From patchwork Wed Mar 12 21:21:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013927 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C936C1EF091 for ; Wed, 12 Mar 2025 21:22:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814577; cv=none; b=qvylvNj6EpE8F9YoTvOn8dMIrc68Q/yRg/Vb1TSwgcAI589Q1WfxXJn+zVuO1hhLw9zo6QYaIxSlo3g3uZXeivHlCC3QWN4379JNtDDp0tLZWDFE5/6VzNx48d5xo46EOfR5XoXkPF8uHU9CVeFTtgtGXYSWQVSZqDsKrLzDYGM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814577; c=relaxed/simple; bh=mvIFvWIp9NnNpqjlb78s7uPPK/9pOen0F/aXj53TS9k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YLEGP1P5iZ/qiZRblCFIJRKtZvurkM3WytutlCnPyGqNRgFEVH4xT8IYZH0luf2yyc73LkFKY2BA1RLpfJ4QJeecGrr7l5IcKjqxH4ZI/DOzId3B5LsNzKCvfUPO2P8bo3vRTNjrbeT6FBsgUveha/vigppWYVVufHciuyN3vXA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=aYQejKLd; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="aYQejKLd" Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id E71213F2B2 for ; Wed, 12 Mar 2025 21:22:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814565; bh=JJCUu0nnTlIAwhQtLazst1i1S2GtJ41RAYnP5gniTzw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aYQejKLdGr5ExUmspDdnU4wPFXdH2B9XIl3jyJjix0AkrBK9MGcHnrPzRAu8tUxiD CgXF22FNABlCdCQFPRkIuncmGmy1MC2ACreWoVAnL4hUfkdlb6R5PNo7hXHZ5exizm nLJqAVl8zkEerBQidWAbFE061ZVDq1+HFicGaffj/wZ/1XyXXqr7ckr/I//oWYPfhY PST0r1MN8uJoG2WOyw1/4gYYr8RLnWvVe4f7K6fJrf/qhrVIF2JtQcojxe2sVjJssG ngO9tp/zB0TVsprWPMtZTdrE4MoIjrgFk+CTIUNt9FIacnlsZwjYuxIpr3Mn/P5zC4 hitZsvYit1t3Q== Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-2235a1f8aadso3652765ad.2 for ; Wed, 12 Mar 2025 14:22:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814564; x=1742419364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JJCUu0nnTlIAwhQtLazst1i1S2GtJ41RAYnP5gniTzw=; b=PruLV/Bpk2wJJr2RtajJn5leCdB4qeJqgCVgETaGWfuxRuzr5yNA/knPuONwK4BMeV YirJ6XM4OHdCRaRYDXLtjrUw0ilQ7iGolqVI8YLP/C0Z3gFzCW44PrfGGkAkoaZeJXqh 6pY0PSNN9dZ2MTeQtfukEsrT4vNPmFabfeOVE6Mrs1QJChwCJFfBcmFXmiAdB/8Fj1ok 6gMPa4SyRwKgZdbnTUW4tgP+a4q8yRoNhlf+fjo+5AWgzbjQx6Hv51zMyQFBIpuULdp4 X+OE6wfexfHMSk5e0wJYx8YIROUZTv57RfLRfzT62LzgknhY3YG1mk0tMd38E7q81aeZ KG8A== X-Forwarded-Encrypted: i=1; AJvYcCWBtsfGITspy79ClIwt32gpY3MVY0XEoni9F0NwsJyENyak0/SDjkTM/VkSh5OtNs/b5Bjq6r1V@vger.kernel.org X-Gm-Message-State: AOJu0YxECnzfk5nF0/VzXJaQiq0hVehyWLkHklE+mDreaBSnHbkHZxKO BPP+iTWSSFLFNKkZq6Lcd7ZQC3H2NndNcRKf/YDvmuMDhpZZXZ4QagS4+nG/9tHk6zce+ipt/Gp YY0IRLyZ/DjMMx6O6mMyabFIur2uO1A0TgWXpnkV9FHR63CmBcKgowtSR3oHUolw6hxNMJYg= X-Gm-Gg: ASbGncvlrnJDABl7sF1W2Z6cdCxYDtB8dAoy8JL6HzMOJJF45QAs4tVB/iMWi5FlTcz EBzbr2IuJbM/v3Pen5cn50CGbt8bCIu+eRr/lKduErazfxUWi0P+adQVF2WRcyXEbrwpDbE8zLm blfezM1cSIe5pvNhkm6z4c7Vlr/AHvgCD3ytip6lVXI9g9qLPoegWChT4NoHIBLq7FKnn5vg28c WJHL90xBdym5GN1AC+CrLlnEWtbWgWKv609PbGJ9wxVPpu7tPioRmWOcnXEJyB5G0AHtj2oshfu u1QcTI5J4zUlVExTX0KvnSEynUMVhs0A3ghKE0hWeE653jTO9or2uPrqV0fe0yE+jkcs+28= X-Received: by 2002:a17:902:ea07:b0:224:a79:5fe4 with SMTP id d9443c01a7336-2242888681cmr334106805ad.2.1741814564403; Wed, 12 Mar 2025 14:22:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFjVvzREwSOFKw0Hfsl/h89sadLsPdTTQZ/I/XFETV/GwxC6RNVuLWxGdk5FbZ6Djc3RCsmNQ== X-Received: by 2002:a17:902:ea07:b0:224:a79:5fe4 with SMTP id d9443c01a7336-2242888681cmr334106495ad.2.1741814564101; Wed, 12 Mar 2025 14:22:44 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:43 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 1/6] fs: invoke LSM file_open hook in do_dentry_open for O_PATH fds as well Date: Wed, 12 Mar 2025 14:21:41 -0700 Message-ID: <20250312212148.274205-2-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Currently, opening O_PATH file descriptors completely bypasses the LSM infrastructure. Invoking the LSM file_open hook for O_PATH fds will be necessary for e.g. mediating the fsmount() syscall. Signed-off-by: Ryan Lee --- fs/open.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/open.c b/fs/open.c index 30bfcddd505d..0f8542bf6cd4 100644 --- a/fs/open.c +++ b/fs/open.c @@ -921,8 +921,13 @@ static int do_dentry_open(struct file *f, if (unlikely(f->f_flags & O_PATH)) { f->f_mode = FMODE_PATH | FMODE_OPENED; file_set_fsnotify_mode(f, FMODE_NONOTIFY); f->f_op = &empty_fops; - return 0; + /* + * do_o_path in fs/namei.c unconditionally invokes path_put + * after this function returns, so don't path_put the path + * upon LSM rejection of O_PATH opening + */ + return security_file_open(f); } if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) { From patchwork Wed Mar 12 21:21:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013929 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D117E1EF363 for ; Wed, 12 Mar 2025 21:22:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814579; cv=none; b=Ao2Vf4NLGQVuv33sAAfXnytrHFdJeEoYAINlZ1vJhMAJnof9Lkf5gluP5JazBUkfgglj06ZFnWMEx2g66+izHnTwaAs9JzbOpqDAgfmrA3JoIhrXhI7cRsYeNHdsHvUEA+UcSTLmP3cmelrRtLY3QLwx/n1lz28Fhla8nqcSTWs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814579; c=relaxed/simple; bh=b4+VVCuulTVS3lasReYQ2g8sMWbZpqYEurik+q7TDIU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qHXjNsdAmTMVdN8a5xbUeLStCe+RtzWT/FAmwRtazzOHStBFtubZirzVaFHB/7gPmUYDCS3f+ekY0PVhp9soHsPK+OCaZtzqgEUjLT0YTdZc7OSZRl+00hwqm47BC8kzSb9art7+GL2OcUOMwcKF/27Nj8p8OJNFZvxUwyI8NO8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=wXHZQnMA; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="wXHZQnMA" Received: from mail-pj1-f71.google.com (mail-pj1-f71.google.com [209.85.216.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id D86923FCD4 for ; Wed, 12 Mar 2025 21:22:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814567; bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=wXHZQnMAbweFyixm/4yjK71qO9242A1HNYoXX/nCd8p+RYITpNU5PZTBrcIvtgw7s 3Cfua9ykXolkNe8sqNhQTewpZzDEo9hJ8v22TSgfp936vThetM6T14br6KexQGwp4n +Isc3riXaRUo2ZotDauFSLzZeYnIW3I/SI1Qh0dY1yv3rC2RXh+bC5LeZLkAE2z9vL hBoLp6v0DiHX9j0JXXrgUEsBEpHG2OiqmOdkIOiyl5ArlJK/AmmvedXelZbphpQSgx kr72q+roBfgDo+g6bXTg0/Ix14ooarH0l/+izy2fDMvlut42EknAd7q6yoQjnPB6Vv WerhTrb8BANqA== Received: by mail-pj1-f71.google.com with SMTP id 98e67ed59e1d1-2ff6167e9ccso734267a91.1 for ; Wed, 12 Mar 2025 14:22:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814566; x=1742419366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=; b=pe210ELSghVO8bV9V9OMct9PWJ/YDn6nBByI13ppdFFzXm4welQ8IQoxzU1QO8780z TeYummi7ISpXEYniheRd0ms1TjME9e22HeokZ6CW4OYCM5dia2/suatU2ntaPM66CYKJ II4VG4hizzygmyA15GmZlS7fMOZWqnjCjorgzk5GwuT6fxRQaI4g2tPU1hVKFUTn9+S/ vX53epQCn43eCEooFbfDGShbYoBzJQm8sL15mHqK0o7eeLScvtrJP0RLPLJnLHUU5DgW 1Z9VXHip0+2Mf1cWx1QNua3b4hS3MOWBTaZT7qEWUOZDscYaXyIIJH6pKav88K6qbGff xDCA== X-Forwarded-Encrypted: i=1; AJvYcCWsZPm08vieUTTbGWDGQ07PNFlmt7MqbXgw2yXOtpR1l2N5U/hgvIcepP1mQn91n64JeiNcS9cC@vger.kernel.org X-Gm-Message-State: AOJu0YxclRYVI/agl1E3b+43uGtZkQwOFpI19YeooWqoaTstQ4a2puRM lDX42J+77zlnnslOypoxqD2LjFDLr9Pjw5MGA1yMzxmrgwVnQPr/Zq7mvcFO+C4ock0VqszfOfh mHZqb0nsp3pdK+gj1qzPCmjNPwb2e+DVUeKSkzz75OxnQGIbvfLb+0+INQQIT9zzKBJEi1Vk= X-Gm-Gg: ASbGnctl8YKPKIM/BFtzK7FORLBj2GSpm6XgAQNMXg0/3NpMCBzZ8iGSlIBwYVM31Fl uF2KFQTApGY6y7Ht3/ixIUmpo9ZP7H0HrPif0YMyPiDj6SezavISF/tK/hjzvTUDe74GZ5ENhTP 5jwJt7Ednb9jZYz+RdP4g6Skyrd4H0suBfDtm4KKuhDjU/tNNyoql5Nl2VwW/k+FmDRofTIW0iO S/NSSQqRf2WZnWBEY1pH3V78EV2AVtm5Nep7ejjJpHAfvo22x8qmqlIyY7fh1LGWsQ7HfWfnJ56 huEypABvN4kH9cbZuZz9gIBgQM8OgXCySqxOfdgiKr6oJtobCbjEZPs7rcUq//TwipkmObI= X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id 98e67ed59e1d1-2ff7cf2a4dfmr33760030a91.29.1741814566527; Wed, 12 Mar 2025 14:22:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGAh7edf+w4rzXzQLR0fkq9YMtlXCTroL93A1jr+Tsldo2r/RTEDBE9CJvpxWToVeKTIWZWGQ== X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id 98e67ed59e1d1-2ff7cf2a4dfmr33760017a91.29.1741814566237; Wed, 12 Mar 2025 14:22:46 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:45 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 2/6] apparmor: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:42 -0700 Message-ID: <20250312212148.274205-3-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Previously, we saw O_PATH fds only when mediating fd inheritance on exec, but because they would have no request associated with them, we would unconditionally let them be inherited. Until we have better handling of O_PATH fds, preserve the existing behavior of unconditionally allowing them. Signed-off-by: Ryan Lee --- security/apparmor/lsm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 11ace667cbbf..2349a1dd41f4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -647,6 +647,16 @@ static int apparmor_file_open(struct file *file) return 0; } + /* + * Preserve the behavior of O_PATH fd creation not being mediated. + * + * TODO: we weren't handling O_PATH fds in aa_inherit_files anyways + * (all-zero request -> fds unconditionally inherited), so proper + * mediation of those will require changes in multiple places. + */ + if (file->f_flags & O_PATH) + return 0; + label = aa_get_newest_cred_label_condref(file->f_cred, &needput); if (!unconfined(label)) { struct mnt_idmap *idmap = file_mnt_idmap(file); From patchwork Wed Mar 12 21:21:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013930 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14C8E1F03E4 for ; Wed, 12 Mar 2025 21:22:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; cv=none; b=KzTYvjBkZBiTXuBJwEmf4cILzOUY0jQO+N2AvN38jv+1n3Y5ua1gjO9ZQQwpCa/IhmC1zULoxg/oVL965Q3ilJ7JxX7RskaGq9blIUPdO/JXdFYRR8OYqMwcageRnv0WayQprd84HnyUGc3GyoCEqPCK6QnQQthyzM4yPtLvFCg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; c=relaxed/simple; bh=YKJUOhSAlbceCTtQeFmVs8IFwOcyWaVLfzVCuOajKmQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=itV94iXdbfpWp9rv2KoqXHHb3H3vKzoslk1qVdfl9Y6zXJUiZh3F1waAJcEd2SbRraTzHIRRDrH0LOGbp5VXi8vRhhzDqHVQGGeyaVSBiAGYwcbIUuaMNEamXKAq5bAi94buRZwpCoi4LBC+rwYrCKAzh6zoJn9v/6X12ePeST0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=vmL06F9F; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="vmL06F9F" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 388363F6C9 for ; Wed, 12 Mar 2025 21:22:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814570; bh=bQ5ilq+qjctbW08HSKcwKvLmj0dzCcpGagg2F3uVrL4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=vmL06F9FBtpJLaaYr55tRaWWAuRysWlSghmlHws+4ccfGIOKu/r09XtkJ0t2XeANd i6mp2xCB2TcwZfGBQQko9G7AptQBV6tAVGPPt+Ny/IdmUxR3AsLJcRYT2JF93t6Tbr KPIAH1xPhRWNs9Yaat8RznLCojnUFhn1uD77B3EU+nWlfhWXPS9b7txWNmiy7XJQSN VEq4ftfPlpUlroju6uaPfkAmUVq4lAYrho/T2qX/+pcv+/MHxlKcIfnPIKu7pMUieM I0sgw/skR3jkjn7NgU72gDmhz8J2SOkyySW3W8l80To2O+b7ga9qDH1LkXYoZkSmiq C1faCZS04BR3A== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ff78dd28ecso777601a91.1 for ; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814568; x=1742419368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bQ5ilq+qjctbW08HSKcwKvLmj0dzCcpGagg2F3uVrL4=; b=KgbNgN02ZiXgCXz8bb8WXDN4IRrogwPnk3FzVATfojrPDDNrO8s2uzl1ebTptJUx62 yxzfg/8l9dfgGs8LOCCu0ZafmKB3gVq3GNrE0yAAot9t4PPZIP1zPZA6z2jASKKKzwFu Rk5e6QCMu9j37oiW5obbg64t9NmbyOs/dvxAzeXoXcH3sCDyzeJxEN5A9z+09e+W6hYY 5XccSK5dFKAOx/PxLjm9ZadDVCZsN7uxX9Vv6A7+2t1MmQhMRvZG1zWg2eeRjG6DajcK oIlZzlfNVE3PKuVoAiJO1YY8pBdq9RMRS8WD11dQVolB+OMvGcSuWqPREEGb2YDo5o0u GBxA== X-Forwarded-Encrypted: i=1; AJvYcCXIiKdl2etGcMSgxoHz+yUt39XhJSX99mqxhGtG9MbC7RsKPIUKzESnPrM99LlTd2ArpsZBIk7+@vger.kernel.org X-Gm-Message-State: AOJu0YyXrZjmja9C8jq0vemlPWn3MGtUK9osuGMcBAV3dWYHVJGg9SCd lPgsE0qsEq7WQ2udK47G7NlAel+pu/aBXlj36BIywDuUphKVToxRe5/PCd5TfxQYRCEUAXCkS0b 0DcSAXac7htPkXIdeaJNk5yG6G16WwwuO+wif226lx68IhPSsG6R+d3OfVty2dhgYI3+0hxI= X-Gm-Gg: ASbGncvGFgkEMu3PCfJaZe3V2Kh3peuzbnsRZRWAUR9SwgZM3Nh4Tj5ZqvCX0HWnq7T wwUgv3s598k8/Rz+spIKl49V/zlCViYO9Z8np0fWIxMkaVKr09DQCNOf/YMSE/+9OJozsJh7wX1 OaYX4+IdPq1WW/W7wpzid0RrrAlxuBhBBKnXxMPjBxGTAbl0lAwm50Uzgm1teKGCM5uxn+GzmTC jR0MfTqbzM/CqrzZbIGntaSidgs2jDT9iwn8yvd8tY/iyuHN82q/Zku9tfGfgRhN+OIXsoc1yme Gx5632kQBpW4nKCN3ABDN7Qhi1sBB4LMgRlu6GUA0Si4mVkek7tcTAIthtAUgMFwiKiWa08= X-Received: by 2002:a17:90b:38c8:b0:2ee:74a1:fba2 with SMTP id 98e67ed59e1d1-2ff7ce84c7bmr34243255a91.20.1741814568677; Wed, 12 Mar 2025 14:22:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE6kNFGkR2Ar2yfV2Wm7/OWkigwZeggzkNDef+VFj2HbCWbxEzVxXle+EcNd+qkPs6JAUusng== X-Received: by 2002:a17:90b:38c8:b0:2ee:74a1:fba2 with SMTP id 98e67ed59e1d1-2ff7ce84c7bmr34243239a91.20.1741814568350; Wed, 12 Mar 2025 14:22:48 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:47 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 3/6] landlock: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:43 -0700 Message-ID: <20250312212148.274205-4-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Landlock currently does not have handling of O_PATH fds. Now that they are being passed to the file_open hook, explicitly skip mediation of them until we can handle them. Signed-off-by: Ryan Lee --- security/landlock/fs.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 0804f76a67be..37b2167bf4c6 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1522,6 +1522,14 @@ static int hook_file_open(struct file *const file) if (!dom) return 0; + /* + * Preserve the behavior of O_PATH fd creation not being mediated, for + * now. Remove this when the comment below about handling O_PATH fds + * is resolved. + */ + if (file->f_flags & O_PATH) + return 0; + /* * Because a file may be opened with O_PATH, get_required_file_open_access() * may return 0. This case will be handled with a future Landlock From patchwork Wed Mar 12 21:21:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013931 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14C1B1F03E1 for ; Wed, 12 Mar 2025 21:22:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; cv=none; b=iimCSLCwh/5F+vIcXruokf64LikxZo2674XaLZa3d6g8XQSZigTSU6VVRKkdhniplD+cMFxnsgec+Aqs4coRtk3ds05U4J8VFlfVAFMg+CxvdPDolMxR4R7c3E4sibxQJ92UuSj1cO5SCRwF2gie09625HOMlsNX7PyeSgd30bM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; c=relaxed/simple; bh=UQi4jGJd9JPX9q54M13Eyu1joQsCWppMerqI6/F5Zeo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JhMwTi0F6F8Y4KJsLZefiw4rhx5Z4a7VrSb8ogqmjsxXy+Jss9fBJKWjVI/nYxiviq+jbmZYnh0dIqwKWnHVxxJXOj3UFNRfSl/uGgQ1GbhTvO7ROw1T7uiCb4PJyXpfED4E2OXbxqJurYnStyrYcDyt8D/qIrJhGYHL5MXNVHM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=sCFyKZak; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="sCFyKZak" Received: from mail-pj1-f71.google.com (mail-pj1-f71.google.com [209.85.216.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 4F4883F6FD for ; Wed, 12 Mar 2025 21:22:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814573; bh=vkBChevR2KYwwFZBDZ6M820pfzcyPKZb2PO3mstNSrA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sCFyKZakaUftWxs9QToSa2iYDRjmwymogEnh5bqNk+TcutGHQj9F0evcRwByZfnif mzfGT37QLIhi9GxW0NLVMtPvVL8i/4N1Z11S0gz3Am+a+fAkqQFRcweqS6j45bU4Ps di9NaLEzCZUIPwau/tK1oxZg1naxvstlzn9m0EtpyabpVX0+7NiMlEoRJppbuDrUrZ TbAimvT/OXzsfPIaIbjkJMa3Q18gbvrYKrjQ3Qgj67zWju3huasfBqTn4n75QcTCPB EEgl958EFmTLiUBE5PCwCT2Ve49CRgm6WRLWa80uv8GJk3b4Bj5dvMk0kBsdiq20pi dBXKQP0ViouSg== Received: by mail-pj1-f71.google.com with SMTP id 98e67ed59e1d1-2ff6af1e264so714039a91.3 for ; Wed, 12 Mar 2025 14:22:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814571; x=1742419371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vkBChevR2KYwwFZBDZ6M820pfzcyPKZb2PO3mstNSrA=; b=W3DK2Mn7QdjtX5B1za/xwPmOGppzF0pe6A56179eZQfftw+9TgKLtN1RIdT2tQfiHg YLXfAwxBs1nL9VEaa7oEeDlTZRThTtqkz+Cj/I6RbLQ6Ivvw34T6KJPEjgVkL1eb/7I9 ffdfANplwYHZlwzz3rdE1qsnwFzgHSd/VTL1iUxUOmVvQiT2WdHSRvGYon9Rp9TQw+JL Dxl6SCgNAnaJWUlHDHLqyBcf/7kEICqhPjPdua50IsOsqIZA/+lJsPw2PtcU7vArjHo2 ahjJPzeskSSWVh1p4nETl7+s+1i5n91ze3Hgdi86FuZBagkjPelSTrgZefdZKscy3PjB +mMA== X-Forwarded-Encrypted: i=1; AJvYcCWoMuQcv+bExlQcq4PzuisHyUVYVtwjcqgx2l4vqRqea8Ek0SmS3Ymdwqfm8DH5hXOMZcCKc3uF@vger.kernel.org X-Gm-Message-State: AOJu0Yz+qsW2s0aWHLiCRJF3rJYbKq8/JfvkHrLlOP5xPCCVr/Y97TFJ FFToOgy7ongdE5/UsTNC9jQ7en4XrxI7bUcrS4dmIPa8OgWZ+ct2+yN8IA9AopvJStr+Cjw4bLb +/HcjEb0RIQghd7cMbw2FwTE+al5mzJBqFpaqPd2iFtQlXw1x2s0B2fn3s6kTd+BIqR6OUjs= X-Gm-Gg: ASbGncsuE5q/bW7VPSURGw6O5HduXy/VAWObDsPsusxRKFElvxCpQ0e+4UGpoqs+sR6 keWvztdIuf1qm9kKF8N/7gXUqU6cwAz9MEEnAifnLvjGAowaT46Igc20KvcHuuzxmERl1+HtcFr 0Q79/7mQRFesp52fLuUK6j+J71sooVYtbmzPLkcTuUA70U6ltiSuwFWUGYLJIciG7incbW4tnwz cL6FatRKikqwW1OuZjAL0U420m7PzAMluBrG6Mosy7wbjNa9q22IsTW8bl2yoxQvW5A8k0jWGZU l5Zxh+ARlA02B67Tz/Yl25Nk1x7GyztdJCIUf807O/jaG88snt/MsxLaxDgpbocXAngE6IY= X-Received: by 2002:a17:90b:1b05:b0:2ee:8427:4b02 with SMTP id 98e67ed59e1d1-2ff7cef76acmr32847531a91.28.1741814570803; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG2zy2F9PoKbQMeK6fUS3X/Yt717KlC839Q5G4xkP4Nr8/wnDbMYJ8pDxU6TgdAPfQxzzejkA== X-Received: by 2002:a17:90b:1b05:b0:2ee:8427:4b02 with SMTP id 98e67ed59e1d1-2ff7cef76acmr32847501a91.28.1741814570519; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:50 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 4/6] selinux: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:44 -0700 Message-ID: <20250312212148.274205-5-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/selinux/hooks.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 07f71e6c2660..886ee9381507 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4009,6 +4009,11 @@ static int selinux_file_open(struct file *file) */ fsec->isid = isec->sid; fsec->pseqno = avc_policy_seqno(); + + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (file->f_flags & O_PATH) + return 0; + /* * Since the inode label or policy seqno may have changed * between the selinux_inode_permission check and the saving From patchwork Wed Mar 12 21:21:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013933 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92E981F152E for ; Wed, 12 Mar 2025 21:23:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814585; cv=none; b=VjKFes+WbDP0nkJ706vDLznAvuLrzf2y+MjrUKCIZ8uhlpuQ4IMt6ql9V6ZQkNx1a2cW9dby8aeUg2e0yubDr+MJw5JIuITvRqpY7m1rwJkaBAqN4xdjNWcd7k9BsrEyVa0RAoM3/McrTjgqrQTm1HcAKEM59TGbGq1lMe+KIqI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814585; c=relaxed/simple; bh=G2e3iolvH9qEslV/akG34i7cS7UuqJvA1p2iiSDOzVc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QhaugzNKzONpShAQqb8jx8S9QScLzkT3LehbpKfyKM9mWgSiDPSf42jiR/Bi59iKcmGbNnEkcPafX/Cp38+MTJGoMx8zXsI5D1qwythFH8d4msMVqCEsnWf+EK16znWOuo9X1BNp3ErHnb4SZVWUlUqmnIi4ljGTWu58hyvu6wU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=e8JsmYR+; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="e8JsmYR+" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 740BB3F717 for ; Wed, 12 Mar 2025 21:22:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814576; bh=yf0KmmK+2JCiuqTR1dE5uJSectdXjdHO7BaOi/Ze5/Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=e8JsmYR+bmqnDO8ig/JUHN+ga3YznlIadNIojqds0ZG1L7WDRwkxHIzpzFsneg+E5 0srcB3RsuXrVQ5MG3MWonPvlf8gfMjjod2u4SMJ1jKnC0UuERRgmiAAHp8yoB2HPqZ OxVkH+9w2zXikhY0F60PuuRqZ8yIxDBNw270dYrgm8x5ikmqkOuzFuopIOVY+vBCWl 2kfer8F4Vb1RE2Bndr4A8Gvfo81TDQvmFaoy3spv8NzsLJOeWyRc6y7rGm46EJwmsh c5kDw25JpC45ZMERGVjT1glEyxSBt7zUpxa9mPK25tYo4HOZVYsTDlJ0RimYfqc0Av HWF62R3YHdccw== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ff64898e2aso2105922a91.1 for ; Wed, 12 Mar 2025 14:22:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814574; x=1742419374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yf0KmmK+2JCiuqTR1dE5uJSectdXjdHO7BaOi/Ze5/Q=; b=xSh5FZ6jmLSriOAqDv5WWqW9Ij1w160PXMvsQ3W1M3ewgmI2sxhEsRKnsgsSmI/NLB P8ZkZtOLVDiu69vR1MKfjLypC4pHmXTfccEoZcL0Xh//DMCb22KWsOfW09wRVYBXsv/I P3dj5090FLBoKFmfS5Us3Hraqn/GR7K4WcG3gVRT8L3sDmGHSqmeY8nCG6pX8gINVync QVilGuzzQyxv5MsXdCPwHcRD4SWX+o/AX85+NJSFM0hwvpziZY70SYCgxVpJS1TgC9vu pbvKKwLVeWaQKOhYdTEiPX1hKV/HmTzCx9wbe9fWDujdLT3PSzlZSRkfmn9UvduEP+A2 ZqBA== X-Forwarded-Encrypted: i=1; AJvYcCWOR7D6da484/txn8drp7jR9QVN45glv4kGiw2Ix8eP7wARxEZvXxGlo6h5AcsVNmSxEdDPUp2P@vger.kernel.org X-Gm-Message-State: AOJu0YyRonlBZIcU+i+zQlJvUfrRm8KrZhN1eQ5qwAS7Dad0eyz0IopW RIDf4imLFhNgs5tTCbZrxvSOuPpIJa1bTLmmgVBdtxiNJDnBN3PKeZeItz9DOouHde1xpd/HP4m +NG5aJx7IdOBZ4bNiw/nqUb91f5WYyLnPcCRvCxlBzdmuqbK//1vhJBxUazv88biTpNzHTKk= X-Gm-Gg: ASbGnct5dQFWZa30cGndAom5rKm5y/s3XNkFVH2CR0f6gaepHBmndaXmbiHIfCt81oe AKHxH1b8RZoi5FB+5lE4QAXXTAjfsGt2O8nptvvVDohxoNzHAHFtXj604CuJze+dCb1JiHBUTT1 Hnez8VRWwT3vOkT0mJrEvzy7TdDvLFY6jUxaiC6IAo57wC37kx4iffd+OyYpWGlsCYaNZ7mJB2s CN7QHdr/Rxts97MizAYTGvHl4iX1baEGwMAAOt6Bci8+8roBEimrhiBkwgZakERkc6TviYOb0Rj jo5q+fC0LuyQeLoHGcifFMVNaRHrHMtw3ima1plgq2Vw1Fxi+h7dPX2S03Wl+tqkOAhskxU= X-Received: by 2002:a17:90b:3bce:b0:2ef:ad48:7175 with SMTP id 98e67ed59e1d1-30135f6037cmr88387a91.15.1741814573785; Wed, 12 Mar 2025 14:22:53 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHwAw+1MiMC/B8BNZEJ4oppU1sIELS1vCTl7SNsacHdi/KdGlgg9CgoB/KGdKxX2Zf2vFxSyQ== X-Received: by 2002:a17:90b:3bce:b0:2ef:ad48:7175 with SMTP id 98e67ed59e1d1-30135f6037cmr88319a91.15.1741814572564; Wed, 12 Mar 2025 14:22:52 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:52 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 5/6] smack: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:45 -0700 Message-ID: <20250312212148.274205-6-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/smack/smack_lsm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2f65eb392bc0..c05e223bfb33 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2062,6 +2062,10 @@ static int smack_file_open(struct file *file) struct smk_audit_info ad; int rc; + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (file->f_flags & O_PATH) + return 0; + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); From patchwork Wed Mar 12 21:21:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Lee X-Patchwork-Id: 14013932 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B878E1F130C for ; Wed, 12 Mar 2025 21:23:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; cv=none; b=iSzEPy2U7NS+Vcnh7cRb1JVUsTIgin9lEpjQL5m1DAcG5SUfqY+XHWHyOTXksiWZJJohRaO1HHMRqR+IdeoMtJRDe6pTd3lobY77o7vyBpgYZLFH+AHR6EwiVjTH+suujqPlopTIzpKk6Eb7zfHGcZU1/3vsPUYOUXUdWmi0bxk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; c=relaxed/simple; bh=nQa75EiYN3ygFHWP5CltgBdCU2YvLoFl9S3DeRklaTs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nZ6EJEc+i0kXBNndDRfDx4h+Kg32T0wUMBCcmGDP5Ad96dDT6nOAdABD8Qs1lB8r8hQmY3XoeJrfL1MZY3d5CaGLBcK0944hKg7MfUYxl8mIKaZHHOijFaIp0F/pdezPShClvzJw4Qzi11ExE1ohzAtj25nakdIH6goGw1V4RVI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=Nz8L175s; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="Nz8L175s" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 01D2C3FCD7 for ; Wed, 12 Mar 2025 21:23:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814580; bh=sxXlT+NKuH/R8o+IpND8qEtQPr3+MVFoHvHlcLQeNOw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Nz8L175sgLMTMSxALgPazVZslWuxpLOb6BjhTDWtsIVrXJqWcOSJqrv70oAUpBspR fXe7NKhmaFroXjEbbUAcHVS6X6hZZUgY70gJfhebRcByyz9Ree2UWlJRT5uZSSaz4N 3Z3+Fuw/I70K4YaZjfTuZugMRCmfUvpkwG0GjRLu/iW/iLCnRcdbS3rALEmvZSfYVw h4xNg/WP62ONN0PIM9BbNixBubVfh4RqG5FynkbQX65CCJYwRNxJGeKETqOkAL+23p yaPwRgU5vykJbTrr0/wHJuAdOpmlTxzn38N//8zk9tsYYzXXKuk2nruAW6uPrMBYpG m8xrz/2CTCRTg== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ff4b130bb2so535183a91.0 for ; Wed, 12 Mar 2025 14:22:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814575; x=1742419375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sxXlT+NKuH/R8o+IpND8qEtQPr3+MVFoHvHlcLQeNOw=; b=nhHQn0kgtDtJDUTEPSI+/i+3AjtvhLMH6YlyZWzPeUrxNOkqvsks8m+4g9jx8FQjQG KoacxPzMSGMlp2JF+Hr263aOyggvqLAeDnnnhLQLjUtsbZ6+vAl5T2Jr+1ZJ+3eytvW2 Dzwf/+iIXX6OCgUKujTlQNawOb/t6wvXfpTQffh670kk+eQaXt9nBS4TplxYe4qLKYX5 6Y9bd/4gpy7j2Z6alsqOTsoAgtLnuHwUVGBmB4m4MrNt8ZJ6qtkvLrQAS13pO7a2lTIp yM0OK/2ybDxN6RenerBKCIab6ic/MeXExRbvzGosz7UQ9ap8SmVH9JcSebgsB0TWk2iR axQQ== X-Forwarded-Encrypted: i=1; AJvYcCX1eh6aqgI4z1yHRM/U/GEt++Q1JpTXUD1CeFSi56ljGOOZE9G8EElDo8XvqUfnQZCXOQiRS/lD@vger.kernel.org X-Gm-Message-State: AOJu0Yz0FuH+GbcQ89Gtq+F4d5O8GBr/GXbirYin0TBs77ejwriLEUk+ +GegRoSMjwJvOR6jetF6Q9LgNgwkeRgpDfGWcir+yMCqEHekVle0U2r3Ml0ovG7qdh1ofEQYi8O zSTwjNxStIRPq8YU3Kklkks8MzfnPtD1k6c69UgjFkQTotZJ7KKkZWkwMzF+63PFeUWgrn5A= X-Gm-Gg: ASbGncvwm3GQH+IZa0BJE394yZNQRuSHYEmjVM49uGutUR0sa8pHohsDwd4tcwZeLR5 MD1Vi+WMUSkoZhrvP/hsrMbIBZc+w2+QpV0N1dosEf/A2n6Ycr/Stb7+FxibC3bmmXCSp9oS7wp BJB2tGIJEsmFQY02ZWS+lu6Zdp+5Qgg0wfDqejmy8cUoqblWGd26swXGIzejU9DvwMS1A9PTDR1 AgYmJkGimjt2PfSbOmqtSOp2Z08nAhdF1RQUpoEqHSYP/4PJOdKIp4v4iLjoGF9Wdvlrz/c9z5K DXCh6IV5cvlhPDT1JDYlIzbYSV/48BK8sj/DUPqG+p5a/R0lhBkdOh42qoxC6GKwmWEosCs= X-Received: by 2002:a17:90a:7345:b0:301:1bce:c255 with SMTP id 98e67ed59e1d1-3011bcec36fmr4989220a91.27.1741814575228; Wed, 12 Mar 2025 14:22:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF7VJ3I6Ag0U5c89zoKAvdV8xkokC+gkGPKK5VTC7ZbVdDme14D+x+zHYl4u3ZWPKhOLxMFvA== X-Received: by 2002:a17:90a:7345:b0:301:1bce:c255 with SMTP id 98e67ed59e1d1-3011bcec36fmr4989199a91.27.1741814574931; Wed, 12 Mar 2025 14:22:54 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:54 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 6/6] tomoyo: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:46 -0700 Message-ID: <20250312212148.274205-7-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/tomoyo/file.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 8f3b90b6e03d..efecfa7d15b2 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -762,6 +762,10 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, }; int idx; + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (flag & O_PATH) + return 0; + buf.name = NULL; r.mode = TOMOYO_CONFIG_DISABLED; idx = tomoyo_read_lock();