https://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-6.18.y.git;a=summary
LTS kernel 6.18
Current version: 6.18.1
commit 06b42332d948b8fc533eaba8f50dbf828b5a6c09 Author: Amon Ott ao@rsbac.org Date: Tue Dec 16 11:03:53 2025 +0100
Port RSBAC from 6.12.y tree
Squashed commit of the following:
commit 21ff08b1b94a6c13b4a32a244519c6c382ad13ea Author: Amon Ott ao@rsbac.org Date: Mon Dec 15 15:49:40 2025 +0100
Various merge and compile fixes for 6.18.
commit 0f69ae5cdaef280a9d3b63cbad6fa4c65a91c760 Author: Amon Ott ao@rsbac.org Date: Mon Dec 15 11:08:58 2025 +0100
RSBAC: review: fix MAINTAINERS entry and do some optimizations and cleanups.
commit 0845e32fd58fbca65e048bb6fe070d32e29dbe0d Author: Amon Ott ao@rsbac.org Date: Tue Oct 14 12:16:53 2025 +0200
Remove RSBAC automount support, it creates more problems than it solves. Automount was a work-around for the case that we missed some mount and had no RSBAC structures for a mounted filesystem. Instead, we now return a default value and log this case once per function so that we can fix it later.
commit 21fcf2ff39501f447fd40031820ad09878face61 Author: Amon Ott ao@rsbac.org Date: Fri Sep 26 12:15:21 2025 +0200
Define own RSBAC_IS_INVALID_PTR macro and use it in aci_data_structures We have rare cases of invalid pointers to first memory page, so better check.
commit b63e9f9bc4efdda642541ff45b131308106c2697 Author: Amon Ott ao@rsbac.org Date: Fri Sep 26 08:16:48 2025 +0200
When auto mounting, also log file system type, if available. This helps hunting down where we missed the mount.
commit 9a059a62bd43054e60b5f27745e226d61b47893b Author: Amon Ott ao@rsbac.org Date: Thu Sep 25 08:49:10 2025 +0200
Do not reject rsbac_automount() in RCU context, but avoid sleeping.
commit b82e9ab745dcf066864fd6530e7cc3a9cb39cdeb Author: Amon Ott ao@rsbac.org Date: Thu Sep 4 11:31:39 2025 +0200
RES: allow to read own res_min and res_max attribute values
commit 40c38ca00ca8607b8781d2b4af8dc27d7825532e Author: Amon Ott ao@rsbac.org Date: Tue Sep 2 11:35:59 2025 +0200
Reject rsbac_automount() in RCU context.
commit 95d1fe2af0ea08ab4249d8df0ab54f000faa137a Author: Amon Ott ao@rsbac.org Date: Wed Aug 6 07:43:28 2025 +0200
Enable rsbac_fd_cache_ceph by default, it has been well tested by now. To disable, use kern param rsbac_no_fd_cache_ceph.
commit d0cf1949bd11badb96d6dcbd578c766739ce0aac Author: Amon Ott ao@rsbac.org Date: Fri Jul 18 07:50:33 2025 +0200
rsbac_cap_hide_fd(): always call generic_permission() to avoid Ceph overload Ceph does not seem to handle too many calls to its i_op->permission() well, this leads to many objects being hidden despite correct access rights. The extra checks in ceph_permission() are not really relevant for hiding anyway.
commit 255c0fc56a540600b9935e7b76d5d9d0812bb3d0 Author: Amon Ott ao@rsbac.org Date: Wed Jul 16 11:04:17 2025 +0200
um_data_structures: when renaming user, delete old name from cache, not new name
commit 4847ba159085313dce190d5cf9437cf7767f0354 Author: Amon Ott ao@rsbac.org Date: Sun Jul 13 09:04:18 2025 +0200
Change RSBAC_CAP_FD_HIDE default to yes, it is now safe and sound.
commit 5198a21b6fc865a385794a3235435dc7b535e642 Author: Amon Ott ao@rsbac.org Date: Thu Jul 10 14:31:24 2025 +0200
Exclude procfs from CAP fd hiding, it can have misleading owner/mode values.
commit 6374b9adc787544c3dc06812a00d6aea785f4a1c Author: Amon Ott ao@rsbac.org Date: Thu Jul 10 12:48:49 2025 +0200
When debugging CAP hidden FD objects, also show device number.
commit 423f1cdab4efea6a631d42325b956988e249a8b7 Author: Amon Ott ao@rsbac.org Date: Thu Jul 10 11:31:13 2025 +0200
Add debug switch rsbac_debug_adf_cap, use it to debug CAP hidden FD objects.
commit 7168874f46c590600c7454bb14f738e0559b2249 Author: Amon Ott ao@rsbac.org Date: Thu Jul 10 09:11:13 2025 +0200
With CAP fd hiding, do not hide if owner has same uid or euid, not only with fsuid.
commit 67ca6472b2bbdb1b1d61b9bcdc724f54ccb969ca Author: Amon Ott ao@rsbac.org Date: Tue Jul 8 11:35:47 2025 +0200
aci_data_structures: rsbac_mount(): also move rsbac_mount_pid reset here This fixes the previous commit.
commit fddc76a4c324b875b436d4046d32f9d061d96fa3 Author: Amon Ott ao@rsbac.org Date: Tue Jul 8 09:31:24 2025 +0200
data_structures: serialize RSBAC auto mounts until after per-module mount.
commit f9fcf0698a07a8f3ed67493effd300c376ebd08a Author: Amon Ott ao@rsbac.org Date: Tue Jul 8 09:00:04 2025 +0200
aci_data_structures: use IS_ERR_OR_NULL for pointer checks where applicable.
commit 3283c3861e06f746cf37331abcf12ff5b3e61635 Author: Amon Ott ao@rsbac.org Date: Mon Jul 7 15:01:09 2025 +0200
aci_data_structures: sanity check vfsmount_p->mnt_sb etc. before use with IS_ERR
commit 4c2266dd9419890cca7fb9f19d5e555acf5ed8cf Author: Amon Ott ao@rsbac.org Date: Thu Jul 3 14:32:03 2025 +0200
Define missing arm64 32/64 Bit syscall numbers, matching those in admin tools.
commit 330741919754e59dcefbd150691c75bd531cbf8d Author: Amon Ott ao@rsbac.org Date: Mon May 19 08:27:50 2025 +0200
Compile fix for 6.12.29 in loop_configure().
commit 61dd43963d9b7eea0a1e62da9f309f9ae7c9eab9 Author: Amon Ott ao@rsbac.org Date: Fri Mar 21 09:45:08 2025 +0100
Allow R_GET_XATTR on rsbac.dat with CONFIG_RSBAC_DAT_VISIBLE
commit 3b74ebf8cccc5840be4a4e7e4a695373bf81214b Author: Amon Ott ao@rsbac.org Date: Wed Mar 19 11:35:28 2025 +0100
ceph_readdir(): use inode_init_always_gfp() to init inode struct for CAP_FD_HIDE
commit 7ef15578cc2a62929c76d63c5f9e353751bd11a0 Author: Amon Ott ao@rsbac.org Date: Wed Mar 19 10:09:50 2025 +0100
lookup_fast(): add missing dput(), do_readlinkat(): add missing putname()
commit 9173222c83bfab3682c11dac2827d053c918cdf1 Author: Amon Ott ao@rsbac.org Date: Wed Mar 19 09:44:41 2025 +0100
ceph_readdir(): for new inode, set i_count to 1 to make iput() work correctly.
commit a7619f226ee1303162dfc6f0a28895131075f1b1 Author: Amon Ott ao@rsbac.org Date: Wed Jan 22 14:23:46 2025 +0100
rsbac_handle_filldir(): do not try to hide dir entries on MSDOS filesystems. The locking structure with filldir64() and vfat_lookup() leads to a deadlock.
commit edd63c98f2e43153dac9452a2308913694cdcf1b Author: Amon Ott ao@rsbac.org Date: Mon Jan 6 08:02:34 2025 +0100
Check for error values before using pointers for R_CLOSE request. Some pointers may have been invalidated before we come here. Only call R_CLOSE notification, if CONFIG_RSBAC_NET_OBJ or CONFIG_RSBAC_UDF is enabled, and only for T_FILE and T_NETOBJ. REG might have a module interested, but we ignore that for now.
commit 8715152fc022af411bfd5ff8ebf7ea1015f32935 Author: Amon Ott ao@rsbac.org Date: Mon Jan 6 07:40:47 2025 +0100
Revert "Move R_CLOSE notification in filp_flush() before removal of locks to avoid race." The move is not needed and does not help either.
This reverts commit eb500501e75d9101be90de67252194938909a8e0.
commit aa894a134418679447d2b02b7c18675ea2aba4eb Author: Amon Ott ao@rsbac.org Date: Sun Jan 5 19:14:21 2025 +0100
Move R_CLOSE notification in filp_flush() before removal of locks to avoid race.
commit 91104ceeb112cb04e5adee252a69ab2668c60980 Author: Amon Ott ao@rsbac.org Date: Wed Dec 18 13:27:55 2024 +0100
Fix RC learning mode to work without rsbac_debug_adf_rc set.
commit 30fcea12c8ae04b458f4f6bd5561ba5931e12622 Author: Amon Ott ao@rsbac.org Date: Sun Dec 15 12:27:55 2024 +0100
Remove obsolete gen_lists RSBAC_LIST_BUFFER_DATA_SIZE define.
commit 6a3444c9682cc9ec4291581067b78524ac760474 Author: Amon Ott ao@rsbac.org Date: Sun Dec 15 11:45:50 2024 +0100
Fix memcpy warnings about field-spanning write in gen_lists.c and debug.c
commit 2dc3d3f10da1b4631b110d552860d223c4da58d8 Author: Amon Ott ao@rsbac.org Date: Sun Dec 15 10:10:17 2024 +0100
Fix compile errors without CONFIG_RSBAC or with CONFIG_TINY_RCU.
commit 8e2cb9d5488514696066c164199f8504f60b7eb3 Author: Amon Ott ao@rsbac.org Date: Fri Dec 13 13:24:34 2024 +0100
Make various compile and merge fixes for kernel 6.12.
commit ef8052b25bf7bdb79c128355f59c4a13f8b44cb4 Author: Amon Ott ao@rsbac.org Date: Thu Dec 12 13:10:51 2024 +0100
Squashed commit of the following commits from 6.6 tree:
commit 8743e5517d6d8a2ef19eae66b867b690a77ddb18 Author: Amon Ott ao@rsbac.org Date: Fri Dec 6 09:32:39 2024 +0100
Add missing R_APPEND_OPEN to RSBAC_IPC_REQUEST_VECTOR
commit b711dadd7250c44614af15dccd08666b5dbc2885 Author: Amon Ott ao@rsbac.org Date: Thu Nov 14 10:35:15 2024 +0100
Check for and use IPC memfd targets with several request types. Changed for requests GET_PERMISSIONS_DATA, GET_STATUS_DATA, TRACE, TRUNCATE, MAP_EXEC and extended RSBAC_IPC_REQUEST_VECTOR with TRACE, TRUNCATE, MAP_EXEC.
commit 4482374793bcd7b7abf318e4a99e4e5767ede45d Author: Amon Ott ao@rsbac.org Date: Fri Nov 8 12:09:48 2024 +0100
rsbac_rc_type_exists(): add missing case T_UNIXSOCK
commit 0cb445b33728833f0b7c9894e23d1c8323837a56 Author: Amon Ott ao@rsbac.org Date: Wed Oct 30 08:27:32 2024 +0100
Show xattr name with GET_XATTR and MODIFY_XATTR log lines.
commit 2e1146a2be0b93ecbab2e7362bb2ce61975ddee8 Author: Amon Ott ao@rsbac.org Date: Mon Oct 28 14:57:28 2024 +0100
Add request types GET_XATTR and MODIFY_XATTR on FD targets for get/setxattr.
commit 0c8b9aaef865d7a3f8b4770e997da1e6dcc9ae67 Author: Amon Ott ao@rsbac.org Date: Fri Sep 20 12:15:41 2024 +0200
Fix compile error in rc_main.c without CONFIG_RSBAC_RC_FORCE_LOG.
commit 301c870df643f30553e7c0826e4b414f00d25b01 Author: Amon Ott ao@rsbac.org Date: Fri Sep 20 11:10:58 2024 +0200
New rsbac_debug_adf_rc value 2, only show debug with "log never" at level 2.
commit ba73204c93fccb9ec066af88183133830e82c038 Author: Amon Ott ao@rsbac.org Date: Thu Sep 19 10:07:27 2024 +0200
check_comp_rc(): consistency check, adjust invalid role or type to default 0. While at it, always allow to remove non existent type, only complain with debug_adf_rc.
commit af8ce20cecf05a017be9325a42695ba14fb470fc Author: Amon Ott ao@rsbac.org Date: Tue Sep 17 12:02:35 2024 +0200
With CAP fd hiding, also do not hide with execute access.
commit 16ab33f066602201300533dd247cf3f664fa16cc Author: Amon Ott ao@rsbac.org Date: Fri Sep 13 08:03:28 2024 +0200
Fix compile error in net/socket.c for 6.6.51.
commit 1200bd7fe69d9540e23b65bc0206ab9f24360994 Author: Amon Ott ao@rsbac.org Date: Tue Sep 3 10:07:49 2024 +0200
With "Hide filesystem objects", hide in all places where CAP FD hiding does. CONFIG_RSBAC_FSOBJ_HIDE hides based on SEARCH right, this means extra SEARCH requests for all covered items.
commit b715aff0e88000ddedb0550ae3a7f1b476658534 Author: Amon Ott ao@rsbac.org Date: Thu Aug 22 12:31:05 2024 +0200
ceph_readdir(): add rsbac_cap_hide_fd() call to __dcache_readdir(), too. For module builds, also export symbols rsbac_cap_fd_hiding, rsbac_cap_hide_fd.
commit 69f9612411542bc1f77a756bccd01d1c1b4bf651 Author: Amon Ott ao@rsbac.org Date: Wed Aug 21 15:59:23 2024 +0200
ceph_readdir(): add rsbac_cap_hide_fd() call with custom inode struct.
commit 7046acc8d1ae363dac47135a6b6fa978bf163172 Author: Amon Ott ao@rsbac.org Date: Wed Aug 21 15:58:05 2024 +0200
Change rsbac_cap_hide_fd() arg type from "struct dentry *" to "struct inode *".
commit 00ec72d2060f4a5520d8e25f339da023866c6d4a Author: Amon Ott ao@rsbac.org Date: Wed Aug 21 13:04:49 2024 +0200
CAP fd hiding: special case for CephFS, call its own permission() function.
commit a038ade812f5bef0eea7b010d06fb0b6d439118e Author: Amon Ott ao@rsbac.org Date: Wed Aug 21 09:23:30 2024 +0200
With CAP fd hiding, also do not hide with write access.
commit af68703a78922658db70bf13171bda49f9aae954 Author: Amon Ott ao@rsbac.org Date: Tue Aug 20 08:16:59 2024 +0200
With CAP fd hiding, do not hide from owner to avoid unaccessible objects.
commit 2351adc94fcaa1b2a9098110c3b87684c031e9c5 Author: Amon Ott ao@rsbac.org Date: Tue Jul 30 14:38:26 2024 +0200
vfs_getattr(): with RSBAC_FSOBJ_HIDE, avoid SEARCH request on IPC targets.
commit cfbdd1d17eda0fb6d083438f246b8426688119a3 Author: Amon Ott ao@rsbac.org Date: Mon Jul 29 12:56:30 2024 +0200
Add feature CAP filesystem object hiding If enabled, you can hide filesystem objects from users without Linux read rights on them, set with the kernel command line switch rsbac_cap_fd_hiding or through the RSBAC proc interface. There are two possible values: 0 / off: no hiding. 1 / on: only processes with Linux read right to a filesystem object, Linux capability DAC_OVERRIDE or DAC_READ_SEARCH or with CAP role security officer or system admin may see this object. Hiding works with many, but not all types of file system object access.
While at it, reduce overhead with CAP process hiding: only use global variable rsbac_cap_process_hiding instead of per-process attribute, which does not get set individually anyway. Since rsbac_get_owner() never returns an error, change it to not return a result and remove all result checks. Add some type casts to rc_main.c.
commit 2f2a21480163e01d7a474cb6ce270b68b0c409bb Author: Amon Ott ao@rsbac.org Date: Thu Jul 25 11:54:28 2024 +0200
acl_data_structures: log device number with "Could not lookup device" warnings.
commit 2a707879d48e7aa201311cda1f3ad5ea91ef3587 Author: Amon Ott ao@rsbac.org Date: Thu Jul 25 08:13:33 2024 +0200
Add rsbac_mount() calls to fc_mount() and sys_fsmount(). Make small cleanup in rsbac_mount().
commit a87a534b933b83994cc6c483e5046e4c7b67689b Author: Amon Ott ao@rsbac.org Date: Wed Jul 24 15:00:06 2024 +0200
Always call rsbac_mount() with parent info, log parent, fix parent value in proc. Do not call rsbac_mount() from do_move_mount(), this makes no sense, leads to repeated mount entries and breaks inheritance.
commit 7aaa6a5fd9633655c6bf36acfc23f45a3489653f Author: Amon Ott ao@rsbac.org Date: Wed Jul 24 11:59:48 2024 +0200
Add rsbac_debug_ds debugging to show from where rsbac_mount() is called.
commit c2f50f269b911ec6a45184f63184ef73953f89c6 Author: Amon Ott ao@rsbac.org Date: Mon Jun 24 10:52:56 2024 +0200
Fix some KCSAN findings. gen_lists: increase list->read_count outside RCU lock. aci_data_structures.c: lookup_device(): do not update global curr. acl_data_structures.c: acl_lookup_device(): do not update global curr. Mark various stat counters with data_race(), atomic updates not needed.
commit bf1a2f6feb353892bdf81111de16c514a8aee4f2 Author: Amon Ott ao@rsbac.org Date: Fri Jan 26 14:59:37 2024 +0100
jail: jail_check_ip(): allow INET6, too, if jail_ip is INADDR_ANY.
commit f28238c89314852315bef0c1065905666e5fdc7a Author: Amon Ott ao@rsbac.org Date: Fri Jan 26 13:38:54 2024 +0100
jail: allow to CREATE AF_INET6 sockets like AF_INET
commit 8a748f11e737c5aae595124db4fbe8bb5c76231c Author: Amon Ott ao@rsbac.org Date: Tue Jan 16 08:25:58 2024 +0100
Fix rsbac_rc_sys_copy_type() parameter type.
commit dcb7bff649b60245c80131b6e562c09354eae70e Author: Amon Ott ao@rsbac.org Date: Tue Jan 16 07:56:32 2024 +0100
Fix rsbac_rc_copy_type() parameter type.
commit 94d2279c615de46fb8adcc23524857a85a386788 Author: Amon Ott ao@rsbac.org Date: Fri Jan 12 11:42:58 2024 +0100
Fix memory leak in rsbac_read_open().
commit b0d689e52ab9634d34482b15090032eea5f261c3 Author: Amon Ott ao@rsbac.org Date: Fri Jan 12 11:21:18 2024 +0100
Fix various compile errors in REG sample modules.
commit 384ef3bec833db0aaea3ee26fb3fdd6a26eb65d9 Author: Amon Ott ao@rsbac.org Date: Fri Jan 12 11:02:14 2024 +0100
Use pid_task() with RCU lock only.
commit 7ea7d90c9b97570eb0d778829454505b3e711331 Author: Amon Ott ao@rsbac.org Date: Thu Jan 11 07:54:55 2024 +0100
Default CONFIG_RSBAC_MOVETO to yes, auto-adjust RC and ACL FD rights. Warning: for this adjustment, RC and ACL FD lists get a version bump, this means they get upgraded when read from disk and going back to older RSBAC kernels requires booting with rsbac_list_recover and setting RC and ACL FD values again. Because of a previous change for kernel 6.6, this is needed anyway, if you want to go back to older kernel versions.
commit e51d66433c1bd97185a3a906a8d619fba76ce750 Author: Amon Ott ao@rsbac.org Date: Mon Jan 8 09:25:37 2024 +0100
Fix various enum related compile warnings and do some cleanups.
commit d0d6618e967fd78b1103ec98c566e20df0005732 Author: Amon Ott ao@rsbac.org Date: Mon Dec 18 11:42:08 2023 +0100
After CAP learning a capability, allow access.
commit 5cc5a647de057e434e6778f945128d908d2f235f Author: Amon Ott ao@rsbac.org Date: Mon Dec 18 09:05:53 2023 +0100
Raise all cap types in CAP learning mode, use kernel macros for bit manipulation.
commit b7be2669c4777256d0c0ff98640740b81e136a84 Author: Amon Ott ao@rsbac.org Date: Thu Dec 14 15:13:58 2023 +0100
Fix some minor merging glitches.
commit 97f404a56c7f4e386f9dff74de17e0a653a94594 Author: Amon Ott ao@rsbac.org Date: Thu Dec 14 13:28:40 2023 +0100
Various compile fixes and code adjustments for kernel 6.6. Warning: Like kernel 6.6 we now use 64 Bit integers for capabilities instead of an array of two 32 Bit, this requires new list on-disk versions for CAP FD and USER attributes. Existing lists get converted as usual, but after they got saved for the first time there is no way back to read them with older kernels.
commit 1271a75f965f313b368a2e7144403c4e491315cf Author: Amon Ott ao@rsbac.org Date: Thu Dec 14 10:33:37 2023 +0100
Squashed commit of the following:
commit d6d63ee51916d8a2c089f41c941c15a521351762 Author: Amon Ott ao@rsbac.org Date: Wed Nov 1 13:30:18 2023 +0100
Extend rsbac_jail_sys_jail() with debugging, enable with rsbac_debug_aef_jail.
commit c5170b70c25a9403ec502cf2857f2198095506f3 Author: Amon Ott ao@rsbac.org Date: Mon Jul 24 11:40:33 2023 +0200
namei.c: move DELETE and RENAME notifications before unlock to avoid race.
commit 3685dfd508fe173b3b0d30049377234dc7ed7a0d Author: Amon Ott ao@rsbac.org Date: Fri Jul 21 08:33:53 2023 +0200
rsbacd: still trigger list rehashing, if rsbac_debug_no_write is enabled.
commit 45051379b237cdd2d26ef30368c920f387728c9b Author: Amon Ott ao@rsbac.org Date: Tue Jun 6 07:59:56 2023 +0200
__sys_setresuid(), __sys_setresgid(): move RSBAC check behind no-op check. Instead of checking RSBAC first, just disable the no-op check, if RSBAC is enabled. This also restores correct notification in this special case.
commit 06af2059f82f7ccfda52f309fa662a405b0652cf Author: Amon Ott ao@rsbac.org Date: Thu Jun 1 07:45:04 2023 +0200
__sys_setresuid(), __sys_setresgid(): move RSBAC check before no-op check. The kernel no-op check bypasses the RSBAC check and notification, but in RSBAC, setresuid(getuid(), -1, -1) is security relevant and needs to update state. As a side effect, we now also check before the kernel capability check and might see more RSBAC messages as a result.
commit 98afe1e9692183f56f88eaa0679b9b8bd6ea0bfc Author: Amon Ott ao@rsbac.org Date: Wed Apr 5 12:52:08 2023 +0200
Add missing put_pid in do_accept().
commit 501f480455a439b94a2f6ce7357c5669c68b8153 Author: Amon Ott ao@rsbac.org Date: Fri Mar 31 08:26:03 2023 +0200
Check ext2 and ext4 ioctl with DEV block target, not DIR. Check ext4 FITRIM as R_GET_PERMISSIONS_DATA, not R_MODIFY_PERMISSIONS_DATA. Check R_GET_PERMISSIONS_DATA and R_MODIFY_PERMISSIONS_DATA on DEV block in JAIL and MAC.
commit 389f9cde091ed192c8a08ba88e07b57307e2fdfc Author: Amon Ott ao@rsbac.org Date: Wed Mar 8 14:47:18 2023 +0100
Review: fix R_NET_SHUTDOWN in __sys_shutdown() and several minor glitches.
commit cbd8f2913e120d19543ae2cfd78a2438ed401c1c Author: Amon Ott ao@rsbac.org Date: Fri Feb 17 07:46:55 2023 +0100
Add missing log level to some rsbac_printk() calls.
commit 3660a1572e59d08847096f9192a68c792ea58510 Author: Amon Ott ao@rsbac.org Date: Thu Feb 16 08:58:36 2023 +0100
Fix compile warning in adf_main.c
commit 58c91f012ec989523c72bd39a8603a1c9269cba5 Author: Amon Ott ao@rsbac.org Date: Thu Feb 16 08:37:45 2023 +0100
In loop driver, move request from __loop_clr_fd() to loop_clr_fd(). __loop_clr_fd() no longer has a return value.
commit 8f308cc72361dbdbc268d5867de185c7cb293b8c Author: Amon Ott ao@rsbac.org Date: Wed Feb 15 13:26:08 2023 +0100
Various merge and compile fixes for 6.1.
commit c08d19f187592aed12b08d44dbbd401118a94b65 Author: Amon Ott ao@rsbac.org Date: Wed Feb 15 12:07:04 2023 +0100
Squashed commit of the following:
commit fa8e091ea85a858c8e7526d795128b9de0261df6 Author: Amon Ott ao@rsbac.org Date: Mon May 16 12:53:43 2022 +0200
sysfs_kf_seq_show(), sysfs_kf_bin_read(): fix attribute type in request.
(cherry picked from commit 1298435331b1d2efe6d3709dca17c99f1829e039)
commit 02e5e4cbca8f3e9fdc2adc6a8410ff4c271df7fe Author: Amon Ott ao@rsbac.org Date: Fri Mar 25 10:58:33 2022 +0100
Threat value RC_role_use_force_role specially when assigning initial/force role. Files and dirs can have the special RC initial role value RC_role_use_force_role, which refers to the force role setting. When assigning a new initial role, we check whether old and new initial role value are in the current role's set of assign roles. We must use the force role value for that check in this case. If no force role value has been set explicitely, we inherit the root dir default value. In this special case we allow access without that default value in the assign roles set of the current role to avoid a hen-and-egg problem.
(cherry picked from commit 122528464d6d373a128cecc6d0867b79df75a87e)
commit 7827b08930cb75de9a4281fdf93fcaec258c6829 Author: Amon Ott ao@rsbac.org Date: Wed Dec 8 12:12:51 2021 +0100
rsbac_rc_sys_set_item: only log denied removal of items, if they do exist.
(cherry picked from commit ff826a4114abdee1682d0d051c208568ee27fd09)
commit cb315e13641b0bb8b7f5f12067eea7820bbdde17 Author: Amon Ott ao@rsbac.org Date: Tue Dec 7 10:36:15 2021 +0100
Fix notification call in sys_accept() and cleanup setting of remote_ip.
(cherry picked from commit 4119e4ae00295e29983b784b7eb86760b6ea801b)
commit a9b578d725749f49116523bd209df1f51679ce55 Author: Amon Ott ao@rsbac.org Date: Mon Dec 6 12:53:57 2021 +0100
Add TRACE requests on FD and DEV targets to dnotify, inotify, fanotify. Check when watches are set up, not when they are removed. Warning: denying TRACE on some FD targets might irritate systemd.
(cherry picked from commit 26f8ef18f5385324998678ba3348e634cc1bba20)
commit 15ea92f4b64886f91308c5e919099c2193d6eec7 Author: Amon Ott ao@rsbac.org Date: Fri Dec 3 15:09:35 2021 +0100
UDF: after waiting for in_progress check, really use that check's result. Also, set other values of udf_checked than in_progress with TTL 0, they might inherit the TTL of in_progress.
(cherry picked from commit f88818ff6279ae2159ed029d5556a557be02a322)
commit 51e2985f33e921412e357e7828004df026c03f0d Author: Amon Ott ao@rsbac.org Date: Fri Dec 3 13:40:04 2021 +0100
Do not allow to set udf_checked to UDF_in_progress in RC and ACL, too.
(cherry picked from commit 1ca018df03fa5e6825055daeeac3284dd34784da)
commit 848728bcbc6866acdf3d32e8d3c1869bc533f8c7 Author: Amon Ott ao@rsbac.org Date: Fri Dec 3 10:36:35 2021 +0100
UDF: do not allow to set udf_checked to UDF_in_progress from user space This value is kernel-only and can lead to a dead loop in checking code.
(cherry picked from commit 60bc077023ece535e9507119f95514767f72803a)
commit 9510d0ae05b29d2dd367045be5acaccf8a4bde30 Author: Amon Ott ao@rsbac.org Date: Fri Dec 3 10:22:17 2021 +0100
Add UDF checked state "in_progress" with TTL to avoid multiple checks. While a check on some file is in progress, other checks wait for the result of the first check. TTL ensures that hanging first checkers do not hang the waiting processes forever. In progress TTL is set with new CONFIG_RSBAC_UDF_PROGRESS_TTL and can be changes with kernel parameter rsbac_udf_progress_ttl or through proc interface. The new rsbac_ta_set_attr_ttl() function takes ttl as extra argument to make this possible, default is RSBAC_LIST_TTL_KEEP.
(cherry picked from commit 8d1de8ce4fbdc59976cdf6622a7d0799ae14edf8)
commit 62562ed3d342a304f076f25b4d8376311140d5b5 Author: Amon Ott ao@rsbac.org Date: Wed Dec 1 15:13:50 2021 +0100
adf_check.c: allow APPEND_OPEN on IPC targets for memfd.
(cherry picked from commit cc07e4a5a86334aaa2e09b87cb5d1372ff6e3bef)
commit 7080be105f5d41f50ab8bf7a88ce46a698294ce5 Author: Amon Ott ao@rsbac.org Date: Fri Nov 26 11:21:05 2021 +0100
inode.c, memfd.c: in rsbac_debug_memfd output, fix memfd id format
(cherry picked from commit a542f203fbf0f9654d9ff8f50bfbb57fe0ca2210)
commit f1869360743cde1425f1d042d14f9ec87ef8e32d Author: Amon Ott ao@rsbac.org Date: Thu Nov 25 15:47:21 2021 +0100
Use inode struct address as memfd id, not inode number. Inode numbers in shmfs are not unique, next_id is per cpu.
(cherry picked from commit 3f7eed3c5c752359c0fbbd280caa753586559bc9)
commit 65032dcf01fb5377307a146784efa272ac6746f3 Author: Amon Ott ao@rsbac.org Date: Mon Nov 22 12:52:12 2021 +0100
fs/locks.c: fcntl_setlk64(): compile fix with BITS_PER_LONG == 32
(cherry picked from commit 77184b8392ce7806fe92e95fe3cf9dffbfddb816)
commit 9ec7db16bcc523d71f11c12f7b9e6f00a16dbc71 Author: Amon Ott ao@rsbac.org Date: Fri Nov 19 09:27:58 2021 +0100
Add rsbac_memfd_keep kernel parameter to not call rsbac_remove_target(memfd) This switch is supposed to help in debugging of missing memfd attributes.
(cherry picked from commit cd0f7bb6b084131128a6b0b76d25680d0045fe3b)
commit dd0bcf6f052761a10d342a33772d2f1e6f46cc89 Author: Amon Ott ao@rsbac.org Date: Wed Nov 10 09:22:13 2021 +0100
Fix compile warning in drivers/block/loop.c.
(cherry picked from commit b06d56d7e37d3974a1c84331887064d79ee99ae5)
commit 2d94c4603b19ace049485af3d2635123c65a9a1f Author: Amon Ott ao@rsbac.org Date: Wed Nov 10 09:06:40 2021 +0100
Use official fallthrough macro in switch statements.
(cherry picked from commit 7ee812fd528863adf20652c6bf289887dc4d0923)
commit a2b91e9be1fc73751eb18f6f60ecf400a6becac9 Author: Amon Ott ao@rsbac.org Date: Tue Nov 9 13:24:16 2021 +0100
Merge, build and runtime fixes for kernel 5.15.
(cherry picked from commit ce665a5012548d2088e2da694402e9a5c9990032)
commit eecc96f4cb10fba15954686e543c4c2e2b7f2dca Author: Amon Ott ao@rsbac.org Date: Tue Nov 9 09:23:38 2021 +0100
Port RSBAC from 5.10 git commit 11a4c2b4dc02f7232ff81c4453a7678f69338be4 Do not check space in rsbac_symlink_redirect(), rather truncate result later. This follows the standard readlink() behaviour, which silently truncates, if there is not enough space.
Squashed commit of the following:
commit 144e71c5beb41fcc4ecfa4a9628a69e0cd0d5c6f Author: Amon Ott ao@rsbac.org Date: Wed Nov 3 09:04:42 2021 +0100
Do not check space in rsbac_symlink_redirect(), rather truncate result later. This follows the standard readlink() behaviour, which silently truncates, if there is not enough space.
commit 06f36995adeb5b463cd4928ff1b2af6668290098 Author: Amon Ott ao@rsbac.org Date: Tue Oct 5 11:41:40 2021 +0200
Cleanup IPC target handling and remove hooks in pipe_fasync().
commit a3bddf74079ad55df986af079f8125eba19957be Author: Amon Ott ao@rsbac.org Date: Mon Oct 4 10:51:33 2021 +0200
Add parameter rsbac_rc_force_ipc_type to force 0 IPC rc_type to def_ipc_create. Cleanup bogus __KERNEL__ checks and related dead code. We stopped sharing code with userland tools years ago.
commit 0df510d66f21a738ea739ef66c8fd8162652190c Author: Amon Ott ao@rsbac.org Date: Tue Sep 28 12:47:09 2021 +0200
In iput_final(), call rsbac_remove_target() after spin_unlock(). Under high RCU load, we can trigger a scheduling while atomic.
commit d7601ad8e62bb48c8525a4430a6a4c18a081a55b Author: Amon Ott ao@rsbac.org Date: Tue Sep 28 09:03:20 2021 +0200
adf_check: also allow RENAME notifications for IPC memfd targets.
commit 8a8fbbfd6aea3940075441e100796dd567cbd610 Author: Amon Ott ao@rsbac.org Date: Mon Sep 27 11:13:57 2021 +0200
Shorten memfd debug lines.
commit e121da900a234d0bd6f21d571547e0481b50b00c Author: Amon Ott ao@rsbac.org Date: Mon Sep 27 09:00:13 2021 +0200
Remove IPC shmem attributes in iput_final(), not at DELETE notification. Pass rsbac_remove_target tid as pointer to avoid union copy. Add rsbac_debug_memfd for memfd create and delete. At CREATE, remove all old IPC shmem attributes before setting new ones.
commit 27ed88fce887d2577d6e4f6c5ddd4e02ef047ed3 Author: Amon Ott ao@rsbac.org Date: Wed Sep 22 07:54:20 2021 +0200
Add R_RENAME to RSBAC_IPC_REQUEST_VECTOR, IPC memfd can be renamed.
commit 68c2ca408048f78b9eeee4748c8709a7dac849f3 Author: Amon Ott ao@rsbac.org Date: Tue Sep 21 15:49:29 2021 +0200
Allow and check RENAME and WRITE_OPEN requests on IPC targets.
commit 8515ad3a2e5deac72c1b412d6f57f8998332b5ee Author: Amon Ott ao@rsbac.org Date: Tue Sep 21 11:31:18 2021 +0200
Also extend sys_fallocate() to use IPC memfd.
commit 00b3ed4a6d91ee9acd11489fd9d882788d4eafcd Author: Amon Ott ao@rsbac.org Date: Mon Sep 20 15:00:35 2021 +0200
Add IPC type memfd and CREATE requests in mm/memfd.c:memfd_create() Extend file access function to use IPC memfd where used. This needs a marker in the inode struct. Bump RSBAC version to reflect the change.
commit cfdec75ce8a83c131f9183e49bd348e149cd7683 Author: Amon Ott ao@rsbac.org Date: Tue Jun 1 12:20:21 2021 +0200
aci_data_structures: fix creation of new rsbac.dat dirs
commit b3ddf3ffd3285b2e998f6ca7b5c6468acbbd6b21 Author: Amon Ott ao@rsbac.org Date: Mon May 31 11:59:17 2021 +0200
adf_main: get_task_exe_file() with task lock deadlocks, use get_mm_exe_file().
commit ce3d07cc71e5b82d659320e6abf95a9cbb4916f4 Author: Amon Ott ao@rsbac.org Date: Fri May 28 10:09:46 2021 +0200
rsbac_jail_sys_jail(): avoid potential deadlock on files->file_lock with close()
commit c14697d3e680e2de53820bd47f5b0bcc04f3aec9 Author: Amon Ott ao@rsbac.org Date: Fri May 28 09:32:34 2021 +0200
rsbac_jail_sys_jail(): use spin_lock(&files->file_lock), not rcu_read_lock()
commit 97da254d2211af3d74154fe093cca86885f3da38 Author: Amon Ott ao@rsbac.org Date: Fri May 28 09:11:48 2021 +0200
vfs_getattr(): add pointer checks
commit df9cdeb7e8c8099cd3c5dcf288b15426a538ca01 Author: Amon Ott ao@rsbac.org Date: Fri May 28 08:04:33 2021 +0200
aci_data_structures: create rsbac.dat with LOOKUP_DIRECTORY flag.
commit 3bec29ae1bb741426ca14e39857e3871520c0351 Author: Amon Ott ao@rsbac.org Date: Fri Mar 26 13:50:06 2021 +0100
Also list sys_rsbac in tools/perf/arch/x86/entry/syscalls/syscall_64.tbl
commit 4c129031bd4c7c7c1448d8c66a16d59b32816e0a Author: Amon Ott ao@rsbac.org Date: Mon Mar 22 08:11:45 2021 +0100
Support capabilities up to CAP_CHECKPOINT_RESTORE.
commit 01fd442649c30c5209eec1f3e80edcad5fdca960 Author: Amon Ott ao@rsbac.org Date: Wed Mar 10 08:10:12 2021 +0100
rsbac_aci_path_open(): do not call done_path_create() with invalid dentry.
commit c51da195680b6cb77bcd64f254fb7a39fa0c9de8 Author: Amon Ott ao@rsbac.org Date: Tue Feb 2 07:58:54 2021 +0100
Fix CREATE notification in atomic_open().
commit 29ae5a4ed2e1197fad1724bb04b7944bf8a1f2a5 Author: Amon Ott ao@rsbac.org Date: Fri Jan 8 12:42:26 2021 +0100
__sys_connect_file(): correctly store address into remote_addr
commit c020407454b863b4602679a6bcd29a93655762bf Author: Amon Ott ao@rsbac.org Date: Thu Jan 7 10:09:45 2021 +0100
Fix user exists check in rsbac_um_add_gm() with CONFIG_RSBAC_UM_EXCL.
commit 6f3d7580ecc6086b44b7a407e3fd55c7b6b6570d Author: Amon Ott ao@rsbac.org Date: Wed Dec 30 14:12:32 2020 +0100
In do_rsbac_sec_trunc(), use __kernel_write(), not kernel_write() Write access is already there.
commit 666538059764bbf1180bd56e173f7be0656fa175 Author: Amon Ott ao@rsbac.org Date: Wed Dec 30 13:21:01 2020 +0100
Fix traces with systemd and RSBAC auto mount.
commit eaebf3a69b6db4db554617e986f4a19a80c6208d Author: Amon Ott ao@rsbac.org Date: Mon Dec 28 15:45:41 2020 +0100
Various fixes for kernel 5.10, rewrite file access functions.
commit 85fa29e0f919f8fa4c7c07e6117eea2ed3897d03 Author: Amon Ott ao@rsbac.org Date: Mon Dec 28 12:48:27 2020 +0100
Port RSBAC from 5.4 git commit 94f6252b9cf5e460992e2e9a5fb475d6fce42fe1 arch/*/include/uapi/asm/unistd.h: do not leak CONFIG_RSBAC to user space
Squashed commit of the following:
commit 60129af82e19885378754cb084833a17cf4b23d5 Author: Amon Ott ao@rsbac.org Date: Thu Jul 23 12:20:48 2020 +0200
arch/*/include/uapi/asm/unistd.h: do not leak CONFIG_RSBAC to user space
commit e9fe526162d9f187954f5b5941aef74a36534dd7 Author: Amon Ott ao@rsbac.org Date: Thu Jul 23 09:28:23 2020 +0200
arch/alpha/include/uapi/asm/unistd.h: do not leak CONFIG_RSBAC to user space
commit 85a307ca1ee8115a32ae5a506a51242965dd3130 Author: Amon Ott ao@rsbac.org Date: Wed Jul 22 07:57:14 2020 +0200
gen_lists: also mark lists dirty, if ttl has changed.
commit d30c260aab4e6f647925cdecb6c89bd13cc58e05 Author: Amon Ott ao@rsbac.org Date: Tue Jul 14 17:32:51 2020 +0200
gen_lists: only copy list item data and mark list dirty, if data has changed.
commit 159bf9738b0f7b50ae8b06aede241d628edbcd2b Author: Amon Ott ao@rsbac.org Date: Thu Jun 25 10:44:54 2020 +0200
Remove #ifdef CONFIG_RSBAC from include/uapi/linux/sched.h This avoids the following error at make headers_install: error: include/uapi/linux/sched.h: leak CONFIG_RSBAC to user-space
commit 6583bd759f03d7533411e0cbf61928ea83ebcd63 Author: Amon Ott ao@rsbac.org Date: Fri May 8 13:46:03 2020 +0200
Silence noisy debug printk in rsbac_get_all_res_limits()
commit 97a1a9db372c60aa550defbb92310b59fbcfae21 Author: Amon Ott ao@rsbac.org Date: Thu Apr 30 11:20:24 2020 +0200
Revert f0483ea986bf648937103c710c5f042146afd2a5 for include/rsbac/gen_lists.h This fix was wrong and lead to NULL pointer dereference.
commit 4827de20206482995d6108027ea584f16d7bafea Author: Amon Ott ao@rsbac.org Date: Fri Apr 24 09:49:11 2020 +0200
Fix some compile warnings.
commit 3c4ff6f72bbaf39723d9bf5aa9e1c7fb452d2b5d Author: Amon Ott ao@rsbac.org Date: Wed Apr 22 10:54:28 2020 +0200
Remove decision modules PAX and DAZ. Bump version to 1.5.5 to reflect that.
commit 82fdee01d9b4b94aa63a94bc6bcfbb620ac12f0d Author: Amon Ott ao@rsbac.org Date: Tue Mar 31 12:47:17 2020 +0200
Deprecate decision modules PAX and DAZ. Both PaX and Dazuko support have been obsolete for a long time.
commit d4d6bb03047161172ab55baff10d50c4b551ed83 Author: Amon Ott ao@rsbac.org Date: Tue Mar 31 12:44:06 2020 +0200
Small cleanup in secure delete.
commit f0e5bccc5d3ca2a1d24b6408794e88de9ccd77c8 Author: Amon Ott ao@rsbac.org Date: Fri Mar 27 15:31:31 2020 +0100
Use major, minor for devices internally and serialize all mounts to avoid races. Mark auto mounted devices and replace with real when rsbac_mount() is called.
commit 8837899bf6ef072ec0f01bd9eea7890bdd5b083a Author: Amon Ott ao@rsbac.org Date: Thu Mar 26 15:24:58 2020 +0100
Use new rsbac_dev_t (__u32) instead of old style kdev_t for devices.
commit f64010acff636413728a001550be66e5bd00460b Author: Amon Ott ao@rsbac.org Date: Thu Mar 26 12:50:11 2020 +0100
rc_main: always show error in error message after failed rsbac_[gs]et_attr().
commit c88da89423a3da778aa883d171551a092845af5b Author: Amon Ott ao@rsbac.org Date: Mon Mar 2 09:36:46 2020 +0100
Add SCD target type perf, extend sys_perf_event_open() with ADF request.
commit 609be8b0ab6561863d7946b48863230a984717d1 Author: Amon Ott ao@rsbac.org Date: Wed Feb 12 09:20:18 2020 +0100
Compile fix in ipc/msg.c for new structures in 5.4.19.
commit dfbadad85067f32b571ab7cbeb75654b67537dfc Author: Amon Ott ao@rsbac.org Date: Thu Jan 30 16:00:20 2020 +0100
rc_main: add missing #ifdef CONFIG_RSBAC_DEBUG Thanks to Jan Mazur for telling.
commit c6db4477bee9dd6aac2fee99895df9e8e07b0eb0 Author: Amon Ott ao@rsbac.org Date: Fri Jan 17 10:20:48 2020 +0100
aci_data_structures: if device not found, try to auto mount, if possible. Auto mounting is restricted to devices which may not have attributes stored, because the vfsmount_p is not available at that time. Inheritance from parent mounts cannot work either for all auto mounted devices.
commit cd1f2062989758c1222bf674a58ff9a239298e00 Author: Amon Ott ao@rsbac.org Date: Wed Jan 15 15:11:13 2020 +0100
Also provide parent mount to rsbac_mount(), force rsbac_mount(parent), if missing.
commit 99ab40a360e04233b8d976d00cfb63d1b42e9b73 Author: Amon Ott ao@rsbac.org Date: Wed Jan 15 09:06:32 2020 +0100
aci_data_structures: list more FS types as not writable.
commit 2896c1197a1203b3bb6a857d21ee8dfa93047e7b Author: Amon Ott ao@rsbac.org Date: Wed Jan 15 08:39:02 2020 +0100
rsbac_umount(): before init, only remove one saved mount per call. The same vfsmount can be mounted more than once and some, but not all of these mounts might be umounted, leaving RSBAC without device entry if we remove all entries in the list.
commit c482e74ec9fd75c0c6ae233b4c3f3fad9ca9fc67 Author: Amon Ott ao@rsbac.org Date: Mon Dec 23 11:31:12 2019 +0100
Work around an invalid kernel pointer in filp_close().
commit c5ef140511fbcc65a8b56b253efbb907b402758b Author: Amon Ott ao@rsbac.org Date: Tue Dec 17 09:51:53 2019 +0100
New kernel config for number of days after which expired passwords turn unset. If a password has been expired for this number of days, it is treated as unset. This effectively avoids password warnings when logging in with other authentication methods. The value set here can be overridden with kernel parameter rsbac_um_old_pw_unset_days=N or through proc file debug. Set to -1 (default) to use 2 * user's inactive days value or to 0 to disable.
commit 4aaf41756aca2909afa6d799192c32eb4dec8725 Author: Amon Ott ao@rsbac.org Date: Mon Dec 16 08:42:51 2019 +0100
Log errors returned by AUTH helper functions.
commit 2efe224abe6bff1cd8aa0ea07c68b61ebaaada35 Author: Amon Ott ao@rsbac.org Date: Wed Dec 11 12:28:06 2019 +0100
Follow old inheritance rules when converting old RES lists to new lists of lists.
commit fa58f6c791e733c164cbf0426c4bcdea3566eb83 Author: Amon Ott ao@rsbac.org Date: Wed Dec 11 11:25:42 2019 +0100
With debug_adf_res, also show process owner.
commit 43d2ea369fb6cd614debdfda4aff5e6d9c1f3351 Author: Amon Ott ao@rsbac.org Date: Wed Dec 11 09:30:57 2019 +0100
Limit RES limit values to RLIM_INFINITY, if it is not 0.
commit a3e40200e9c00b70011db4daf91d0dc4e2c9c4c8 Author: Amon Ott ao@rsbac.org Date: Fri Dec 6 13:47:41 2019 +0100
Change RES res_min and res_max storage to lists of lists Try to convert old lists, if new lists are empty. Mostly rewrite how res_min and res_max get accessed while keeping the old interfaces for backwards compatibility. Add new RSBAC syscalls to get and set RES limits individually and with ttls. This change makes inheritance from RES default user to normal users work as expected: inherit individual values, not everything together, and use own settings where set.
commit 8dc63d57eb2650c7fc20d4ceca7980db8fb5f090 Author: Amon Ott ao@rsbac.org Date: Thu Dec 5 13:51:58 2019 +0100
Require minimum password hash algo hash size of 20 bytes (160 bits).
commit 71d388e4d7d177498a4bf25540872898916c14f4 Author: Amon Ott ao@rsbac.org Date: Wed Dec 4 12:58:06 2019 +0100
Convert one-time password list to new password format and provide new hash syscalls.
commit 3dddebb838e05769bae0e8836a17f3f89700f8bf Author: Amon Ott ao@rsbac.org Date: Wed Dec 4 10:24:45 2019 +0100
Convert password history list to new password format.
commit f92c45cfe64c8572e0d6ac8c7113cb198853c62d Author: Amon Ott ao@rsbac.org Date: Wed Dec 4 08:30:18 2019 +0100
Move auth_may_set_cap check back from auth_main.c to syscalls.c. If a process has auth_may_set_cap, ADF should not be called at all.
commit 374d8f2459157e04e91c4a516158cdd4d4ca250e Author: Amon Ott ao@rsbac.org Date: Tue Dec 3 10:51:26 2019 +0100
Also allow to add AUTH process caps, if all modules grant MODIFY_ATTRIBUTE All modules check MODIFY_ATTRIBUTE on the new A_auth_add_p_cap and A_auth_remove_p_cap pseudo attributes the same way as A_auth_add/remove_f_cap. If the calling process has auth_may_set_cap set, it can set these caps as before.
commit 7d26b112452ae5c608906b51cf17c3dae0eb164d Author: Amon Ott ao@rsbac.org Date: Thu Nov 28 16:15:53 2019 +0100
Support all kernel hash functions for password storage. Change version to 1.5.4 for new functionality. The code tries to stay backwards compatible while adding potentially better security for passwords. As long as passwords are hashed with sha1, older RSBAC versions can still use them.
commit 6456f7e4a4c29e7a2ceb21ce70cfdf22d0f47d6c Author: Amon Ott ao@rsbac.org Date: Wed Nov 27 14:59:20 2019 +0100
Compile fix for arm: do not define __NR_rsbac explicitely.
commit 5f87d27a77fd3c3b960bd7614353e06d323cf76b Author: Amon Ott ao@rsbac.org Date: Tue Nov 26 14:18:57 2019 +0100
Compile fixes for 5.4.
commit f4a96cc1efa5912e4a15a6b0014a5d7833d33df3 Author: Amon Ott ao@rsbac.org Date: Mon Nov 18 09:53:54 2019 +0100
When switching modules, only log, if value changes.
commit 61ca416bbc1f0b4f5ffecde8157b62918b64a507 Author: Amon Ott ao@rsbac.org Date: Wed Oct 23 12:30:03 2019 +0200
Add udf_do_check value "remoteonly" to only check, if process has remote_ip set. This lets checks only happen, if the accessing process or one of its parents has accepted an INET network connection, i.e., acts as an IPv4 network service.
commit 9a4821592d42b777d33a384b04aded4677415f8c Author: Amon Ott ao@rsbac.org Date: Tue Sep 24 12:57:26 2019 +0200
namei.c: do_last(): explicitely check with S_ISREG() before assuming T_FILE.
commit 2b87e19c2de085b41e931b54dcf0399357b13de4 Author: Amon Ott ao@rsbac.org Date: Thu Jun 27 15:04:05 2019 +0200
Use hash_64 for inode number, uid and gid hashing.
commit ca07612fc63fde8a8c21aa54693b1cc0b52831b9 Author: Amon Ott ao@rsbac.org Date: Thu Jun 27 13:16:16 2019 +0200
rsbac_um_add_gm(): fix log message with unknown uid.
commit 14ad570f58e4c502106c9da16a3ed0f5b0f4d0f1 Author: Amon Ott ao@rsbac.org Date: Thu Jun 27 12:16:44 2019 +0200
RSBAC BUG 0000167: rsbac.dat is visible by root user aci_data_structures: set device_p->rsbac_dir_inode when looking up rsbac.dat dir. This used to be done in lookup_aci_path_dentry() up to kernel 4.14, but was missing in the new rsbac_aci_path_open() in 4.19.
commit 017e5d10501c2e17ed7a3260cc06810f483136f1 Author: Amon Ott ao@rsbac.org Date: Sun Mar 31 08:35:54 2019 +0200
gen_lists: add extra statistic counters for failed rcu item alloc.
commit 80b0a7b4c8c56d95310042aa672593c4c4130479 Author: Amon Ott ao@rsbac.org Date: Mon Feb 4 09:55:55 2019 +0100
gen_lists: add extra synchronize_rcu() before destroying slabs. In some cases, there seem to be remaining items in FD cache lists at umount. The extra sync allows RCU to remove them in time. aci_data_structures: set FD cache handle to NULL before destroying list.
commit 6eb6f01d2d696e13084a512194b355c79e21abae Author: Amon Ott ao@rsbac.org Date: Mon Jan 28 13:53:50 2019 +0100
RSBAC BUG 0000113: CHANGE_DAC_EFF_OWNER and CHANGE_DAC_FS_OWNER doesn't herit from auth_may_setuid 3 auth: with EFF and FS owner and group, translate RSBAC_UM_VIRTUAL_KEEP and RSBAC_UM_VIRTUAL_ALL to current virtual set to correctly match uid or gid.
commit ad4e2c8466d1875cbff23b7d2665334432887e09 Author: Amon Ott ao@rsbac.org Date: Thu Jan 24 11:10:03 2019 +0100
RSBAC: also avoid access control for writing of RSBAC files at umount. rsbac_umount() calls rsbac_write from non-rsbacd context.
commit 2b65166463b8fff312280beefa791560d4b602c6 Author: Amon Ott ao@rsbac.org Date: Wed Jan 23 09:35:16 2019 +0100
Avoid RSBAC access control for reading of RSBAC files at mount.
commit bbd7032d1504145694f1fbdc0d05533932b3b6a8 Author: Amon Ott ao@rsbac.org Date: Mon Jan 21 15:53:09 2019 +0100
BUG 0000163: Kernel parameter does not work: rsbac_switch_off_rc Fix #if defined lines and include required header.
commit 17a5f9d32aa296c7ed0fad17817ac98460a656fc Author: Amon Ott ao@rsbac.org Date: Tue Jan 8 11:39:01 2019 +0100
RSBAC: review: remove extra put_pid() in proc, check get_pid result.
commit fcc04a535ce3e3d8112174eac7b206a69aae906a Author: Amon Ott ao@rsbac.org Date: Mon Jan 7 12:36:15 2019 +0100
RSBAC: vfs_kern_mount(): call rsbac_mount() before adding mount to list of mounts This avoids access to filesystem objects before RSBAC attributes are set.
commit 8df3879903a7de3da42fec8b0134ccf482681bca Author: Amon Ott ao@rsbac.org Date: Mon Jan 7 11:42:56 2019 +0100
RSBAC: aci: first register per-device FD lists, then per-device FD cache lists The cache gets its first entries right after cache registration, but the correct attributes must be read first.
commit 872a00b13735e34c9b5b5581ea071e2e31e379a0 Author: Amon Ott ao@rsbac.org Date: Mon Jan 7 10:37:12 2019 +0100
RSBAC: remove rsbac_dir_dentry_p from device list entry.
commit 80cd4e331c9cc8b895cc52ea979eb2a97ce4c32d Author: Amon Ott ao@rsbac.org Date: Mon Jan 7 10:04:04 2019 +0100
RSBAC: always check return value of get_task_pid().
commit 1bba6db3ad58e3240b400da2f3da0f028925f9a0 Author: Amon Ott ao@rsbac.org Date: Fri Jan 4 09:03:05 2019 +0100
RSBAC: remove rsbac_lookup_one_len()
commit 8a4c2c28cef72b46c05c81ae9ca5a76703a7a09d Author: Amon Ott ao@rsbac.org Date: Thu Jan 3 12:43:12 2019 +0100
RSBAC: make sys_rsbac_write() wake up rsbacd, not write lists directly.
commit 96363e89a5d57758bbf4f8b2353953ca93edeab6 Author: Amon Ott ao@rsbac.org Date: Wed Jan 2 16:18:56 2019 +0100
RSBAC: use official functions to open and close files.
commit b5e37ce511762070b9545d0055430a74f74ac4bb Author: Amon Ott ao@rsbac.org Date: Thu Dec 27 14:22:59 2018 +0100
In proc_pid_readdir(), check for valid pid before calling RSBAC.
commit facaab6c89971d29757f1dacee24148c42841cd6 Author: Amon Ott ao@rsbac.org Date: Thu Dec 13 09:47:27 2018 +0100
Fix compile error with CONFIG_RSBAC_SECDEL and XFS.
commit dd4f0f1757f87d522c782fd93131623578679bae Author: Amon Ott ao@rsbac.org Date: Mon Dec 3 10:09:01 2018 +0100
Fix merge error in fs/proc/kcore.c
commit fb554769c66c4c0dcf3c2c68344ee4db0847173d Author: Amon Ott ao@rsbac.org Date: Mon Dec 3 09:06:10 2018 +0100
Fix compile warning with missing const in network_types.h.
commit 7e65a51dd1ff5a78721aff5dc467e6bef29d2781 Author: Amon Ott ao@rsbac.org Date: Mon Nov 19 10:43:44 2018 +0100
Update rsbac_lookup_one_len() and rename code in rsbac_write_open() for 4.19.
commit 46c02c401651c2ca4bbd9865c1904f8a1712283d Author: Amon Ott ao@rsbac.org Date: Tue Nov 13 11:44:08 2018 +0100
Remove extra CREATE notification from atomic_open().
commit 531bde22c1893f07b672ebfa722761513b700362 Author: Amon Ott ao@rsbac.org Date: Tue Nov 13 11:30:34 2018 +0100
Add missing CREATE notifications to atomic_open().
commit 72e8ff85e0cd8a94b2dbf78e43e8da5ba9b70da2 Author: Amon Ott ao@rsbac.org Date: Tue Oct 30 10:22:20 2018 +0100
Update MAINTAINERS entry.
commit 2f7c1b0997c1fa452f701d21194bc312ae4cd371 Author: Amon Ott ao@rsbac.org Date: Tue Oct 30 09:55:36 2018 +0100
Add SCD target bpf and use it for sys_bpf. BPF is not only for firewalling, so make it separate.
commit d8fc1eb322433acf450d070cf5db49be25527ba0 Author: Amon Ott ao@rsbac.org Date: Tue Oct 30 09:16:58 2018 +0100
Cleanup whitespace for 4.19.
commit b31cd76ec1544dea574d8ef8dbbe313a9723d5cc Author: Amon Ott ao@rsbac.org Date: Mon Oct 29 15:16:50 2018 +0100
Compile fixes for 4.19.
commit 905948dd1b8dc22f5947df552989ab0e0449dcf7 Author: Amon Ott ao@rsbac.org Date: Mon Oct 29 11:40:12 2018 +0100
Port RSBAC from 4.14 git commit d9891837defab3a39d42e046e2d11c2b7854dc51 Change version to 1.5.3 for IPv6 support.
(cherry picked from commit 8140f956a0a6698d7b22aa1b564f73882ec7201e)
Documentation/rsbac/COPYING | 19 + Documentation/rsbac/Changes | 709 + Documentation/rsbac/Credits | 18 + Documentation/rsbac/INSTALL | 18 + Documentation/rsbac/Interceptions-2.4 | 97 + Documentation/rsbac/Interceptions-2.6 | 330 + Documentation/rsbac/README | 49 + Documentation/rsbac/README-kernparam | 92 + Documentation/rsbac/README-nrlists | 28 + Documentation/rsbac/README-patching | 22 + Documentation/rsbac/README-proc | 93 + Documentation/rsbac/README-reg | 37 + MAINTAINERS | 9 + Makefile | 8 + arch/alpha/include/uapi/asm/unistd.h | 1 + arch/alpha/kernel/asm-offsets.c | 3 + arch/alpha/kernel/ptrace.c | 25 + arch/alpha/kernel/syscalls/syscall.tbl | 2 +- arch/arm/tools/syscall.tbl | 2 +- arch/arm64/tools/syscall_32.tbl | 1 + arch/m68k/include/uapi/asm/unistd.h | 1 + arch/m68k/kernel/syscalls/syscall.tbl | 2 +- arch/mips/kernel/scall32-o32.S | 3 + arch/mips/kernel/scall64-o32.S | 3 + arch/powerpc/include/uapi/asm/unistd.h | 2 + arch/powerpc/kernel/asm-offsets.c | 4 + arch/sh/kernel/syscalls_32.S | 3 + arch/sparc/include/uapi/asm/unistd.h | 2 + arch/sparc/kernel/ptrace_32.c | 24 + arch/sparc/kernel/ptrace_64.c | 25 + arch/sparc/kernel/syscalls/syscall.tbl | 3 +- arch/x86/entry/syscalls/syscall_32.tbl | 2 +- arch/x86/entry/syscalls/syscall_64.tbl | 2 +- arch/x86/kernel/ioport.c | 42 + block/ioctl.c | 63 + block/ioprio.c | 43 + drivers/block/loop.c | 92 + drivers/char/mem.c | 77 + drivers/tty/sysrq.c | 27 + drivers/tty/tty_io.c | 25 + drivers/tty/tty_ioctl.c | 46 + fs/ceph/dir.c | 79 + fs/dcache.c | 3 +- fs/exec.c | 46 + fs/ext2/ioctl.c | 65 + fs/ext2/namei.c | 13 + fs/ext4/ioctl.c | 93 + fs/ext4/namei.c | 22 + fs/fat/namei_msdos.c | 13 + fs/fat/namei_vfat.c | 12 + fs/inode.c | 19 + fs/ioctl.c | 78 + fs/jbd2/transaction.c | 5 + fs/jfs/namei.c | 12 + fs/locks.c | 237 + fs/minix/namei.c | 14 + fs/namei.c | 965 +- fs/namespace.c | 322 +- fs/notify/dnotify/dnotify.c | 24 + fs/notify/fanotify/fanotify_user.c | 24 + fs/notify/inotify/inotify_user.c | 39 + fs/open.c | 497 +- fs/pipe.c | 191 +- fs/proc/array.c | 78 +- fs/proc/base.c | 520 + fs/proc/kcore.c | 20 + fs/proc/proc_sysctl.c | 24 + fs/proc_namespace.c | 25 + fs/quota/quota.c | 56 +- fs/read_write.c | 115 + fs/readdir.c | 74 + fs/stat.c | 129 + fs/statfs.c | 23 + fs/sysfs/file.c | 97 + fs/utimes.c | 36 + fs/xattr.c | 128 + fs/xfs/xfs_iops.c | 32 + include/linux/fs.h | 8 + include/linux/mm_types.h | 4 + include/linux/sched.h | 4 + include/rsbac/aci.h | 207 + include/rsbac/aci_data_structures.h | 1440 ++ include/rsbac/acl.h | 266 + include/rsbac/acl_data_structures.h | 470 + include/rsbac/acl_getname.h | 26 + include/rsbac/acl_types.h | 351 + include/rsbac/adf.h | 142 + include/rsbac/adf_main.h | 711 + include/rsbac/adf_syshelpers.h | 282 + include/rsbac/auth.h | 154 + include/rsbac/auth_data_structures.h | 98 + include/rsbac/cap_getname.h | 14 + include/rsbac/debug.h | 293 + include/rsbac/error.h | 54 + include/rsbac/fs.h | 57 + include/rsbac/gen_lists.h | 295 + include/rsbac/getname.h | 101 + include/rsbac/helpers.h | 90 + include/rsbac/hooks.h | 24 + include/rsbac/jail.h | 16 + include/rsbac/jail_getname.h | 14 + include/rsbac/lists.h | 946 ++ include/rsbac/log_cap.h | 14 + include/rsbac/lsm.h | 16 + include/rsbac/mac.h | 134 + include/rsbac/mac_data_structures.h | 55 + include/rsbac/net_getname.h | 36 + include/rsbac/network.h | 84 + include/rsbac/network_types.h | 145 + include/rsbac/proc_fs.h | 20 + include/rsbac/rc.h | 124 + include/rsbac/rc_data_structures.h | 348 + include/rsbac/rc_getname.h | 36 + include/rsbac/rc_types.h | 405 + include/rsbac/reg.h | 152 + include/rsbac/reg_main.h | 62 + include/rsbac/repl_lists.h | 18 + include/rsbac/repl_types.h | 28 + include/rsbac/request_groups.h | 444 + include/rsbac/res_getname.h | 18 + include/rsbac/rkmem.h | 76 + include/rsbac/syscall_rsbac.h | 37 + include/rsbac/syscalls.h | 2097 +++ include/rsbac/types.h | 1024 ++ include/rsbac/udf.h | 43 + include/rsbac/um.h | 182 + include/rsbac/um_types.h | 179 + include/rsbac/unistd-alpha.h | 16 + include/rsbac/unistd-i386.h | 18 + include/rsbac/unistd-ppc.h | 16 + include/uapi/linux/sched.h | 3 + init/do_mounts.c | 16 + init/main.c | 7 + ipc/msg.c | 197 + ipc/sem.c | 221 + ipc/shm.c | 184 +- kernel/bpf/syscall.c | 31 + kernel/capability.c | 94 +- kernel/events/core.c | 21 + kernel/exit.c | 26 + kernel/fork.c | 59 +- kernel/groups.c | 27 + kernel/kallsyms.c | 23 + kernel/kexec.c | 21 + kernel/module/main.c | 39 + kernel/printk/printk.c | 44 + kernel/ptrace.c | 78 + kernel/reboot.c | 24 + kernel/sched/syscalls.c | 28 + kernel/signal.c | 33 + kernel/sys.c | 734 +- kernel/time/timekeeping.c | 22 + kernel/uid16.c | 37 + mm/memfd.c | 46 + mm/mlock.c | 41 + mm/mmap.c | 74 + mm/mprotect.c | 135 + mm/swapfile.c | 101 + net/bridge/br_if.c | 70 + net/core/dev_ioctl.c | 59 + net/core/fib_rules.c | 62 + net/ipv4/arp.c | 34 + net/ipv4/devinet.c | 120 + net/ipv4/fib_frontend.c | 61 + net/ipv4/inet_diag.c | 21 + net/ipv4/ipmr.c | 22 + net/ipv4/netfilter/ip_tables.c | 61 + net/ipv4/route.c | 21 + net/sched/cls_api.c | 45 + net/sched/sch_api.c | 153 + net/socket.c | 856 +- net/unix/af_unix.c | 680 +- net/wireless/wext-core.c | 30 + rsbac/Kconfig | 2275 ++++ rsbac/Makefile | 11 + rsbac/adf/Makefile | 48 + rsbac/adf/acl/Makefile | 10 + rsbac/adf/acl/acl_main.c | 540 + rsbac/adf/acl/acl_syscalls.c | 1676 +++ rsbac/adf/adf_check.c | 1073 ++ rsbac/adf/adf_main.c | 3612 +++++ rsbac/adf/auth/Makefile | 10 + rsbac/adf/auth/auth_main.c | 1215 ++ rsbac/adf/auth/auth_syscalls.c | 78 + rsbac/adf/cap/Makefile | 10 + rsbac/adf/cap/cap_main.c | 865 ++ rsbac/adf/ff/Makefile | 9 + rsbac/adf/ff/ff_main.c | 735 + rsbac/adf/jail/Makefile | 10 + rsbac/adf/jail/jail_main.c | 1492 +++ rsbac/adf/jail/jail_syscalls.c | 324 + rsbac/adf/mac/Makefile | 9 + rsbac/adf/mac/mac_main.c | 4921 +++++++ rsbac/adf/mac/mac_syscalls.c | 695 + rsbac/adf/rc/Makefile | 9 + rsbac/adf/rc/rc_main.c | 3648 +++++ rsbac/adf/rc/rc_syscalls.c | 1694 +++ rsbac/adf/reg/Makefile | 13 + rsbac/adf/reg/kproc_hide.c | 128 + rsbac/adf/reg/modules_off.c | 91 + rsbac/adf/reg/reg_main.c | 929 ++ rsbac/adf/reg/reg_sample1.c | 253 + rsbac/adf/reg/reg_sample2.c | 452 + rsbac/adf/reg/reg_sample3.c | 369 + rsbac/adf/reg/root_plug.c | 138 + rsbac/adf/res/Makefile | 10 + rsbac/adf/res/res_main.c | 510 + rsbac/adf/udf/Makefile | 10 + rsbac/adf/udf/udf_main.c | 935 ++ rsbac/data_structures/Makefile | 18 + rsbac/data_structures/aci_data_structures.c | 14138 ++++++++++++++++++++ rsbac/data_structures/acl_data_structures.c | 8453 ++++++++++++ rsbac/data_structures/auth_data_structures.c | 4043 ++++++ rsbac/data_structures/gen_lists.c | 12872 ++++++++++++++++++ rsbac/data_structures/mac_data_structures.c | 1247 ++ rsbac/data_structures/rc_data_structures.c | 5749 ++++++++ rsbac/data_structures/um_data_structures.c | 2854 ++++ rsbac/help/Makefile | 13 + rsbac/help/acl_getname.c | 109 + rsbac/help/cap_getname.c | 267 + rsbac/help/debug.c | 5299 ++++++++ rsbac/help/getname.c | 1812 +++ rsbac/help/helpers.c | 709 + rsbac/help/jail_getname.c | 56 + rsbac/help/net_getname.c | 292 + rsbac/help/net_helpers.c | 157 + rsbac/help/rc_getname.c | 247 + rsbac/help/res_getname.c | 65 + rsbac/help/rkmem.c | 77 + rsbac/help/syscalls.c | 9792 ++++++++++++++ scripts/syscall.tbl | 2 + scripts/syscalltbl.sh | 5 + security/Kconfig | 2 + tools/perf/arch/x86/entry/syscalls/syscall_64.tbl | 2 +- 234 files changed, 119776 insertions(+), 50 deletions(-)
-
Amon Ott