- 16 12月, 2011 1 次提交
-
-
由 Rusty Russell 提交于
The 'aabool' wrappers actually pass off to the 'bool' parse functions, so you should use the same check function. Similarly for aauint and uint. (Note that 'bool' module parameters also allow 'int', which is why you got away with this, but that's changing very soon.) Cc: linux-security-module@vger.kernel.org Signed-off-by: NRusty Russell <rusty@rustcorp.com.au> Acked-by: NJohn Johansen <john.johansen@canonical.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 29 6月, 2011 1 次提交
-
-
由 John Johansen 提交于
AppArmor is masking the capabilities returned by capget against the capabilities mask in the profile. This is wrong, in complain mode the profile has effectively all capabilities, as the profile restrictions are not being enforced, merely tested against to determine if an access is known by the profile. This can result in the wrong behavior of security conscience applications like sshd which examine their capability set, and change their behavior accordingly. In this case because of the masked capability set being returned sshd fails due to DAC checks, even when the profile is in complain mode. Kernels affected: 2.6.36 - 3.0. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
- 09 6月, 2011 1 次提交
-
-
由 John Johansen 提交于
Affected kernels 2.6.36 - 3.0 AppArmor may do a GFP_KERNEL memory allocation with task_lock(tsk->group_leader); held when called from security_task_setrlimit. This will only occur when the task's current policy has been replaced, and the task's creds have not been updated before entering the LSM security_task_setrlimit() hook. BUG: sleeping function called from invalid context at mm/slub.c:847 in_atomic(): 1, irqs_disabled(): 0, pid: 1583, name: cupsd 2 locks held by cupsd/1583: #0: (tasklist_lock){.+.+.+}, at: [<ffffffff8104dafa>] do_prlimit+0x61/0x189 #1: (&(&p->alloc_lock)->rlock){+.+.+.}, at: [<ffffffff8104db2d>] do_prlimit+0x94/0x189 Pid: 1583, comm: cupsd Not tainted 3.0.0-rc2-git1 #7 Call Trace: [<ffffffff8102ebf2>] __might_sleep+0x10d/0x112 [<ffffffff810e6f46>] slab_pre_alloc_hook.isra.49+0x2d/0x33 [<ffffffff810e7bc4>] kmem_cache_alloc+0x22/0x132 [<ffffffff8105b6e6>] prepare_creds+0x35/0xe4 [<ffffffff811c0675>] aa_replace_current_profile+0x35/0xb2 [<ffffffff811c4d2d>] aa_current_profile+0x45/0x4c [<ffffffff811c4d4d>] apparmor_task_setrlimit+0x19/0x3a [<ffffffff811beaa5>] security_task_setrlimit+0x11/0x13 [<ffffffff8104db6b>] do_prlimit+0xd2/0x189 [<ffffffff8104dea9>] sys_setrlimit+0x3b/0x48 [<ffffffff814062bb>] system_call_fastpath+0x16/0x1b Signed-off-by: NJohn Johansen <john.johansen@canonical.com> Reported-by: NMiles Lane <miles.lane@gmail.com> Cc: stable@kernel.org Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 01 6月, 2011 1 次提交
-
-
由 Kees Cook 提交于
When invalid parameters are passed to apparmor_setprocattr a NULL deref oops occurs when it tries to record an audit message. This is because it is passing NULL for the profile parameter for aa_audit. But aa_audit now requires that the profile passed is not NULL. Fix this by passing the current profile on the task that is trying to setprocattr. Signed-off-by: NKees Cook <kees@ubuntu.com> Signed-off-by: NJohn Johansen <john.johansen@canonical.com> Cc: stable@kernel.org Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 24 3月, 2011 1 次提交
-
-
由 Serge E. Hallyn 提交于
- Introduce ns_capable to test for a capability in a non-default user namespace. - Teach cap_capable to handle capabilities in a non-default user namespace. The motivation is to get to the unprivileged creation of new namespaces. It looks like this gets us 90% of the way there, with only potential uid confusion issues left. I still need to handle getting all caps after creation but otherwise I think I have a good starter patch that achieves all of your goals. Changelog: 11/05/2010: [serge] add apparmor 12/14/2010: [serge] fix capabilities to created user namespaces Without this, if user serge creates a user_ns, he won't have capabilities to the user_ns he created. THis is because we were first checking whether his effective caps had the caps he needed and returning -EPERM if not, and THEN checking whether he was the creator. Reverse those checks. 12/16/2010: [serge] security_real_capable needs ns argument in !security case 01/11/2011: [serge] add task_ns_capable helper 01/11/2011: [serge] add nsown_capable() helper per Bastian Blank suggestion 02/16/2011: [serge] fix a logic bug: the root user is always creator of init_user_ns, but should not always have capabilities to it! Fix the check in cap_capable(). 02/21/2011: Add the required user_ns parameter to security_capable, fixing a compile failure. 02/23/2011: Convert some macros to functions as per akpm comments. Some couldn't be converted because we can't easily forward-declare them (they are inline if !SECURITY, extern if SECURITY). Add a current_user_ns function so we can use it in capability.h without #including cred.h. Move all forward declarations together to the top of the #ifdef __KERNEL__ section, and use kernel-doc format. 02/23/2011: Per dhowells, clean up comment in cap_capable(). 02/23/2011: Per akpm, remove unreachable 'return -EPERM' in cap_capable. (Original written and signed off by Eric; latest, modified version acked by him) [akpm@linux-foundation.org: fix build] [akpm@linux-foundation.org: export current_user_ns() for ecryptfs] [serge.hallyn@canonical.com: remove unneeded extra argument in selinux's task_has_capability] Signed-off-by: NEric W. Biederman <ebiederm@xmission.com> Signed-off-by: NSerge E. Hallyn <serge.hallyn@canonical.com> Acked-by: N"Eric W. Biederman" <ebiederm@xmission.com> Acked-by: NDaniel Lezcano <daniel.lezcano@free.fr> Acked-by: NDavid Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: NSerge E. Hallyn <serge.hallyn@canonical.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 09 3月, 2011 1 次提交
-
-
由 Shan Wei 提交于
Remove unused macros. Signed-off-by: NShan Wei <shanwei@cn.fujitsu.com> Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
- 11 11月, 2010 1 次提交
-
-
由 wzt.wzt@gmail.com 提交于
set_init_cxt() allocted sizeof(struct aa_task_cxt) bytes for cxt, if register_security() failed, it will cause memory leak. Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJohn Johansen <john.johansen@canonical.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 08 9月, 2010 1 次提交
-
-
由 John Johansen 提交于
2.6.36 introduced the abilitiy to specify the task that is having its rlimits set. Update mediation to ensure that confined tasks can only set their own group_leader as expected by current policy. Add TODO note about extending policy to support setting other tasks rlimits. Signed-off-by: NJohn Johansen <john.johansen@canonical.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 17 8月, 2010 1 次提交
-
-
由 Jiri Slaby 提交于
After rlimits tree was merged we get the following errors: security/apparmor/lsm.c:663:2: warning: initialization from incompatible pointer type It is because AppArmor was merged in the meantime, but uses the old prototype. So fix it by adding struct task_struct as a first parameter of apparmor_task_setrlimit. NOTE that this is ONLY a compilation warning fix (and crashes caused by that). It needs proper handling in AppArmor depending on who is the 'task'. Signed-off-by: NJiri Slaby <jslaby@suse.cz> Signed-off-by: NJohn Johansen <john.johansen@canonical.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 11 8月, 2010 1 次提交
-
-
由 Stephen Rothwell 提交于
Fixes these build errors: security/apparmor/lsm.c:701: error: 'param_ops_aabool' undeclared here (not in a function) security/apparmor/lsm.c:721: error: 'param_ops_aalockpolicy' undeclared here (not in a function) security/apparmor/lsm.c:729: error: 'param_ops_aauint' undeclared here (not in a function) Signed-off-by: NStephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: NJohn Johansen <john.johansen@canonical.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-
- 02 8月, 2010 2 次提交
-
-
由 James Morris 提交于
Remove extraneous path_truncate arguments from the AppArmor hook, as they've been removed from the LSM API. Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 John Johansen 提交于
AppArmor hooks to interface with the LSM, module parameters and module initialization. Signed-off-by: NJohn Johansen <john.johansen@canonical.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-