1. 23 9月, 2017 2 次提交
    • J
      apparmor: add mount mediation · 2ea3ffb7
      John Johansen 提交于
      Add basic mount mediation. That allows controlling based on basic
      mount parameters. It does not include special mount parameters for
      apparmor, super block labeling, or any triggers for apparmor namespace
      parameter modifications on pivot root.
      
      default userspace policy rules have the form of
        MOUNT RULE = ( MOUNT | REMOUNT | UMOUNT )
      
        MOUNT = [ QUALIFIERS ] 'mount' [ MOUNT CONDITIONS ] [ SOURCE FILEGLOB ]
                [ '->' MOUNTPOINT FILEGLOB ]
      
        REMOUNT = [ QUALIFIERS ] 'remount' [ MOUNT CONDITIONS ]
                  MOUNTPOINT FILEGLOB
      
        UMOUNT = [ QUALIFIERS ] 'umount' [ MOUNT CONDITIONS ] MOUNTPOINT FILEGLOB
      
        MOUNT CONDITIONS = [ ( 'fstype' | 'vfstype' ) ( '=' | 'in' )
                             MOUNT FSTYPE EXPRESSION ]
      		       [ 'options' ( '=' | 'in' ) MOUNT FLAGS EXPRESSION ]
      
        MOUNT FSTYPE EXPRESSION = ( MOUNT FSTYPE LIST | MOUNT EXPRESSION )
      
        MOUNT FSTYPE LIST = Comma separated list of valid filesystem and
                            virtual filesystem types (eg ext4, debugfs, etc)
      
        MOUNT FLAGS EXPRESSION = ( MOUNT FLAGS LIST | MOUNT EXPRESSION )
      
        MOUNT FLAGS LIST = Comma separated list of MOUNT FLAGS.
      
        MOUNT FLAGS = ( 'ro' | 'rw' | 'nosuid' | 'suid' | 'nodev' | 'dev' |
                        'noexec' | 'exec' | 'sync' | 'async' | 'remount' |
      		  'mand' | 'nomand' | 'dirsync' | 'noatime' | 'atime' |
      		  'nodiratime' | 'diratime' | 'bind' | 'rbind' | 'move' |
      		  'verbose' | 'silent' | 'loud' | 'acl' | 'noacl' |
      		  'unbindable' | 'runbindable' | 'private' | 'rprivate' |
      		  'slave' | 'rslave' | 'shared' | 'rshared' |
      		  'relatime' | 'norelatime' | 'iversion' | 'noiversion' |
      		  'strictatime' | 'nouser' | 'user' )
      
        MOUNT EXPRESSION = ( ALPHANUMERIC | AARE ) ...
      
        PIVOT ROOT RULE = [ QUALIFIERS ] pivot_root [ oldroot=OLD PUT FILEGLOB ]
                          [ NEW ROOT FILEGLOB ]
      
        SOURCE FILEGLOB = FILEGLOB
      
        MOUNTPOINT FILEGLOB = FILEGLOB
      
      eg.
        mount,
        mount /dev/foo,
        mount options=ro /dev/foo -> /mnt/,
        mount options in (ro,atime) /dev/foo -> /mnt/,
        mount options=ro options=atime,
      Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      Acked-by: NSeth Arnold <seth.arnold@canonical.com>
      2ea3ffb7
    • J
      apparmor: add the ability to mediate signals · cd1dbf76
      John Johansen 提交于
      Add signal mediation where the signal can be mediated based on the
      signal, direction, or the label or the peer/target. The signal perms
      are verified on a cross check to ensure policy consistency in the case
      of incremental policy load/replacement.
      
      The optimization of skipping the cross check when policy is guaranteed
      to be consistent (single compile unit) remains to be done.
      
      policy rules have the form of
        SIGNAL_RULE = [ QUALIFIERS ] 'signal' [ SIGNAL ACCESS PERMISSIONS ]
                      [ SIGNAL SET ] [ SIGNAL PEER ]
      
        SIGNAL ACCESS PERMISSIONS = SIGNAL ACCESS | SIGNAL ACCESS LIST
      
        SIGNAL ACCESS LIST = '(' Comma or space separated list of SIGNAL
                                 ACCESS ')'
      
        SIGNAL ACCESS = ( 'r' | 'w' | 'rw' | 'read' | 'write' | 'send' |
                          'receive' )
      
        SIGNAL SET = 'set' '=' '(' SIGNAL LIST ')'
      
        SIGNAL LIST = Comma or space separated list of SIGNALS
      
        SIGNALS = ( 'hup' | 'int' | 'quit' | 'ill' | 'trap' | 'abrt' |
                    'bus' | 'fpe' | 'kill' | 'usr1' | 'segv' | 'usr2' |
      	      'pipe' | 'alrm' | 'term' | 'stkflt' | 'chld' | 'cont' |
      	      'stop' | 'stp' | 'ttin' | 'ttou' | 'urg' | 'xcpu' |
      	      'xfsz' | 'vtalrm' | 'prof' | 'winch' | 'io' | 'pwr' |
      	      'sys' | 'emt' | 'exists' | 'rtmin+0' ... 'rtmin+32'
                  )
      
        SIGNAL PEER = 'peer' '=' AARE
      
      eg.
        signal,                                 # allow all signals
        signal send set=(hup, kill) peer=foo,
      Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      Acked-by: NSeth Arnold <seth.arnold@canonical.com>
      cd1dbf76
  2. 11 6月, 2017 16 次提交
  3. 09 6月, 2017 1 次提交
  4. 07 4月, 2017 3 次提交
    • J
      apparmor: Make path_max parameter readonly · 622f6e32
      John Johansen 提交于
      The path_max parameter determines the max size of buffers allocated
      but it should  not be setable at run time. If can be used to cause an
      oops
      
      root@ubuntu:~# echo 16777216 > /sys/module/apparmor/parameters/path_max
      root@ubuntu:~# cat /sys/module/apparmor/parameters/path_max
      Killed
      
      [  122.141911] BUG: unable to handle kernel paging request at ffff880080945fff
      [  122.143497] IP: [<ffffffff81228844>] d_absolute_path+0x44/0xa0
      [  122.144742] PGD 220c067 PUD 0
      [  122.145453] Oops: 0002 [#1] SMP
      [  122.146204] Modules linked in: vmw_vsock_vmci_transport vsock ppdev vmw_balloon snd_ens1371 btusb snd_ac97_codec gameport snd_rawmidi btrtl snd_seq_device ac97_bus btbcm btintel snd_pcm input_leds bluetooth snd_timer snd joydev soundcore serio_raw coretemp shpchp nfit parport_pc i2c_piix4 8250_fintek vmw_vmci parport mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd vmwgfx psmouse mptspi ttm mptscsih drm_kms_helper mptbase syscopyarea scsi_transport_spi sysfillrect
      [  122.163365]  ahci sysimgblt e1000 fb_sys_fops libahci drm pata_acpi fjes
      [  122.164747] CPU: 3 PID: 1501 Comm: bash Not tainted 4.4.0-59-generic #80-Ubuntu
      [  122.166250] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
      [  122.168611] task: ffff88003496aa00 ti: ffff880076474000 task.ti: ffff880076474000
      [  122.170018] RIP: 0010:[<ffffffff81228844>]  [<ffffffff81228844>] d_absolute_path+0x44/0xa0
      [  122.171525] RSP: 0018:ffff880076477b90  EFLAGS: 00010206
      [  122.172462] RAX: ffff880080945fff RBX: 0000000000000000 RCX: 0000000001000000
      [  122.173709] RDX: 0000000000ffffff RSI: ffff880080946000 RDI: ffff8800348a1010
      [  122.174978] RBP: ffff880076477bb8 R08: ffff880076477c80 R09: 0000000000000000
      [  122.176227] R10: 00007ffffffff000 R11: ffff88007f946000 R12: ffff88007f946000
      [  122.177496] R13: ffff880076477c80 R14: ffff8800348a1010 R15: ffff8800348a2400
      [  122.178745] FS:  00007fd459eb4700(0000) GS:ffff88007b6c0000(0000) knlGS:0000000000000000
      [  122.180176] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  122.181186] CR2: ffff880080945fff CR3: 0000000073422000 CR4: 00000000001406e0
      [  122.182469] Stack:
      [  122.182843]  00ffffff00000001 ffff880080946000 0000000000000000 0000000000000000
      [  122.184409]  00000000570f789c ffff880076477c30 ffffffff81385671 ffff88007a2e7a58
      [  122.185810]  0000000000000000 ffff880076477c88 01000000008a1000 0000000000000000
      [  122.187231] Call Trace:
      [  122.187680]  [<ffffffff81385671>] aa_path_name+0x81/0x370
      [  122.188637]  [<ffffffff813875dd>] profile_transition+0xbd/0xb80
      [  122.190181]  [<ffffffff811af9bc>] ? zone_statistics+0x7c/0xa0
      [  122.191674]  [<ffffffff81389b20>] apparmor_bprm_set_creds+0x9b0/0xac0
      [  122.193288]  [<ffffffff812e1971>] ? ext4_xattr_get+0x81/0x220
      [  122.194793]  [<ffffffff812e800c>] ? ext4_xattr_security_get+0x1c/0x30
      [  122.196392]  [<ffffffff813449b9>] ? get_vfs_caps_from_disk+0x69/0x110
      [  122.198004]  [<ffffffff81232d4f>] ? mnt_may_suid+0x3f/0x50
      [  122.199737]  [<ffffffff81344b03>] ? cap_bprm_set_creds+0xa3/0x600
      [  122.201377]  [<ffffffff81346e53>] security_bprm_set_creds+0x33/0x50
      [  122.203024]  [<ffffffff81214ce5>] prepare_binprm+0x85/0x190
      [  122.204515]  [<ffffffff81216545>] do_execveat_common.isra.33+0x485/0x710
      [  122.206200]  [<ffffffff81216a6a>] SyS_execve+0x3a/0x50
      [  122.207615]  [<ffffffff81838795>] stub_execve+0x5/0x5
      [  122.208978]  [<ffffffff818384f2>] ? entry_SYSCALL_64_fastpath+0x16/0x71
      [  122.210615] Code: f8 31 c0 48 63 c2 83 ea 01 48 c7 45 e8 00 00 00 00 48 01 c6 85 d2 48 c7 45 f0 00 00 00 00 48 89 75 e0 89 55 dc 78 0c 48 8d 46 ff <c6> 46 ff 00 48 89 45 e0 48 8d 55 e0 48 8d 4d dc 48 8d 75 e8 e8
      [  122.217320] RIP  [<ffffffff81228844>] d_absolute_path+0x44/0xa0
      [  122.218860]  RSP <ffff880076477b90>
      [  122.219919] CR2: ffff880080945fff
      [  122.220936] ---[ end trace 506cdbd85eb6c55e ]---
      Reported-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: NJames Morris <james.l.morris@oracle.com>
      622f6e32
    • J
      apparmor: fix parameters so that the permission test is bypassed at boot · 545de8fe
      John Johansen 提交于
      Boot parameters are written before apparmor is ready to answer whether
      the user is policy_view_capable(). Setting the parameters at boot results
      in an oops and failure to boot. Setting the parameters at boot is
      obviously allowed so skip the permission check when apparmor is not
      initialized.
      
      While we are at it move the more complicated check to last.
      Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: NJames Morris <james.l.morris@oracle.com>
      545de8fe
    • V
      security/apparmor/lsm.c: set debug messages · eea7a05f
      Valentin Rothberg 提交于
      Add the _APPARMOR substring to reference the intended Kconfig option.
      Signed-off-by: NValentin Rothberg <valentinrothberg@gmail.com>
      Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: NJames Morris <james.l.morris@oracle.com>
      eea7a05f
  5. 06 3月, 2017 1 次提交
  6. 19 1月, 2017 1 次提交
  7. 17 1月, 2017 1 次提交
  8. 16 1月, 2017 15 次提交