From patchwork Wed Mar 12 21:21:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013921 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C93C61EF096 for ; Wed, 12 Mar 2025 21:22:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814578; cv=none; b=En/eY50jz3xkSMcIchmMC7l93P/ZCfRPJ8M/KMS9OqNYSXMobppdUu9tzemnlgTnjR7y0+h+Xi6sfAVWGlbtUV4cvtC/1mEk9x4SWGsWT+P9irvJU4tscc6jBagg+WKV/BFz4wGbN0LKz8GRi4Unr9uLEA8jSfe6qv0DHD5mgUU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814578; c=relaxed/simple; bh=mvIFvWIp9NnNpqjlb78s7uPPK/9pOen0F/aXj53TS9k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QmTSagEwQ2cU7IJjryhI3JOFUWyBFhPyzJqbMM09M8x+hpEYDNSYrM3xG5Zz/wXzjkMeHK9G+pXNheyYsg61GaqQ+rrZB+63Q/zbPtdYKyOkVXwReWKW2a3uybwC1xni8uofjT3v9RzD7qlD4fu2OXT/AWPA+Z9p/P1FGns/c5c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=uI6awYxi; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="uI6awYxi" Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id F222D3F2C0 for ; Wed, 12 Mar 2025 21:22:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814566; bh=JJCUu0nnTlIAwhQtLazst1i1S2GtJ41RAYnP5gniTzw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uI6awYxim82/z5f5cvID+u84PqHGP29jae936qURO6TZh3kPt3VKdd6QkBG0BPfDN nUFwZr5tefTaOWSeS2C1nLfySfDhDJYGEOMPcNLyo1JercStvR0sjcr8JcA3BSP8CK CXfGsdg1q9o4/fLkUpopNjz8jQFiSWePp5XRQ71WBH3tEa46uHhl24Z4Tk0xb6yvNP VGn10AfZCM+I28zcs3gUYpiRDmr/i5RXMMN9X4f7mX78WGGTZha8SQN7PG23HA38h/ cJTkaQFJ0AFxLq54T1zwnCLYIE7CCBh9gYTmcOsNK5LZUHECkkY8JzkQWJrF+Y0+Jh h412IuCb3sapA== Received: by mail-pl1-f199.google.com with SMTP id d9443c01a7336-22406ee0243so3064025ad.3 for ; Wed, 12 Mar 2025 14:22:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814564; x=1742419364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JJCUu0nnTlIAwhQtLazst1i1S2GtJ41RAYnP5gniTzw=; b=DVIuA8iTcq+oYZWAmxCIBcygX8d2MnxT0Ff5qqFmqhwK6IW9hQrzVbhtbbPvYSfmBr deeBfqZruTuyUfa1/++gqtvyj8xoIEJMdviQhkdEhkiERn3jQlHjuV96Cga3H9NPBrL2 lEyTERlZ8BONVJUYDJi1YG9u9lPlFA3AmxuWGL2ru4edmYGyCsQI4Y47Gj0j9G5t3z/H v5Stdf9TU6H5pO3GgMX7yBUtFxsVd8ui+DlZxtKrTrYpcFYnBLs1M7/Z6rijkMNnchF9 GHSTTJTr8s83f6rkOOiP7fPlJzQmiv3rQdWkxBpd7jRxcu6O8lNULenhAEDbE320CPA8 FNRw== X-Forwarded-Encrypted: i=1; AJvYcCWKXsat7pKOISCDic/xHaI5PsxiD7xjDAWFjZRImFSxFrFI549dpT561+OPPTEFpaKR/HceNYqrXC23qhxI1cEgf8jMtwc=@vger.kernel.org X-Gm-Message-State: AOJu0Ywi9BYedKRfc4eSsRTk9Q7Xt7rq6Fvon6sOotP8P/Lq2l9RapTN V+ARkks1XRDaMa3rRFPpLpHQbtm292Fwy6vIMA/cbE2siJNyEpSWsdn9jL8nw7I4XajtF4hAVIu YBeWXYOtykN4mfwzWNzS4s69/S9P3rbTRNAK7sLDCfirYwrJxfeOEVW+jhTvycYDWh+TmUk7gdJ SJ2hbboV/IJ8iSDw== X-Gm-Gg: ASbGnctlv9abvfvVMJfmGHERWD3iMbOa/y2tAUvdEs6aQVi50rztRiVYqaFEB+/6CSg bOjDmLaT29i1zqA6OTctqv0XP50VCvdt8JhTmBAYsJ6gdKUeSraurk6WCxHM13wL6hRlL8J2EjJ EIf7Sm5burDlHu70NK3jEGbwyj5ZssSrZOP1ezwGLiBbdyKjzqOdrxe8fXS7NgrrDJ5Qh9pVBJg hxZp1XAaP6xf095NfuTb0/ismUeI6LgI1l8nrrxjDFnjPurjEidzIRzmZuJYDpoFNUev+6rX0Cg H+v71MtEz5uybPR1qkgtfV1wrrNxrT1UY5M5Eq8d9+9mMHIbuMcgAqm0GE4z/i08lJ9rXXk= X-Received: by 2002:a17:902:ea07:b0:224:a79:5fe4 with SMTP id d9443c01a7336-2242888681cmr334106855ad.2.1741814564404; Wed, 12 Mar 2025 14:22:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFjVvzREwSOFKw0Hfsl/h89sadLsPdTTQZ/I/XFETV/GwxC6RNVuLWxGdk5FbZ6Djc3RCsmNQ== X-Received: by 2002:a17:902:ea07:b0:224:a79:5fe4 with SMTP id d9443c01a7336-2242888681cmr334106495ad.2.1741814564101; Wed, 12 Mar 2025 14:22:44 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:43 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 1/6] fs: invoke LSM file_open hook in do_dentry_open for O_PATH fds as well Date: Wed, 12 Mar 2025 14:21:41 -0700 Message-ID: <20250312212148.274205-2-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Currently, opening O_PATH file descriptors completely bypasses the LSM infrastructure. Invoking the LSM file_open hook for O_PATH fds will be necessary for e.g. mediating the fsmount() syscall. Signed-off-by: Ryan Lee --- fs/open.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/open.c b/fs/open.c index 30bfcddd505d..0f8542bf6cd4 100644 --- a/fs/open.c +++ b/fs/open.c @@ -921,8 +921,13 @@ static int do_dentry_open(struct file *f, if (unlikely(f->f_flags & O_PATH)) { f->f_mode = FMODE_PATH | FMODE_OPENED; file_set_fsnotify_mode(f, FMODE_NONOTIFY); f->f_op = &empty_fops; - return 0; + /* + * do_o_path in fs/namei.c unconditionally invokes path_put + * after this function returns, so don't path_put the path + * upon LSM rejection of O_PATH opening + */ + return security_file_open(f); } if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) { From patchwork Wed Mar 12 21:21:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013922 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB3711F03D8 for ; Wed, 12 Mar 2025 21:22:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; cv=none; b=T5zjaohg2rKgS2e+omOv7ZPVgC49XVzHTZJnTy+qLsYsK4FXHKOh3WoYbtSxgWmFoXKax7NPv6lS1BtmX+vT+b1jNzr51HHhlgWBG0S3N1qNfWuG9xvPYaLB1SMxRIMLaggiuIQlbXQ7lJ4SCxndQI2MWyiZsqlcf23qZMEvbjI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; c=relaxed/simple; bh=b4+VVCuulTVS3lasReYQ2g8sMWbZpqYEurik+q7TDIU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OVR6aWcMxQYZv8tHv8XIwl2rJ7S31LA7a/gtXOSkDhT6DwWOyHPjNC+8xEONpzDw7h3dmWErctV7wEnYMbg+Dz46P1DGDLqpAXVPXbaYa/xNrvBHm7Aan/HugoiIeiaUQIL536/Ke5E61Yj4CMvXjHLvv7KCAaHrwaHuTX/N+NE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=wXHZQnMA; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="wXHZQnMA" Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id EA5633FCDB for ; Wed, 12 Mar 2025 21:22:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814567; bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=wXHZQnMAbweFyixm/4yjK71qO9242A1HNYoXX/nCd8p+RYITpNU5PZTBrcIvtgw7s 3Cfua9ykXolkNe8sqNhQTewpZzDEo9hJ8v22TSgfp936vThetM6T14br6KexQGwp4n +Isc3riXaRUo2ZotDauFSLzZeYnIW3I/SI1Qh0dY1yv3rC2RXh+bC5LeZLkAE2z9vL hBoLp6v0DiHX9j0JXXrgUEsBEpHG2OiqmOdkIOiyl5ArlJK/AmmvedXelZbphpQSgx kr72q+roBfgDo+g6bXTg0/Ix14ooarH0l/+izy2fDMvlut42EknAd7q6yoQjnPB6Vv WerhTrb8BANqA== Received: by mail-pj1-f72.google.com with SMTP id 98e67ed59e1d1-2ff53a4754aso718877a91.2 for ; Wed, 12 Mar 2025 14:22:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814566; x=1742419366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=; b=tQdFd83ClSH9jk8AX156nRA3Jot/h55anGBu831urGtcBAxR8Y8r5qNp1wmxwsnpco XWHKoXAJgCRXOh8hOTLYedxqkp4uxzi0MQy1EDslCDEvpDSDdOM+YKTuXs8jwsjYeTwy 0gpebThW1MdoxIgYn4/I1sKCnpcBNi0E1YJVBWN6UYdfnTDpSG4GKo4gnvqzzSgwZI0S J9oSjWgTxJyLOby9KfH+bqdnKU8Xx16turatpqr+L7e2Dq2Z2qfkrq16zhZwU78GA5Jd LPVD5pflnjEI1MqeLaOiYhHUr0KSlo/JJOh+pzwf7KBzMsVx/MhVtYp2BFKz65iPOxeu leQw== X-Forwarded-Encrypted: i=1; AJvYcCVlr3Pp+ygKSZH8Q+nG4Dt59WAWk7ldqzlzHSB2KVIc3JQIcxug1qFR57i7Ts2y157VpdDCryHG09Br27w13vlnSdd/tC0=@vger.kernel.org X-Gm-Message-State: AOJu0YxJBBxUHFbsIlGFyTIh7EqJlZ7KiHvhYBcrXs5cmAd6z3y66T7I 4R0Z8FHByxcm0T9+YNO11anvPYP2IFHBTyqrDDUoSla8nDZ0E3OURTYVs+r6UzBx98c0ZSU/kXx nMfWja+ESD1KXwa6SjREy7TwUFnK0H3srMDBiqOcbl0ei8mLveeYOpf4+CBS+8dW2CfO+TsPoVy M2WSThyaEIRDoPAQ== X-Gm-Gg: ASbGncuE/1ERn1wKncK+S/d/6lKTpC/jIStfJHCKmoOE3YemAxB1PbqS7TinCumobOi 0cKBgpfSSDVDHi80Ro1OyATmFREzIqKpfmbW5npnLHmWdR3mgafFEadzTXp6br9RnyeE5biWfEI KWqIFTy6KKpPZo9Q1ykAy3FocEFZj3u4T+clDYuqMfvkqfqDASbaM/hZBALXehSxg092dUa4ZXL Pfqpt3kmY/i5obpaIQD30+oJ9kJNxPJ8EDh/V0d6mZnAxpllIcQS8X4slLM+/0rK1XLg4wgoaGm cnyMs4KWhynW/ZeeUmRRGmeQhqoq+HCul7rRWMKTX1JesROS8rDkTr/amp7siBpuX++k/Rs= X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id 98e67ed59e1d1-2ff7cf2a4dfmr33760048a91.29.1741814566536; Wed, 12 Mar 2025 14:22:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGAh7edf+w4rzXzQLR0fkq9YMtlXCTroL93A1jr+Tsldo2r/RTEDBE9CJvpxWToVeKTIWZWGQ== X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id 98e67ed59e1d1-2ff7cf2a4dfmr33760017a91.29.1741814566237; Wed, 12 Mar 2025 14:22:46 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:45 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 2/6] apparmor: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:42 -0700 Message-ID: <20250312212148.274205-3-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Previously, we saw O_PATH fds only when mediating fd inheritance on exec, but because they would have no request associated with them, we would unconditionally let them be inherited. Until we have better handling of O_PATH fds, preserve the existing behavior of unconditionally allowing them. Signed-off-by: Ryan Lee --- security/apparmor/lsm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 11ace667cbbf..2349a1dd41f4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -647,6 +647,16 @@ static int apparmor_file_open(struct file *file) return 0; } + /* + * Preserve the behavior of O_PATH fd creation not being mediated. + * + * TODO: we weren't handling O_PATH fds in aa_inherit_files anyways + * (all-zero request -> fds unconditionally inherited), so proper + * mediation of those will require changes in multiple places. + */ + if (file->f_flags & O_PATH) + return 0; + label = aa_get_newest_cred_label_condref(file->f_cred, &needput); if (!unconfined(label)) { struct mnt_idmap *idmap = file_mnt_idmap(file); From patchwork Wed Mar 12 21:21:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013923 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB2F11F03DA for ; Wed, 12 Mar 2025 21:22:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; cv=none; b=KzTYvjBkZBiTXuBJwEmf4cILzOUY0jQO+N2AvN38jv+1n3Y5ua1gjO9ZQQwpCa/IhmC1zULoxg/oVL965Q3ilJ7JxX7RskaGq9blIUPdO/JXdFYRR8OYqMwcageRnv0WayQprd84HnyUGc3GyoCEqPCK6QnQQthyzM4yPtLvFCg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; c=relaxed/simple; bh=YKJUOhSAlbceCTtQeFmVs8IFwOcyWaVLfzVCuOajKmQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=itV94iXdbfpWp9rv2KoqXHHb3H3vKzoslk1qVdfl9Y6zXJUiZh3F1waAJcEd2SbRraTzHIRRDrH0LOGbp5VXi8vRhhzDqHVQGGeyaVSBiAGYwcbIUuaMNEamXKAq5bAi94buRZwpCoi4LBC+rwYrCKAzh6zoJn9v/6X12ePeST0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=vmL06F9F; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="vmL06F9F" Received: from mail-pj1-f71.google.com (mail-pj1-f71.google.com [209.85.216.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 828C73F731 for ; Wed, 12 Mar 2025 21:22:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814570; bh=bQ5ilq+qjctbW08HSKcwKvLmj0dzCcpGagg2F3uVrL4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=vmL06F9FBtpJLaaYr55tRaWWAuRysWlSghmlHws+4ccfGIOKu/r09XtkJ0t2XeANd i6mp2xCB2TcwZfGBQQko9G7AptQBV6tAVGPPt+Ny/IdmUxR3AsLJcRYT2JF93t6Tbr KPIAH1xPhRWNs9Yaat8RznLCojnUFhn1uD77B3EU+nWlfhWXPS9b7txWNmiy7XJQSN VEq4ftfPlpUlroju6uaPfkAmUVq4lAYrho/T2qX/+pcv+/MHxlKcIfnPIKu7pMUieM I0sgw/skR3jkjn7NgU72gDmhz8J2SOkyySW3W8l80To2O+b7ga9qDH1LkXYoZkSmiq C1faCZS04BR3A== Received: by mail-pj1-f71.google.com with SMTP id 98e67ed59e1d1-2ff69646218so756867a91.3 for ; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814568; x=1742419368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bQ5ilq+qjctbW08HSKcwKvLmj0dzCcpGagg2F3uVrL4=; b=tcUeBQA2ebEltfV89FQ9zI2LJY1cw7Dw186FC2sCFdbCdznTYSLw6slTGnKQO87hVT /smVD2iDhWS4lvhqVpWEHE+XM4deOMXxLR/+v/EeyqpkidfcWj7fBkuLAvt4nR2bb3up TAf8kvPP7n8xFX28fGAAbY3zifQcHlxBdyaT0mV54RInASuizi4HLNvSw949mDK/ZvJ0 L4g3+wQPG0nBql/AI6q6JbZ8+sVCO72uWDpYe6+N7quTfQt27UnKsAHErN+jj965m5a+ Tf831UF/TZScwE9TG2PMxqi12TcdFvPSdfeKW8/R6lSHntwX8K8pt0hJA7RyJRlU/DVx 4JpA== X-Forwarded-Encrypted: i=1; AJvYcCWmaUv8IqQU4XGexe8c1zrsRBvn/cLE+fGn+R8J+lYkiZ4cXNh4/UR1+jUk4LwZFWfvAZNOEb8kRdph4Oa0AQ5bsCsVjVA=@vger.kernel.org X-Gm-Message-State: AOJu0YzKgDEXQCWhED3iyP1HT1R4TPyF6EfljE1WOXAGRo2laaqvZz1U BIAOauzXsnzn+JC2l4wKdPNDVHUSCQQtTGFfHM6e+QnyomOCHDNCWuFVExObXvnj9kQJA5C8sQO hXPQW+Qr6Ks3Q+qx9Sbq4r9i6d5V6nH0D0+IRq6PcK3Mij7f6plXy0NopPIYzZHnWKWItqjPhRD j1SVW8uI3Yx++UUg== X-Gm-Gg: ASbGnctvxfZQpq8RNqEIyT0egw/zyzTu4s0wkjjMO3zR9uppROQHqscalPBMi6ac53c o6AHJ269uQmCHuaJfG10/LdNLAXypvNNVeJMHwTRv3GhpIe9aou1eQoJLasOrH4rwUXRhSdmPUm O1GSQXSkvBXL+z9Yn/9Tm45XD9vnIt4MPtS3fgwBRBqnDVOviO6YNEGoy/UYjFgjhOXcVWSiWqf L1jsKa2TMPaztB+dj/D1KWb7eZZ22CccXAxgq9CBTMqwucbOqv3zGONvQ1R3tnxVvN/scgSgDMy fQrSJBp0Ej5zDNkFNRFv9tNgbHfvWq3gDi/waPPYaWpy9GbVeHF05v3iyrWO6Q3Qun5lBIg= X-Received: by 2002:a17:90b:38c8:b0:2ee:74a1:fba2 with SMTP id 98e67ed59e1d1-2ff7ce84c7bmr34243248a91.20.1741814568674; Wed, 12 Mar 2025 14:22:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE6kNFGkR2Ar2yfV2Wm7/OWkigwZeggzkNDef+VFj2HbCWbxEzVxXle+EcNd+qkPs6JAUusng== X-Received: by 2002:a17:90b:38c8:b0:2ee:74a1:fba2 with SMTP id 98e67ed59e1d1-2ff7ce84c7bmr34243239a91.20.1741814568350; Wed, 12 Mar 2025 14:22:48 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:47 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 3/6] landlock: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:43 -0700 Message-ID: <20250312212148.274205-4-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Landlock currently does not have handling of O_PATH fds. Now that they are being passed to the file_open hook, explicitly skip mediation of them until we can handle them. Signed-off-by: Ryan Lee --- security/landlock/fs.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 0804f76a67be..37b2167bf4c6 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1522,6 +1522,14 @@ static int hook_file_open(struct file *const file) if (!dom) return 0; + /* + * Preserve the behavior of O_PATH fd creation not being mediated, for + * now. Remove this when the comment below about handling O_PATH fds + * is resolved. + */ + if (file->f_flags & O_PATH) + return 0; + /* * Because a file may be opened with O_PATH, get_required_file_open_access() * may return 0. This case will be handled with a future Landlock From patchwork Wed Mar 12 21:21:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013924 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 760BB1F0E37 for ; Wed, 12 Mar 2025 21:23:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814582; cv=none; b=qs3svHOVpFeVYgrfl2B+UMPTieJ20NmBmuklO2egvlLAybzyy2eGwBJA9EmS0sQJ0p7jb8Xe4lILuUHihqt0mcR+hJoHENb9+PNKbnTWk7O77I9BMOJgHu7mfjmgBdWablTO9aBYOaKUqWnntDcsNs3gnHH3Ba18mCr7ajSLKXc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814582; c=relaxed/simple; bh=UQi4jGJd9JPX9q54M13Eyu1joQsCWppMerqI6/F5Zeo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rXM5KKlnIJj7NZovpE2jgPYck/OY6nud9kxWtm9rooN6RVhd5BnA8c0hVTV01dseQHVSwm1qYApjEPKSHJhb+eYFzqN4AJ2SqywXgIUMglvtH0OCO8/VGeotp8EznvbF1VKjlR82hBvqPBxs9WcodjUrKF+F9RGAdM/sS+O9aHI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=IvOTjGfD; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="IvOTjGfD" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id BAD7B3FCE6 for ; Wed, 12 Mar 2025 21:22:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814572; bh=vkBChevR2KYwwFZBDZ6M820pfzcyPKZb2PO3mstNSrA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IvOTjGfDOeV+7+jE5ZqGMXYIHwZItB9xf/HAArSEziIzzlTQNFfUXLiJfjoHChKc6 h3iFkco6Pk8NOLVR+QP231nD11eRWUcjQ9PKNf+xUInJihfTnkVW0OF0Vzgbmbrym/ ZNi0MWga7/ZvB2PPPfWU8IVqeG8y7B+p1Ky6F3jj4tnmV/Tcg8IUi10X0dz3pdqTUE 8T1cv8Rd51VoJNsJEUKXUQFxhuMdap0kCOJBbnLpn1ditlC28yGy6yUGvfzb14UFCe GYhHVDjRU4tnqiyNxAxw7LJN/sg3jrJYUg8oRFMkUEmicM+j5TnNX2uBRYsKDfYiwX un2+Kx6NvCpww== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ff53a4754aso719010a91.2 for ; Wed, 12 Mar 2025 14:22:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814571; x=1742419371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vkBChevR2KYwwFZBDZ6M820pfzcyPKZb2PO3mstNSrA=; b=ZKn7mVHJzbpPxctg2G1NsylOEmC7awOJzQ07wAVKWfpDSf4sSynmG5ibEW/fcuXhHo z0UK/mjFrwf8+3F9TjuYY4NAJp6V+NQGPUC9SZbSQOmZ7KN3vmHe5hOjrHxN9LR96L7/ JIpcc+mr2QeygI/kpbv5+6z8K+uP1QtR+7RH88z42iadS4eKqAQArrB12xq4fD+N1ibv MuTSi761A/D7+me6EmrJFtUlnF1trCagN9Ql4ZdW2nbZUDeMfullrTj7fl2Mp73ywRdb UJNKyRA8BbCJwYb6AfZ2Jl4FKkKafbpQLX8LkmMRINKYfk/7gQTmWt/shLygYLMvaiH4 eQ3A== X-Forwarded-Encrypted: i=1; AJvYcCXyK4iUOj8cV+EnGQixTyXb/tJgFVlOQeVSMNnIvKxZZ9aIfPxlBWUjWVRF0bUAdcT2tPE24nkYmzequpFz0eFlPV6r1+0=@vger.kernel.org X-Gm-Message-State: AOJu0YxMmub1G/U+JkHOZBodxxsdhxqNUi5ISOCREdefRVRHsSOmHLjM oPL+bTU0FCOja74ndyM7fmjglb0wet6ywgKgKJmZ8D4zP1Lbp8mA+dAz2rguyCvN2pH1jeRy6tI BG54UiV6cNVVXLYyT4OBn/kTkx9EIBHxxwkgHQT9terxcUEQJYDvFpwPIedCBhYDvzQ/ZOqs63t Qjcow1OxVwFytdWQ== X-Gm-Gg: ASbGnctsQNNTADQ+eEyjLLgKmOcz3G4JH+9YXyIuKvrOm0uTLS7+ldiNqk/TIYIZmQ+ nk6g5XTF0s5B/tR0M8p3UEJVHW74TsEwdr4ZpUTyyTgXK/lIe+1a0mB8bQi5fFOY3uVYXJeDPLt bLxs3ATBdrje3kVpxdgwfebvfiOzgXbDmrD3sWLsRLouaW9MRXUpVHcnt7sK6afuoXPSfHVXNCw 7GCgkL3G2KRzHSiZGgKkOf9QnXWgbmGdoGKFY6mgBhz+nyUD+nT4YFyFi4K9nF/Ym4rOf1mCaGa oG14kfprAgRYFUbDjSMDj8O0Lb/D9LXsy5IHGRsyD6olZ+IjK42Por3DynwV+itpP1NX2nM= X-Received: by 2002:a17:90b:1b05:b0:2ee:8427:4b02 with SMTP id 98e67ed59e1d1-2ff7cef76acmr32847528a91.28.1741814570801; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG2zy2F9PoKbQMeK6fUS3X/Yt717KlC839Q5G4xkP4Nr8/wnDbMYJ8pDxU6TgdAPfQxzzejkA== X-Received: by 2002:a17:90b:1b05:b0:2ee:8427:4b02 with SMTP id 98e67ed59e1d1-2ff7cef76acmr32847501a91.28.1741814570519; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:50 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 4/6] selinux: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:44 -0700 Message-ID: <20250312212148.274205-5-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/selinux/hooks.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 07f71e6c2660..886ee9381507 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4009,6 +4009,11 @@ static int selinux_file_open(struct file *file) */ fsec->isid = isec->sid; fsec->pseqno = avc_policy_seqno(); + + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (file->f_flags & O_PATH) + return 0; + /* * Since the inode label or policy seqno may have changed * between the selinux_inode_permission check and the saving From patchwork Wed Mar 12 21:21:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013925 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 798B21EF0B2 for ; Wed, 12 Mar 2025 21:23:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; cv=none; b=joRMYHKs5o57c4gfJcttWr/pAW7vmp6N3vyBvfhdebNwNxcLVPBKm8T32FNFPEYEULOZq24VwzEo/nW8St7X1G4JxXddKNmy3H1vP15eJqJfhGO9hZ5DfhjXR3ppOu76s2lqiWPOjoVSMEHN2Sq5Qdqwbbo6tVo5p3j7ehQA+uY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; c=relaxed/simple; bh=G2e3iolvH9qEslV/akG34i7cS7UuqJvA1p2iiSDOzVc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PthjYb635uazI0uc2HJ0fxTT2/YeSktAUk0HK7VL9y002r542DnQXTt6e4gWqS3Sf7UMb+Xuyi0lSrzbvPnVfs0LXBPoTEKWsGoUxkn51NhI/Ryb3izJXojK/Kz7C+HSXwFR4KlKG3yRSdm7KU6PNiB2FFaqzmig97WVoQnE4aM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=e8JsmYR+; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="e8JsmYR+" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 3C2CA3FCEC for ; Wed, 12 Mar 2025 21:22:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814576; bh=yf0KmmK+2JCiuqTR1dE5uJSectdXjdHO7BaOi/Ze5/Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=e8JsmYR+bmqnDO8ig/JUHN+ga3YznlIadNIojqds0ZG1L7WDRwkxHIzpzFsneg+E5 0srcB3RsuXrVQ5MG3MWonPvlf8gfMjjod2u4SMJ1jKnC0UuERRgmiAAHp8yoB2HPqZ OxVkH+9w2zXikhY0F60PuuRqZ8yIxDBNw270dYrgm8x5ikmqkOuzFuopIOVY+vBCWl 2kfer8F4Vb1RE2Bndr4A8Gvfo81TDQvmFaoy3spv8NzsLJOeWyRc6y7rGm46EJwmsh c5kDw25JpC45ZMERGVjT1glEyxSBt7zUpxa9mPK25tYo4HOZVYsTDlJ0RimYfqc0Av HWF62R3YHdccw== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ff8a2c7912so450378a91.1 for ; Wed, 12 Mar 2025 14:22:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814574; x=1742419374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yf0KmmK+2JCiuqTR1dE5uJSectdXjdHO7BaOi/Ze5/Q=; b=n3cWZC84cKMefsL27N05bkF5TifKp/6OFMpu3X/VcyIBaqfQPEHDrYfgGc5DXnIJuk KL26PWiHrdKiQydFNrfFZCxU2D0f4btd8osXxezxM3PzjhqvYNOHfQAuV6h6YG1f1sZE EmBfVQSKdSPGjqQcceRgmE2IDcyxFLbhAyUD1BqyKCCgDYZN+/X3WT+2yu+Myn/IG3kL N2MYRbKAhrcxsHBKQG1t5RHYmV6V00+r2BeRaywY7Kjwq5iPPpPPAPd4FrWmBcKslt/c jGprOWM3YdhmloJ0kEj/w5YTU9Qn/O0JkvULcHM8vg5ydrZEXWt7PHE9pakz/rTDAGDh 8Hew== X-Forwarded-Encrypted: i=1; AJvYcCVNPH0IJnup0yidy9VFOG8UFPmfB+g25JUljaTp1Yt0Cwo2yMQXCkFwjivU3+1sn8eoK7Kj2eQeA8ZzkV2/JYrcJrA5KPY=@vger.kernel.org X-Gm-Message-State: AOJu0Yxx5WnCaCUbzKYxdsOVwQtD0d8nuT90uSAv51yx5g1le39cOMzF KFOQqB8BqNgV93N7qCygkKxwL/Q2q2hWbBgO7vWPjDi1SFqEBM3nU3BAzVsOXSnj3Usk2jZfeg8 6kwHHdDYTzRbEiMA5tAo2Xgx0zWh1S2FUFPOTkl+BkvEj0QNgWkzLmPF4lwlR7yGxPotN6bwGIM HdYpKrGnEAZJsNLg== X-Gm-Gg: ASbGncvA14kuk2UtsCe1wNOvV6qKcFUSStxAuhkUvktbXD5iI63HuHtFz3iB0znZ+Yl Xhc70WGon5YiUFl/jdXhF/JVHaiOUsxzxfgYrf23NFaNvYQM1va2sKJcRL6qAYrpIG6gtWzPRvf wwr2/htS8xyg666F8/YCHdqsSawpaciStlz7GlR2a6j30MLUTIiBbmPUQIJJNa55gOI6XxajLC+ aOQ4mI7S0mE8gqPECTD5OQ8A0gzwCFwSQSOKmHLTNkLby8FNyk/zXv72HFjv2qTHZgGtPiLgffK qTBVXwU8S3nhHhKIe7veO25HBd32uRdUIDFvOBCKqnhvNNB+LayxwpRxyk1FB0yIUtnFPDo= X-Received: by 2002:a17:90b:3bce:b0:2ef:ad48:7175 with SMTP id 98e67ed59e1d1-30135f6037cmr88386a91.15.1741814573785; Wed, 12 Mar 2025 14:22:53 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHwAw+1MiMC/B8BNZEJ4oppU1sIELS1vCTl7SNsacHdi/KdGlgg9CgoB/KGdKxX2Zf2vFxSyQ== X-Received: by 2002:a17:90b:3bce:b0:2ef:ad48:7175 with SMTP id 98e67ed59e1d1-30135f6037cmr88319a91.15.1741814572564; Wed, 12 Mar 2025 14:22:52 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:52 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 5/6] smack: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:45 -0700 Message-ID: <20250312212148.274205-6-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/smack/smack_lsm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2f65eb392bc0..c05e223bfb33 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2062,6 +2062,10 @@ static int smack_file_open(struct file *file) struct smk_audit_info ad; int rc; + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (file->f_flags & O_PATH) + return 0; + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); From patchwork Wed Mar 12 21:21:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013926 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 479B01F1507 for ; Wed, 12 Mar 2025 21:23:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; cv=none; b=iSzEPy2U7NS+Vcnh7cRb1JVUsTIgin9lEpjQL5m1DAcG5SUfqY+XHWHyOTXksiWZJJohRaO1HHMRqR+IdeoMtJRDe6pTd3lobY77o7vyBpgYZLFH+AHR6EwiVjTH+suujqPlopTIzpKk6Eb7zfHGcZU1/3vsPUYOUXUdWmi0bxk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; c=relaxed/simple; bh=nQa75EiYN3ygFHWP5CltgBdCU2YvLoFl9S3DeRklaTs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nZ6EJEc+i0kXBNndDRfDx4h+Kg32T0wUMBCcmGDP5Ad96dDT6nOAdABD8Qs1lB8r8hQmY3XoeJrfL1MZY3d5CaGLBcK0944hKg7MfUYxl8mIKaZHHOijFaIp0F/pdezPShClvzJw4Qzi11ExE1ohzAtj25nakdIH6goGw1V4RVI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=Nz8L175s; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="Nz8L175s" Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id EECEF3FCD6 for ; Wed, 12 Mar 2025 21:22:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814580; bh=sxXlT+NKuH/R8o+IpND8qEtQPr3+MVFoHvHlcLQeNOw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Nz8L175sgLMTMSxALgPazVZslWuxpLOb6BjhTDWtsIVrXJqWcOSJqrv70oAUpBspR fXe7NKhmaFroXjEbbUAcHVS6X6hZZUgY70gJfhebRcByyz9Ree2UWlJRT5uZSSaz4N 3Z3+Fuw/I70K4YaZjfTuZugMRCmfUvpkwG0GjRLu/iW/iLCnRcdbS3rALEmvZSfYVw h4xNg/WP62ONN0PIM9BbNixBubVfh4RqG5FynkbQX65CCJYwRNxJGeKETqOkAL+23p yaPwRgU5vykJbTrr0/wHJuAdOpmlTxzn38N//8zk9tsYYzXXKuk2nruAW6uPrMBYpG m8xrz/2CTCRTg== Received: by mail-pj1-f72.google.com with SMTP id 98e67ed59e1d1-2ff799be8f5so517161a91.1 for ; Wed, 12 Mar 2025 14:22:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814575; x=1742419375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sxXlT+NKuH/R8o+IpND8qEtQPr3+MVFoHvHlcLQeNOw=; b=ACAWylTxWC75BrxLkLpwRe0+pN3zqcUhPc3X1NnZ7JHgVsp4fe5FJWVOI9xHUAKde8 bJwGYPQpwyo4VxI+1aZ8FSlPtbrYylfgA/4HqWd1BeZDfqZHRcr37LPCnBELmOI0qVep 48aZdyDeN/IjFS9GGewAD6k/gJRRYNqenKjnXl/H+Rc27lM9PAYgEXQKesLuTnXGqroB 4JYDN2CLcLN82z5ZdTsZB0DqU/sqkRxAKUfiJDS1mfXZOD80lEPiahPfj4brpVR/nTcc cMp6O8YMPmIkpB6845jt3uLfItUt0sgocCpg5Pvy6TMabuXQUjxVttamJApoP81JyvfO r3AA== X-Forwarded-Encrypted: i=1; AJvYcCVkyCJRzfKYts4wX3Tsq3h+uEGO4deONLA9oP7UmPIJZe1oBzFd/p22KNr65Lyd2q43l1zS/plbdem03LdMFN/Ksvx9GuY=@vger.kernel.org X-Gm-Message-State: AOJu0Ywg94TXpG0MdHVzLEv9Wy3Juaz9klQz2gYtdg6JgpCJehtJBiq2 gz4D+jHlV+K3k24JgkpJz2ps4rxtB8gwCBoJUaeZlNe3MEmibqTBsPe5SF1PyY6P9ufrfjansiW MdYxSdfLSCdwG2BAkLmH8amhOqs0jQ3A2ydfS+dECFUG5Xe0XoVw2zxiJPQkIWvXGLG/9DQnnsi aAg9StAI/19+PBqg== X-Gm-Gg: ASbGncvs03a+oMedSBjja7l0N22XPANiEYmv7PBMkboS4KRil8Hn/ES27FUgd83NLsk nAqRVrzjNFV+KJTokKLqrZtDsBqnHk9FjZ4GLi7ApZaUYBO2iwDB/DR2+lB6hxBWXGVT0xbloCN ovTw8XHY7iV8L8Nvwc4KGX4En126s0MiXoaL8Yq5ykiSVNhrG7gUbQ1jf+rY7PnS226bGTOsG3j 0tMTAz+g1QRcYG4HphXATlHZHGPbBfT8VgrycOWXmtCjsp9lI3az1vHaUY+1lmafGyvk+MkZAFs 9zVWyGAnB7+xu3w+4OsPYqQcvdmWjiEnvAVRi+0nj3h51aDFWGdIodTU2F1ZFDp2s/q+ZWQ= X-Received: by 2002:a17:90a:7345:b0:301:1bce:c255 with SMTP id 98e67ed59e1d1-3011bcec36fmr4989213a91.27.1741814575223; Wed, 12 Mar 2025 14:22:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF7VJ3I6Ag0U5c89zoKAvdV8xkokC+gkGPKK5VTC7ZbVdDme14D+x+zHYl4u3ZWPKhOLxMFvA== X-Received: by 2002:a17:90a:7345:b0:301:1bce:c255 with SMTP id 98e67ed59e1d1-3011bcec36fmr4989199a91.27.1741814574931; Wed, 12 Mar 2025 14:22:54 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:54 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 6/6] tomoyo: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:46 -0700 Message-ID: <20250312212148.274205-7-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/tomoyo/file.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 8f3b90b6e03d..efecfa7d15b2 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -762,6 +762,10 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, }; int idx; + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (flag & O_PATH) + return 0; + buf.name = NULL; r.mode = TOMOYO_CONFIG_DISABLED; idx = tomoyo_read_lock();