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JJCUu0nnTlIAwhQtLazst1i1S2GtJ41RAYnP5gniTzw=; b=Z5Ufd1k+/pEgNr1oXS5wvu3Prs3vZNHUJDe0PS2NLD8TZEuCjJPE4yWX162MJrHr7A retL2qujJ18VhsgbxjNCETxM9N0EXXuFcjEXFy71Zw9kGzt4BY5KR/zMSh60W+VYv+Zi myBEDW3pecEXXk+nd89wlbeTsZLmR/CIkZOR6Aant1lMP9Xe2lF/ZvxUTfSjtz6XcRTr bEzba4zFzGnvFdvA5UM91h5Fdqp84mv94y7o6q9HS1qSZWcm6nhnCaIeDVM1kLtqwGhb cWkTN1q6/xBCsPjrrnVa7Hfpfeq99PyKZuEGHwmgjeEFIjP4A05vGFOW4cVEylcu/CNd naXg== X-Gm-Message-State: AOJu0Ywaz13phxZCGTknuLRoJYGFLAnsHTRNrqOMJ2+Vyo/cx2Ea45Ze H8PY3oDAxaBqcvgn5VrpQ4CrnovsVWKBt5hL7oUVTG+Dr4LPXjAH1189Esn5NZaYHPKC8hUAWHg L8buhA918jJHxqje9q03JbaB9VqYS9cEeHHhxa2+DE1oacEFZU+XrqrFqMT4i93dvYOEzZapLWK wX3yxNAx7QsDuQgQ== X-Gm-Gg: ASbGncsQn9ZBqgxjSvxj5QGHDxbc9RZoEzaa14y+KDGPSVVKjTlOtDIuFVhHOKDpB3k eey0u4/Fb689BunHJT1bTDDaAk+Xp/kJrzYh+JQY9gya8v+LiFeg3Ug5cyy0XuTeJ9AM8Ov/DmD X3er3VKYvM9CFBtZeOD/LerKHz7ibcpJmWCpiybTY37C4VLDdX2FQCi22Re0LDBGchBKNl2+wRo i+rGqxj7vn67U18KJALRpgS4UAJGsMM04+ksjRH+DebFJB9LAjL70DqIPUeDq9b/8XhFCsOJa7j uji9hb13AN2IUdNbUOsrtOhNJC/aMxRMdosRngymjARm52IVEotFyW7sq8i6uFi2y7qCnn8= X-Received: by 2002:a17:902:ea07:b0:224:a79:5fe4 with SMTP id d9443c01a7336-2242888681cmr334106835ad.2.1741814564403; Wed, 12 Mar 2025 14:22:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFjVvzREwSOFKw0Hfsl/h89sadLsPdTTQZ/I/XFETV/GwxC6RNVuLWxGdk5FbZ6Djc3RCsmNQ== X-Received: by 2002:a17:902:ea07:b0:224:a79:5fe4 with SMTP id d9443c01a7336-2242888681cmr334106495ad.2.1741814564101; Wed, 12 Mar 2025 14:22:44 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:43 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 1/6] fs: invoke LSM file_open hook in do_dentry_open for O_PATH fds as well Date: Wed, 12 Mar 2025 14:21:41 -0700 Message-ID: <20250312212148.274205-2-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Currently, opening O_PATH file descriptors completely bypasses the LSM infrastructure. Invoking the LSM file_open hook for O_PATH fds will be necessary for e.g. mediating the fsmount() syscall. Signed-off-by: Ryan Lee --- fs/open.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/open.c b/fs/open.c index 30bfcddd505d..0f8542bf6cd4 100644 --- a/fs/open.c +++ b/fs/open.c @@ -921,8 +921,13 @@ static int do_dentry_open(struct file *f, if (unlikely(f->f_flags & O_PATH)) { f->f_mode = FMODE_PATH | FMODE_OPENED; file_set_fsnotify_mode(f, FMODE_NONOTIFY); f->f_op = &empty_fops; - return 0; + /* + * do_o_path in fs/namei.c unconditionally invokes path_put + * after this function returns, so don't path_put the path + * upon LSM rejection of O_PATH opening + */ + return security_file_open(f); } if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) { From patchwork Wed Mar 12 21:21:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013915 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6CCD1F03D6 for ; Wed, 12 Mar 2025 21:22:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; cv=none; b=T5zjaohg2rKgS2e+omOv7ZPVgC49XVzHTZJnTy+qLsYsK4FXHKOh3WoYbtSxgWmFoXKax7NPv6lS1BtmX+vT+b1jNzr51HHhlgWBG0S3N1qNfWuG9xvPYaLB1SMxRIMLaggiuIQlbXQ7lJ4SCxndQI2MWyiZsqlcf23qZMEvbjI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; c=relaxed/simple; bh=b4+VVCuulTVS3lasReYQ2g8sMWbZpqYEurik+q7TDIU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OVR6aWcMxQYZv8tHv8XIwl2rJ7S31LA7a/gtXOSkDhT6DwWOyHPjNC+8xEONpzDw7h3dmWErctV7wEnYMbg+Dz46P1DGDLqpAXVPXbaYa/xNrvBHm7Aan/HugoiIeiaUQIL536/Ke5E61Yj4CMvXjHLvv7KCAaHrwaHuTX/N+NE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=wXHZQnMA; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="wXHZQnMA" Received: from mail-pj1-f71.google.com (mail-pj1-f71.google.com [209.85.216.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id D1D413FCD3 for ; Wed, 12 Mar 2025 21:22:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814567; bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=wXHZQnMAbweFyixm/4yjK71qO9242A1HNYoXX/nCd8p+RYITpNU5PZTBrcIvtgw7s 3Cfua9ykXolkNe8sqNhQTewpZzDEo9hJ8v22TSgfp936vThetM6T14br6KexQGwp4n +Isc3riXaRUo2ZotDauFSLzZeYnIW3I/SI1Qh0dY1yv3rC2RXh+bC5LeZLkAE2z9vL hBoLp6v0DiHX9j0JXXrgUEsBEpHG2OiqmOdkIOiyl5ArlJK/AmmvedXelZbphpQSgx kr72q+roBfgDo+g6bXTg0/Ix14ooarH0l/+izy2fDMvlut42EknAd7q6yoQjnPB6Vv WerhTrb8BANqA== Received: by mail-pj1-f71.google.com with SMTP id 98e67ed59e1d1-2ff58318acaso764367a91.0 for ; Wed, 12 Mar 2025 14:22:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814566; x=1742419366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=; b=LqUn+RTlAK3RH4uLLuLGHb25llXRiExIw7qQ1H1uXoUAlHxPB6GK/dNXCjZE5s5dV4 MrU97MmafsW1LPw0cC4Y9rnstwCjjoCN3SdSTxV7ic6Oqy8A2Y/foizr2WbbjIlckAaN p+oxM7uo+xYHD5vrFua0DVKqeVLn8xetDXVCFxiUCLxj5n5ElNgLXXcpFAfXKk7IE/FJ nc36fQ76DmazEs1i6Oh3P+GTkojj8vYr+Sv9PxVymv/PLUCs0NJqpcOhVS/pe9BgfP5W JGkyzpowM3wx3r8pn47SKI4G3GTihvdm6+2p+aFJ3xe7xVGdwqla4tERjgXOu78ewwrP Z7HA== X-Gm-Message-State: AOJu0YyrRbZq9EBoCvQgXpy9m5NGTDpj3Uu1rk2sOcPK06/jCgxHWlHR iaEsahAfY7o1WvBVK5HzqS58kRD4C41u5jh2k2kJmPPxw1Sr99yHgx+WbcGzK019obpBrV8lHSO g7FAYLt4TPvoqdtVrlgYGx+k+8egY2eAkSFrxsdRMCUHGZy5ZFzisNPvNMUVQsDLhAE8nmplPxp 6CWVpFEQ60zTRtfA== X-Gm-Gg: ASbGncsVhLBxwZ3lVKsO84Cvd0Tw8JEHslrsWYdWqn5TXJJ3omCfJTifFhcMpsNuZaD 6ws93/Qjrw7f/EbacLFrT/c8NTu7YpbmIquF7maPixMCBIoXo2vbZp0I5lVT3dS5OfJv5l+hDkt /4qi/WatTUdtaPpYWlzeonRae4VGpSIpGKmcNtS3V/wfpZjv28Ac/CMsNPjsx8v1IVuqmL+d8Ub /kGy/B8JJcyLRAjxQSRSWqD7CbBVeXha54ZBIceuqDq83k6eOxB4R72jah5oY5RRvUKaZraRPkJ BZE6DL378Qs7F0B+XRFGm9Alt4VmQ2ZqAcvo/oLQxjLt1J0l/MIDimz9WENnwtcgnWwlhNo= X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id 98e67ed59e1d1-2ff7cf2a4dfmr33760027a91.29.1741814566526; Wed, 12 Mar 2025 14:22:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGAh7edf+w4rzXzQLR0fkq9YMtlXCTroL93A1jr+Tsldo2r/RTEDBE9CJvpxWToVeKTIWZWGQ== X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id 98e67ed59e1d1-2ff7cf2a4dfmr33760017a91.29.1741814566237; Wed, 12 Mar 2025 14:22:46 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:45 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 2/6] apparmor: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:42 -0700 Message-ID: <20250312212148.274205-3-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Previously, we saw O_PATH fds only when mediating fd inheritance on exec, but because they would have no request associated with them, we would unconditionally let them be inherited. Until we have better handling of O_PATH fds, preserve the existing behavior of unconditionally allowing them. Signed-off-by: Ryan Lee --- security/apparmor/lsm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 11ace667cbbf..2349a1dd41f4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -647,6 +647,16 @@ static int apparmor_file_open(struct file *file) return 0; } + /* + * Preserve the behavior of O_PATH fd creation not being mediated. + * + * TODO: we weren't handling O_PATH fds in aa_inherit_files anyways + * (all-zero request -> fds unconditionally inherited), so proper + * mediation of those will require changes in multiple places. + */ + if (file->f_flags & O_PATH) + return 0; + label = aa_get_newest_cred_label_condref(file->f_cred, &needput); if (!unconfined(label)) { struct mnt_idmap *idmap = file_mnt_idmap(file); From patchwork Wed Mar 12 21:21:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013917 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C93F41F0E4F for ; Wed, 12 Mar 2025 21:23:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814582; cv=none; b=Y8GskxNpcjRDsw9CcZUHhTMv0trG+gkbx3HzbQV/+11HMqEaWdm1k+siIh2mDzq6z8P4UuEYXurGbm+5XErCtoBhsLEI1ndju148WmtqQTtGZKj781RGbKaXqpln4mSek5GkpCL6wdEBz8agYENW0c7/YOloGe8XoBzzSr9aC/c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814582; c=relaxed/simple; bh=YKJUOhSAlbceCTtQeFmVs8IFwOcyWaVLfzVCuOajKmQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QnqYsL9/erPW7DR7ZtGztLEvF2aXmkkJkeHTtQ8htyDpFhTTz5OGtI0Ukch+WWpp8BhZOsykTooN4FJrQUv0e7n7Zo0UgO7XFSPZQ/MTT3YpBo+eZAfXQYpqcvXl92mlB0G277STJhat/JSMPqWvQ0QucLDtkktD8+KOk5ntQik= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=vmL06F9F; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="vmL06F9F" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 2E7693FCDD for ; Wed, 12 Mar 2025 21:22:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814570; bh=bQ5ilq+qjctbW08HSKcwKvLmj0dzCcpGagg2F3uVrL4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=vmL06F9FBtpJLaaYr55tRaWWAuRysWlSghmlHws+4ccfGIOKu/r09XtkJ0t2XeANd i6mp2xCB2TcwZfGBQQko9G7AptQBV6tAVGPPt+Ny/IdmUxR3AsLJcRYT2JF93t6Tbr KPIAH1xPhRWNs9Yaat8RznLCojnUFhn1uD77B3EU+nWlfhWXPS9b7txWNmiy7XJQSN VEq4ftfPlpUlroju6uaPfkAmUVq4lAYrho/T2qX/+pcv+/MHxlKcIfnPIKu7pMUieM I0sgw/skR3jkjn7NgU72gDmhz8J2SOkyySW3W8l80To2O+b7ga9qDH1LkXYoZkSmiq C1faCZS04BR3A== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-301192d5d75so804187a91.0 for ; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814568; x=1742419368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bQ5ilq+qjctbW08HSKcwKvLmj0dzCcpGagg2F3uVrL4=; b=EwlCecXyQ9/dvlC+iwAwH63fR804OydrCjaEibPoGqF1K6DefjVVU7VDXd7bjGOaT+ xl76ooaSKosPO3FzsHcyy7gopZu9oVv8ROjvRpBlmrKRcJULJWsNcWzRJjnBIDspE58k Oq3gPFCKu/rW8VsE7NJMfYSQ35+9Ty6gY7JKI88vA+m4p0ic1yqr9YFfxy22UHN4qK00 nU8abWeAVRh4L+qFVYjGGXdRFK4EVUpesY7nID7FZuEIsSGtTXBDP/3EdieXAqcv/xvE /EOli/UU7K1+h03OzJIkJT1kvR/jFYLoR/RHQOrAwWFj2BzSPnngXYyvHPME24xtVe5G Bb0g== X-Gm-Message-State: AOJu0YzNx8nF6nftdHi1SYynKifuMl2ScR4L7lxb6o+4xym4+5VHxaU4 pfUIrzBjvSEkOLyIgwGqF6dxxgx3YLITxvcZLbPfSs/mvfXYd4y+9HdCbFYWuYT3sS37MX85gL7 ID/wAzP8cwN0fdpwgcCMwhsg+jGTmqbvR7NeK+3Cok9HN4cEX7dBQC5brgrpB1ev3UNuiIq46L8 kjjljHp5lvKNqfsA== X-Gm-Gg: ASbGnctsk1aGp2FKRHgFs7CmUoL/rBrS/CZUkIAipgnyfJ57BhH7WXSsP8c1MwoFfnr y6wucI6ggHAWASyQIvsmYt/5MZzAP7EKu0k+ksbptQ4PS7iVam4fRKdrzidxtwhdzQkhTwFeH6p UYqrxg20BJTI67Ixw8VsVm8cI3WoQQya9vOO/FOsG0M5LP4BI9va/FbVBVWl/l2nbo1Nx8IAP7M rJsNbyl/bxGomryARxFzhAe0bEXO3Nw0tnzRpPRSNY67dnnFIjrC5g6Ldz2P3OGBlN17gIq4I6f lCZQArvfiKU8kkU8yP11UDxafn8VyY3CDSDYWNZtC1camFBOXjEperoa2bJoTmR9bMgnZW0= X-Received: by 2002:a17:90b:38c8:b0:2ee:74a1:fba2 with SMTP id 98e67ed59e1d1-2ff7ce84c7bmr34243259a91.20.1741814568678; Wed, 12 Mar 2025 14:22:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE6kNFGkR2Ar2yfV2Wm7/OWkigwZeggzkNDef+VFj2HbCWbxEzVxXle+EcNd+qkPs6JAUusng== X-Received: by 2002:a17:90b:38c8:b0:2ee:74a1:fba2 with SMTP id 98e67ed59e1d1-2ff7ce84c7bmr34243239a91.20.1741814568350; Wed, 12 Mar 2025 14:22:48 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:47 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 3/6] landlock: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:43 -0700 Message-ID: <20250312212148.274205-4-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Landlock currently does not have handling of O_PATH fds. Now that they are being passed to the file_open hook, explicitly skip mediation of them until we can handle them. Signed-off-by: Ryan Lee --- security/landlock/fs.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 0804f76a67be..37b2167bf4c6 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1522,6 +1522,14 @@ static int hook_file_open(struct file *const file) if (!dom) return 0; + /* + * Preserve the behavior of O_PATH fd creation not being mediated, for + * now. Remove this when the comment below about handling O_PATH fds + * is resolved. + */ + if (file->f_flags & O_PATH) + return 0; + /* * Because a file may be opened with O_PATH, get_required_file_open_access() * may return 0. This case will be handled with a future Landlock From patchwork Wed Mar 12 21:21:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013918 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B39DD1F1307 for ; Wed, 12 Mar 2025 21:23:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; cv=none; b=rAaWv7tK2SmjfwEEFNhE5rduU8xquaCzKehrkDLnKO6NzE4M0A1/n1WeoHfjD7cHDUtqt/PfkpWJ/ZrVEiFQwDKG8Hu49M3aYXuLpqazRr5hjQ9LyLzY9K9XRXwMZ5iT/FqKQYnMuOVk8r5CJJxaO1Jztd0/Qv5pWRSko7rmdkE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; c=relaxed/simple; bh=UQi4jGJd9JPX9q54M13Eyu1joQsCWppMerqI6/F5Zeo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jjRjsJY21M752U7+mn4kMr5VOSWEA/ALuGBpHw5FJcQ7MVHuSyI8GEtVr8yZSJRRlme15oBXLZOnOVMw8q8kFyaY9IXHafMCYCXl+yikL1/NpKtWDY/84qvkwfzxgdgA5T4RZRFeXQDsmrePVKhH8E15XHTsqA22FG4oaiTn1WE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=NusxHpgG; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="NusxHpgG" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id B4B663FCE9 for ; Wed, 12 Mar 2025 21:22:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814574; bh=vkBChevR2KYwwFZBDZ6M820pfzcyPKZb2PO3mstNSrA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NusxHpgGw0gxX62Mk9uf3yyp/VTF1wyvz0njNHfAiqmFtaE2rBE95UKz8pNvd3AK5 G3GZ3EOrs+/vJei6clUU1hr71nYggBLhji5hORdQ6u8XQyVu+kdEeKrUX3fPX6eoC+ iHRkYC31hxN1ir/AU4zwAMH57EfuEXF5uLE1JnUf5wOIIEwIBDa+yTUd0UnkwIv6O5 xhNL/Z5BBDhdsIxa8ss/SBMtFOo0m5FwttJGFjP+Axof9yt5Bv3dccgRa2enJ0kCVj /yxWC60mQMg6g8POZq/N7/3VimD4nYSmzVVSc60IfiKHf3x1dY8agRiIth74JfQlKK 3tf1eaWBPCzfg== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ff6167e9ccso734410a91.1 for ; Wed, 12 Mar 2025 14:22:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814571; x=1742419371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vkBChevR2KYwwFZBDZ6M820pfzcyPKZb2PO3mstNSrA=; b=qiSys3FRix4HsgX6Bh1BnSM7stJ+BLHmQWI7qgSQoi8Teq0jMylvNTSrgOz8g2M5tr 4wIpqhoQk6Sv0HrzAhIjFZtcVfr0oesRwby6esSJK0Ffh293FzuPxQvHws4fXZFBrhc1 ccTvsvxju7/LwEAjc9Zu2PuQCfolBXGDvRIUXdobUnqJkFY83SaBSRHX15wmYM96rIQk 8YItf2ZJmrjXl6hS25voHv8BsfEw7bxfy9cHcrQMFf2PdSSMyUWQ7oi+pdFdf0jfx+hF UoABGk3UsXq1wLos5L2MWza+l4kBqk30gqcxdciwRSC6Lvnv3BfelVJputpUFCGclyqV h+3w== X-Gm-Message-State: AOJu0YxqG78h3v5Nbbn4WLNuNrT2GVmEZbDOY2c4yS2CwPNuW3yNHa/H v1NHpZHS9WFw2JRmmq729rawVLQjEkfsiJkBPrbfSZjqmiuQ8uvGyRXB/hIRPV2lITU3C6Mtkx8 eJ4PpezT+Yk/KVmYxVjhYyiHHnkqrwPFw/oweD7Tx4kC26wwD+87wizR11RUqeksnwEH51tbfY+ xc096d0L+xoM7P8A== X-Gm-Gg: ASbGncv81D+v+mhnb6rGGh+31H80GNrwXlxpnHO/fofnGeynjb4IYazFP1S+9VtzCD6 IkroYT+NPyIOCqgBxmyFyPd09tdLknDZoNaHbt7CyAauBRhtSsjUtYfgB+Upm+BFmfDdn8JL2h7 eYjU0RDdiexi5iweVQqa/z0b96MaHGeCqECT0lKZaAUetfLgLwjgyeSaq4eaxTETXNecvhMP611 hVE7/npyxEOznrl010GqbF+X1Z/VoNHxCo1pzyVGZL3Pmy2Yg3yhmvDC7lb3NgwsnFm/mgeU/no XmUKpzKzOXDNRax4z/zH4FMnb2Gb1Pps6myqlISH/Zc4AFuzkCwroijXSujAJ7F/uLFmq/Q= X-Received: by 2002:a17:90b:1b05:b0:2ee:8427:4b02 with SMTP id 98e67ed59e1d1-2ff7cef76acmr32847514a91.28.1741814570792; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG2zy2F9PoKbQMeK6fUS3X/Yt717KlC839Q5G4xkP4Nr8/wnDbMYJ8pDxU6TgdAPfQxzzejkA== X-Received: by 2002:a17:90b:1b05:b0:2ee:8427:4b02 with SMTP id 98e67ed59e1d1-2ff7cef76acmr32847501a91.28.1741814570519; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:50 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 4/6] selinux: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:44 -0700 Message-ID: <20250312212148.274205-5-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/selinux/hooks.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 07f71e6c2660..886ee9381507 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4009,6 +4009,11 @@ static int selinux_file_open(struct file *file) */ fsec->isid = isec->sid; fsec->pseqno = avc_policy_seqno(); + + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (file->f_flags & O_PATH) + return 0; + /* * Since the inode label or policy seqno may have changed * between the selinux_inode_permission check and the saving From patchwork Wed Mar 12 21:21:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013919 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB6BE1F130D for ; Wed, 12 Mar 2025 21:23:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; cv=none; b=joRMYHKs5o57c4gfJcttWr/pAW7vmp6N3vyBvfhdebNwNxcLVPBKm8T32FNFPEYEULOZq24VwzEo/nW8St7X1G4JxXddKNmy3H1vP15eJqJfhGO9hZ5DfhjXR3ppOu76s2lqiWPOjoVSMEHN2Sq5Qdqwbbo6tVo5p3j7ehQA+uY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; c=relaxed/simple; bh=G2e3iolvH9qEslV/akG34i7cS7UuqJvA1p2iiSDOzVc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PthjYb635uazI0uc2HJ0fxTT2/YeSktAUk0HK7VL9y002r542DnQXTt6e4gWqS3Sf7UMb+Xuyi0lSrzbvPnVfs0LXBPoTEKWsGoUxkn51NhI/Ryb3izJXojK/Kz7C+HSXwFR4KlKG3yRSdm7KU6PNiB2FFaqzmig97WVoQnE4aM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=e8JsmYR+; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="e8JsmYR+" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 46CFC3FCEF for ; Wed, 12 Mar 2025 21:22:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814576; bh=yf0KmmK+2JCiuqTR1dE5uJSectdXjdHO7BaOi/Ze5/Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=e8JsmYR+bmqnDO8ig/JUHN+ga3YznlIadNIojqds0ZG1L7WDRwkxHIzpzFsneg+E5 0srcB3RsuXrVQ5MG3MWonPvlf8gfMjjod2u4SMJ1jKnC0UuERRgmiAAHp8yoB2HPqZ OxVkH+9w2zXikhY0F60PuuRqZ8yIxDBNw270dYrgm8x5ikmqkOuzFuopIOVY+vBCWl 2kfer8F4Vb1RE2Bndr4A8Gvfo81TDQvmFaoy3spv8NzsLJOeWyRc6y7rGm46EJwmsh c5kDw25JpC45ZMERGVjT1glEyxSBt7zUpxa9mPK25tYo4HOZVYsTDlJ0RimYfqc0Av HWF62R3YHdccw== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ff6943febeso480138a91.0 for ; Wed, 12 Mar 2025 14:22:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814574; x=1742419374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yf0KmmK+2JCiuqTR1dE5uJSectdXjdHO7BaOi/Ze5/Q=; b=WY/7DgGIxhxKT2Ehv9WOkNEt3/NvqaifTkUp1MP2tJgcTN+r650oSUmlIyNq0f0HuX k2RB+SnW7Tf8NS5z24TH4riCTaLEvIqooAZVWomrd1OVimQPdmixUgO1K3rqlextP/pm cQIg0hJYegZ+z0MMB8lfmBcWpiWX8a2d5RknXvOGQIF4c5xEx4vI7n93DS57YY3fKb71 aVb3kpOtp9EqGX1PExEXc6M1Fr8Ft8NtGwAOMBoRmRewTlD4mDzBxQ1WEUZTl3Mg4Jbo BeLdMvGuPWjgnaDl7qhJBTw1jj2N4XsjqL1uorEPla13LbErQMnvCByjnxlY8B77LaBH jL/A== X-Gm-Message-State: AOJu0YyZma9Hzpz0MoUvXuxTaoqMcNxiLsFpJeLJAPVdLjrLXpsm39Il 3fkq60KJeLXv6BGgs5Sp/YtkUtTFyQx/exn/j6dx7EfVFj+aoCU4pr5uDmyioCdouSPNx5cBK+5 fULjHxcfQ4AeeT+FkoAQ4jWe95FgEo3gy/qyiw7nq7Aqr69cHjqN6JKp8dZQoY7t5Fer2gp49Xs nPVmFnRHeS/rnn+A== X-Gm-Gg: ASbGncvxPmttEKGSXsXKRceMVnHsidjhfbPXtVqxSz0aIIvC9zPF56tvIfAndBJ8Hid 3PvwiSGHiIF/q+Hl2pjXaL7usA6qecD6VgSXLX73UNGLcQLFtH8d6ZKVuqlESmJ78kMceGQpeOX eEuqd5v/rVMoEzAQmrWrFAb1XtziD2i7fmvAnGAbOuk0ro5iWxLhW+pOdTFtL/DNaJmvMy02Fo6 MITxSm8hrYQAASlGp4apqeLhypMMH7DrGyU/ldrY8X5vzu8h+ovBmQqbbrCM6D4MiBHPlNUUpTV QenTmYJHAzLzJQ2oJfDVl0NWaEPzmuB53/UkgIeKf/c7QqZKml28Yhae7FTHv8AElya9zt8= X-Received: by 2002:a17:90b:3bce:b0:2ef:ad48:7175 with SMTP id 98e67ed59e1d1-30135f6037cmr88389a91.15.1741814573786; Wed, 12 Mar 2025 14:22:53 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHwAw+1MiMC/B8BNZEJ4oppU1sIELS1vCTl7SNsacHdi/KdGlgg9CgoB/KGdKxX2Zf2vFxSyQ== X-Received: by 2002:a17:90b:3bce:b0:2ef:ad48:7175 with SMTP id 98e67ed59e1d1-30135f6037cmr88319a91.15.1741814572564; Wed, 12 Mar 2025 14:22:52 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:52 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 5/6] smack: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:45 -0700 Message-ID: <20250312212148.274205-6-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/smack/smack_lsm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2f65eb392bc0..c05e223bfb33 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2062,6 +2062,10 @@ static int smack_file_open(struct file *file) struct smk_audit_info ad; int rc; + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (file->f_flags & O_PATH) + return 0; + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); From patchwork Wed Mar 12 21:21:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013916 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 321121F03ED for ; Wed, 12 Mar 2025 21:22:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814581; cv=none; b=dkf07oz/TS4NHOOI95pTQcUWKxng0LslWurVAQHTJ7XRZQm3E+bi/otB3EzltsHxvKfGUotvL9/3wMhtZM8K3GQep8dzATO0bUIDVIpf9q2C+8+At1JoA7Bg7bRm/PaTEAmlmw+1YgMZdct0QaESJ1xSJj6HJ7a3zw27i4Xm9ic= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814581; c=relaxed/simple; bh=nQa75EiYN3ygFHWP5CltgBdCU2YvLoFl9S3DeRklaTs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TSFXuKY8p1nGjE8Mlpqqdu/0Ult2c+JuRyiYgLPSl1VDU4uT8/XreFMvo4M7vBr5LIz2V8CgyMcHPxELjLC6PJyR+ZWAXYWUtUaKQrBqiGSw5dEH4USrvIUwBh+TuebNV22MU9pdxOScOwfSlCPc8mAYW4e8NZZvYeRhb3W2GNo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=MtivOH+6; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="MtivOH+6" Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 8C8753F718 for ; Wed, 12 Mar 2025 21:22:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814576; bh=sxXlT+NKuH/R8o+IpND8qEtQPr3+MVFoHvHlcLQeNOw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MtivOH+6oH6UTK+4oGyQtFWdgYBGpW1BvdIHgh7/qBgWgjWjFrGWySzoHsGKl+Wi1 fYnl06dylR21woajIXp6AXVh9C8ZXl04c1KymASkPC5WuZZvkcBm0TylCB5hKHWSKp 0nHMhzpPgd8O0aqjmT0ROyGy92jzeVKpOuGR9SxD7bxJZphLTSzozF//tMsXqRSU5c 0wTSbuyKJ9bPxuwydT0jholChSKtU0CYNBty8n8j3/wOnjMVxjcWitVhBIqWMBpGPb i1acZ3ZFESWEkR+tosN3uSDjCZZMe67TmqC/IrO8gRxKhOR7FgynA9yqqT3A9yVR2J XIhth+M5B7NnQ== Received: by mail-pj1-f72.google.com with SMTP id 98e67ed59e1d1-2ff4b130bb2so535180a91.0 for ; Wed, 12 Mar 2025 14:22:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814575; x=1742419375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sxXlT+NKuH/R8o+IpND8qEtQPr3+MVFoHvHlcLQeNOw=; b=dxjyBpJ/qBhevSn5KM/YQyb+OLRmGH8ztYUjTtg0CDK+FvhXzznu7KBWzEDMZZxHIu mbLQjwI3A8q3HADxUTnwgC8CtMeyw5PR5hr4XzP3Otc5x5UDh0le5On9v4xL8J9gvQiG Dwuo3iehI2gbY5GzpNXk82uQz4doBTAU/t/gb/L0DCrsgz1MprOkXZbSMFK3CKjXTVOc LWpIiGCC65d3sKi0t27HI/874vUkXf9fnFEUYs3wMYMcst46ym2M4bgJEpMDDqKk0ZAM PxlGqwfD0XmqRAFVMfPOD76RImhwK6/4GOxZHw+CCv8EvZiUghNEwrTXbwEZTfdEfAwo HoSQ== X-Gm-Message-State: AOJu0YxXbNqn8qW2QqTfkD+sZth5pZ1HWpOlNyzIL33QZiw0VhIOoTC8 q3vMAX96xttwvbWpiSGYvSYBY6ylxqNRe0v0FQBKoQnCpvAxWvBjW0CBf1R8+bequkIKoFreZrr 4fVhzfoB4gS4/f/YJP4P8ml2ZdFlMtEyQMivCQtBICF40vLxh7HRdoJGWJvNz5LDMg7MJCSKJbM 66qwrI7aI0pibvHg== X-Gm-Gg: ASbGnctJ0HCJCWGqUTLUCyjAnKLYqhnswo8nbGyTOqTKFrjKLXQMgn+vJUEapclrLhx l0l9UzA/8dwbU4RzZZsaWvYG6ZJ+hg6qAMSAZmfWKLnYmz5v4ulGxO7lukF+Sy+LaEwOgn/V7ue 25luMsGGihC4CCuSF5NP84s1a/eoHYpx74iS2Grisodu8yeSI9Yr/p8LiD82zEEEi8nIeIh2xov hKgE3ueJOcnaATR/htMuKRQV/gOYsQnqchiX0o57XnTUOv8xl19EoYYfesphhkdIaTibsO30A0w cGUd476yhOM4Qry+vXw8jZAdBhqBNN68uHcrKPR6UYFFt04vOv4aefYLImYraC2oV0fVL1I= X-Received: by 2002:a17:90a:7345:b0:301:1bce:c255 with SMTP id 98e67ed59e1d1-3011bcec36fmr4989215a91.27.1741814575224; Wed, 12 Mar 2025 14:22:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF7VJ3I6Ag0U5c89zoKAvdV8xkokC+gkGPKK5VTC7ZbVdDme14D+x+zHYl4u3ZWPKhOLxMFvA== X-Received: by 2002:a17:90a:7345:b0:301:1bce:c255 with SMTP id 98e67ed59e1d1-3011bcec36fmr4989199a91.27.1741814574931; Wed, 12 Mar 2025 14:22:54 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:54 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 6/6] tomoyo: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:46 -0700 Message-ID: <20250312212148.274205-7-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/tomoyo/file.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 8f3b90b6e03d..efecfa7d15b2 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -762,6 +762,10 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, }; int idx; + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (flag & O_PATH) + return 0; + buf.name = NULL; r.mode = TOMOYO_CONFIG_DISABLED; idx = tomoyo_read_lock();