TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43af5de742
twx-linux/include
History
Vivek Goyal 43af5de742 lsm,audit,selinux: Introduce a new audit data type LSM_AUDIT_DATA_FILE 
Right now LSM_AUDIT_DATA_PATH type contains "struct path" in union "u"
of common_audit_data. This information is used to print path of file
at the same time it is also used to get to dentry and inode. And this
inode information is used to get to superblock and device and print
device information.

This does not work well for layered filesystems like overlay where dentry
contained in path is overlay dentry and not the real dentry of underlying
file system. That means inode retrieved from dentry is also overlay
inode and not the real inode.

SELinux helpers like file_path_has_perm() are doing checks on inode
retrieved from file_inode(). This returns the real inode and not the
overlay inode. That means we are doing check on real inode but for audit
purposes we are printing details of overlay inode and that can be
confusing while debugging.

Hence, introduce a new type LSM_AUDIT_DATA_FILE which carries file
information and inode retrieved is real inode using file_inode(). That
way right avc denied information is given to user.

For example, following is one example avc before the patch.

  type=AVC msg=audit(1473360868.399:214): avc:  denied  { read open } for
    pid=1765 comm="cat"
    path="/root/.../overlay/container1/merged/readfile"
    dev="overlay" ino=21443
    scontext=unconfined_u:unconfined_r:test_overlay_client_t:s0:c10,c20
    tcontext=unconfined_u:object_r:test_overlay_files_ro_t:s0
    tclass=file permissive=0

It looks as follows after the patch.

  type=AVC msg=audit(1473360017.388:282): avc:  denied  { read open } for
    pid=2530 comm="cat"
    path="/root/.../overlay/container1/merged/readfile"
    dev="dm-0" ino=2377915
    scontext=unconfined_u:unconfined_r:test_overlay_client_t:s0:c10,c20
    tcontext=unconfined_u:object_r:test_overlay_files_ro_t:s0
    tclass=file permissive=0

Notice that now dev information points to "dm-0" device instead of
"overlay" device. This makes it clear that check failed on underlying
inode and not on the overlay inode.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
[PM: slight tweaks to the description to make checkpatch.pl happy]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2016-09-19 13:42:38 -04:00
..
acpi treewide: replace obsolete _refok by __ref 2016-08-02 17:31:41 -04:00
asm-generic RTC for 4.8 2016-08-05 09:48:22 -04:00
clocksource
crypto A number of improvements for the /dev/random driver; the most 2016-07-27 15:11:55 -07:00
drm Merge branch 'generic-zpos-v8' of http://git.linaro.org/people/benjamin.gaignard/kernel into drm-next 2016-08-03 08:40:24 +10:00
dt-bindings ARM: DT updates for v4.8 2016-08-01 18:37:45 -04:00
keys
kvm KVM/ARM Changes for v4.8 - Take 2 2016-08-04 13:59:56 +02:00
linux lsm,audit,selinux: Introduce a new audit data type LSM_AUDIT_DATA_FILE 2016-09-19 13:42:38 -04:00
math-emu
media dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
memory
misc
net virtio/vhost: new features for 4.8 2016-08-06 09:20:13 -04:00
pcmcia
ras
rdma Second round of merge items for 4.8 2016-08-04 20:26:31 -04:00
rxrpc
scsi Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2016-08-04 20:04:37 -04:00
soc ARM: SoC driver updates for v4.8 2016-08-01 18:36:01 -04:00
sound Merge tag 'drm-for-v4.8' of git://people.freedesktop.org/~airlied/linux 2016-08-01 21:44:08 -04:00
target
trace block: rename bio bi_rw to bi_opf 2016-08-07 14:41:02 -06:00
uapi virtio/vhost: new features for 4.8 2016-08-06 09:20:13 -04:00
video
xen dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
Kbuild