UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/security
History
KP Singh 5e0977fd08 security: Fix hook iteration for secid_to_secctx 
[upstream commit 0550cfe8c2]

secid_to_secctx is not stackable, and since the BPF LSM registers this
hook by default, the call_int_hook logic is not suitable which
"bails-on-fail" and casues issues when other LSMs register this hook and
eventually breaks Audit.

In order to fix this, directly iterate over the security hooks instead
of using call_int_hook as suggested in:

https: //lore.kernel.org/bpf/9d0eb6c6-803a-ff3a-5603-9ad6d9edfc00@schaufler-ca.com/#t

Fixes: 98e828a065 ("security: Refactor declaration of LSM hooks")
Fixes: 625236ba38 ("security: Fix the default value of secid_to_secctx hook")
Reported-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: James Morris <jamorris@linux.microsoft.com>
Link: https://lore.kernel.org/bpf/20200520125616.193765-1-kpsingh@chromium.org
Signed-off-by: Menglong Dong <imagedong@tencent.com>
 		2024-06-11 20:50:15 +08:00
..
apparmor ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
bpf ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
integrity lockdown: Fix kexec lockdown bypass with ima policy 2024-06-11 20:41:41 +08:00
keys ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
loadpin proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
lockdown lockdown: also lock down previous kgdb use 2024-06-11 20:41:40 +08:00
safesetid LSM: SafeSetID: Stop releasing uninitialized ruleset 2019-09-17 11:27:05 -07:00
selinux ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
smack ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
tomoyo tkernel: add base tlinux kernel interfaces 2024-06-11 20:09:33 +08:00
yama proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
Kconfig ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
Kconfig.hardening meminit fix 2019-07-28 12:33:15 -07:00
Makefile ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
commoncap.c ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
device_cgroup.c ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c ock: sync codes to ock 5.4.119-20.0009.21 2024-06-11 20:27:38 +08:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c security: Fix hook iteration for secid_to_secctx 2024-06-11 20:50:15 +08:00