#
fa9b63ad |
|
09-Sep-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: add user namespace creation mediation Unprivileged user namespace creation is often used as a first step in privilege escalation attacks. Instead of disabling it at the sysrq level, which blocks its legitimate use as for setting up a sandbox, allow control on a per domain basis. This allows an admin to quickly lock down a system while also still allowing legitimate use. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
90c436a6 |
|
19-Sep-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: pass cred through to audit info. The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
0897fcb1 |
|
14-Jan-2023 |
Quanfa Fu <quanfafu@gmail.com> |
apparmor: make aa_set_current_onexec return void Change the return type to void since it always return 0, and no need to do the checking in aa_set_current_onexec. Signed-off-by: Quanfa Fu <quanfafu@gmail.com> Reviewed-by: "Tyler Hicks (Microsoft)" <code@tyhicks.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
eac93125 |
|
23-Nov-2021 |
John Johansen <john.johansen@canonical.com> |
apparmor: move ptrace mediation to more logical task.{h,c} AppArmor split out task oriented controls to their own logical file a while ago. Ptrace mediation is better grouped with task than ipc, so move it. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
b886d83c |
|
01-Jun-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 315 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Armijn Hemel <armijn@tjaldur.nl> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6c2976b0 |
|
20-Jan-2019 |
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> |
apparmor: Adjust offset when accessing task blob. AppArmor will no longer be the only user of task blob after TOMOYO started using task blob. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Fixes: f4ad8f2c4076 ("LSM: Infrastructure management of the task security") Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>
|
#
f4ad8f2c |
|
21-Sep-2018 |
Casey Schaufler <casey@schaufler-ca.com> |
LSM: Infrastructure management of the task security Move management of the task_struct->security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. The only user of this blob is AppArmor. The AppArmor use is abstracted to avoid future conflict. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
9fcf78cc |
|
08-Oct-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: update domain transitions that are subsets of confinement at nnp Domain transition so far have been largely blocked by no new privs, unless the transition has been provably a subset of the previous confinement. There was a couple problems with the previous implementations, - transitions that weren't explicitly a stack but resulted in a subset of confinement were disallowed - confinement subsets were only calculated from the previous confinement instead of the confinement being enforced at the time of no new privs, so transitions would have to get progressively tighter. Fix this by detecting and storing a reference to the task's confinement at the "time" no new privs is set. This reference is then used to determine whether a transition is a subsystem of the confinement at the time no new privs was set. Unfortunately the implementation is less than ideal in that we have to detect no new privs after the fact when a task attempts a domain transition. This is adequate for the currently but will not work in a stacking situation where no new privs could be conceivably be set in both the "host" and in the container. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
de62de59 |
|
08-Oct-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: move task related defines and fns to task.X files Signed-off-by: John Johansen <john.johansen@canonical.com>
|