• Tetsuo Handa's avatar
    LSM: Revive security_task_alloc() hook and per "struct task_struct" security blob. · e4e55b47
    Tetsuo Handa authored
    We switched from "struct task_struct"->security to "struct cred"->security
    in Linux 2.6.29. But not all LSM modules were happy with that change.
    TOMOYO LSM module is an example which want to use per "struct task_struct"
    security blob, for TOMOYO's security context is defined based on "struct
    task_struct" rather than "struct cred". AppArmor LSM module is another
    example which want to use it, for AppArmor is currently abusing the cred
    a little bit to store the change_hat and setexeccon info. Although
    security_task_free() hook was revived in Linux 3.4 because Yama LSM module
    wanted to release per "struct task_struct" security blob,
    security_task_alloc() hook and "struct task_struct"->security field were
    not revived. Nowadays, we are getting proposals of lightweight LSM modules
    which want to use per "struct task_struct" security blob.
    
    We are already allowing multiple concurrent LSM modules (up to one fully
    armored module which uses "struct cred"->security field or exclusive hooks
    like security_xfrm_state_pol_flow_match(), plus unlimited number of
    lightweight modules which do not use "struct cred"->security nor exclusive
    hooks) as long as they are built into the kernel. But this patch does not
    implement variable length "struct task_struct"->security field which will
    become needed when multiple LSM modules want to use "struct task_struct"->
    security field. Although it won't be difficult to implement variable length
    "struct task_struct"->security field, let's think about it after we merged
    this patch.
    Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
    Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
    Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    Tested-by: default avatarDjalal Harouni <tixxdz@gmail.com>
    Acked-by: default avatarJosé Bollo <jobol@nonadev.net>
    Cc: Paul Moore <paul@paul-moore.com>
    Cc: Stephen Smalley <sds@tycho.nsa.gov>
    Cc: Eric Paris <eparis@parisplace.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: José Bollo <jobol@nonadev.net>
    Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
    e4e55b47
security.h 45 KB