From nobody Thu Dec 18 18:04:43 2025 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2FA01EF370 for ; Wed, 12 Mar 2025 21:22:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814578; cv=none; b=N5DD+wtl+UML5p6Juai+SEApT9bjtoc4AtDojJCa1H+TgrToW5b9Rf2uJM/9vLlYJvxvHQA1CkgwMQoQVkTPpl55UvtE9FDgTKoAD8jN5HMSQn34H65UDl3gLBFpwGbc9z6IOemHRHB6ImZIc2RGbG9NCMeerMvkvflc8MLRc/s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814578; c=relaxed/simple; bh=mvIFvWIp9NnNpqjlb78s7uPPK/9pOen0F/aXj53TS9k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QmTSagEwQ2cU7IJjryhI3JOFUWyBFhPyzJqbMM09M8x+hpEYDNSYrM3xG5Zz/wXzjkMeHK9G+pXNheyYsg61GaqQ+rrZB+63Q/zbPtdYKyOkVXwReWKW2a3uybwC1xni8uofjT3v9RzD7qlD4fu2OXT/AWPA+Z9p/P1FGns/c5c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=aYQejKLd; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="aYQejKLd" Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id C340A3FCCF for ; Wed, 12 Mar 2025 21:22:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814565; bh=JJCUu0nnTlIAwhQtLazst1i1S2GtJ41RAYnP5gniTzw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aYQejKLdGr5ExUmspDdnU4wPFXdH2B9XIl3jyJjix0AkrBK9MGcHnrPzRAu8tUxiD CgXF22FNABlCdCQFPRkIuncmGmy1MC2ACreWoVAnL4hUfkdlb6R5PNo7hXHZ5exizm nLJqAVl8zkEerBQidWAbFE061ZVDq1+HFicGaffj/wZ/1XyXXqr7ckr/I//oWYPfhY PST0r1MN8uJoG2WOyw1/4gYYr8RLnWvVe4f7K6fJrf/qhrVIF2JtQcojxe2sVjJssG ngO9tp/zB0TVsprWPMtZTdrE4MoIjrgFk+CTIUNt9FIacnlsZwjYuxIpr3Mn/P5zC4 hitZsvYit1t3Q== Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-2235a1f8aadso3652775ad.2 for ; Wed, 12 Mar 2025 14:22:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814564; x=1742419364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JJCUu0nnTlIAwhQtLazst1i1S2GtJ41RAYnP5gniTzw=; b=I1ieR1htzdgd7kY2GrsMH7VOxry5Z0EyC9ALBbGGuHuXA9a/W5d7X6Gu1DDC6kk6sv d2z+vSZYzV5dOiUJejcPwOytjsufIpyt/TcKdmIPkgrShFieYxV1wUk7z9HcED3SmTkd SeDbAbgYv6FuSjHvQPrCbOCZehrePxZaKdvrW0qdWDnVYlBDGdf0eoffhHTpw+7oEHCl vnG3Gczb7BxE3cswp6j1dMtPqB8h2LIPYLl8nwXMzQLgyrfE7Qno1d1dma49ggIF5b6z FIWD5JUPXG3QYHpHRzE3s0zlTSUYiMcepwcH4zIfn+LrJZEIMvELv8cNE7PIhcQRVgne RhHQ== X-Forwarded-Encrypted: i=1; AJvYcCUCRBiskHxhdfi2iInDJxmI+lIeMOgsWiEcOBw2egvr+4A4Hx8SFAw+5BCM3CvCxvyp4vcbr4aexCQpV+E=@vger.kernel.org X-Gm-Message-State: AOJu0Yy4cIaSfdhts5o0CTiwNnSHRtGlrUZ8oh6dFntjglJz6Z9AROd7 Ojt442NwK2cZEdSGsb7US/8MkTN1qWKTVNLv5EIUWZF7ltVdtcQ+Fi/tNponFodvSFrdMXGYUz+ nicpNZL9jBO3tlYKlauN6R0m18DJyJAiyixAfg/tZlTKUZM2e+46kWYOiAS53fia/EOAlMiT8dA P2Ow== X-Gm-Gg: ASbGncttW6g01wobhi9eYQCtskS0ND30B79awDhtRTMFjhVTuXBYdMpE7jbUds/ui7f ucjk3R++vLHf3jbKd0pz5CZZ04c4EfCh1vwlCkgfIJjvq/c/jFTnhApLj+AA+mA/26laikTxTN0 82y6zBQOKtJ2ad50BtCg0yh211yGSjwoBtVbAr8L/kkQkI2J2y9pjYt+Q2YnneFAFxbxX3w8ByB 6n94aXf9GPMyAKnH95g5yJyzzm2v7E6fSG2RqrOfo4XD8uxeqgdajoyL4fr7xjtRt8dCw9BM+ep b8LWHbHzUxZXx1D8UQiicKwcJoromwDNPX5LE71pTMj8l8TgMVbOmnmQYNgT+N/3DTEGg+E= X-Received: by 2002:a17:902:ea07:b0:224:a79:5fe4 with SMTP id d9443c01a7336-2242888681cmr334106825ad.2.1741814564403; Wed, 12 Mar 2025 14:22:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFjVvzREwSOFKw0Hfsl/h89sadLsPdTTQZ/I/XFETV/GwxC6RNVuLWxGdk5FbZ6Djc3RCsmNQ== X-Received: by 2002:a17:902:ea07:b0:224:a79:5fe4 with SMTP id d9443c01a7336-2242888681cmr334106495ad.2.1741814564101; Wed, 12 Mar 2025 14:22:44 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:43 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , =?UTF-8?q?G=C3=BCnther=20Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 1/6] fs: invoke LSM file_open hook in do_dentry_open for O_PATH fds as well Date: Wed, 12 Mar 2025 14:21:41 -0700 Message-ID: <20250312212148.274205-2-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently, opening O_PATH file descriptors completely bypasses the LSM infrastructure. Invoking the LSM file_open hook for O_PATH fds will be necessary for e.g. mediating the fsmount() syscall. Signed-off-by: Ryan Lee --- fs/open.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/open.c b/fs/open.c index 30bfcddd505d..0f8542bf6cd4 100644 --- a/fs/open.c +++ b/fs/open.c @@ -921,8 +921,13 @@ static int do_dentry_open(struct file *f, if (unlikely(f->f_flags & O_PATH)) { f->f_mode =3D FMODE_PATH | FMODE_OPENED; file_set_fsnotify_mode(f, FMODE_NONOTIFY); f->f_op =3D &empty_fops; - return 0; + /* + * do_o_path in fs/namei.c unconditionally invokes path_put + * after this function returns, so don't path_put the path + * upon LSM rejection of O_PATH opening + */ + return security_file_open(f); } =20 if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) =3D=3D FMODE_READ) { --=20 2.43.0 base-kernel: v6.14-rc6 From nobody Thu Dec 18 18:04:43 2025 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 463AC1EE00F for ; Wed, 12 Mar 2025 21:22:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814577; cv=none; b=HfK7fjOOq0Ppw1XsQdqA7CRAk5VEEch1mATLceCYHYqTC3fzMG+mvbQejL1F2rJtBkXZmLxRavvHklhbvvwi+UYQTScGbFbvkvjcUReFVyG4x7Qmuam0JUgPqoOdeFc4X9pJDEkQu2o/ES6Elyh0GvKG/eq1PnYgY2Kmr9rqguI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814577; c=relaxed/simple; bh=b4+VVCuulTVS3lasReYQ2g8sMWbZpqYEurik+q7TDIU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PIifF+7WhR8o7oz1tGfBnmfMJcLxPkw9cQKbAmdOjkbUOXcwti1XGwD60oNgIPiC04m673S2o/a6caDOy1iODYWwNqycUgsxpp0RuOCJuGh9W0tQ7soH1PHu2CCLEhPBi+xirLp0ahzYuM2hzjRRyh5Cd8UInaE240eXjP7gxn4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=R8AMoyi4; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="R8AMoyi4" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id C46DA3F72D for ; Wed, 12 Mar 2025 21:22:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814569; bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=R8AMoyi4bhODNm305KBDX20h8UhWeJ3MOBSXl7Vq8utyp+yoc/lB1JLqzW2zcWBaJ rzX4UIwFTfFb6Xz5L2xiYdVo/v+U1kBRWz340piaXHpFI+vEILVfL0cTVou9a20QNd czzw7EzuHFSefnl94FjRicY7F+/pJU3Wij9SNEC+pEiqkepelH/0wb6LzD85z4BSG1 6aTCA5hlmMY6Zqqi4k+DOdBfGzIC1QL6MStjYgBF33M2XvCCppQ1z+Fp+APzOczUcF AYOD0k5qGvMQUnmry40JSe3VP+1chOyKz+i0DM68aXafx4u3RnsCJd/HdyCVSd/6g9 fiPB2w1j63xhA== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ff6167e9ccso734270a91.1 for ; Wed, 12 Mar 2025 14:22:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814566; x=1742419366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uqtVwBDq5g90YIrppYWGT9PUS27SLEfARyjY6b0CvJw=; b=MWsjWyggyE7iYyACmDYFq2CwhDSQIgEFvs8tL1A0hMMmx2Agvu0c1uPx1Ricawpm0B 7sddaJ9a/XU2YWmTfckN/Di7gqFZZWhB0wusNZdhl32FCW2miDqYs3rwjbPJSM4jMCEj 99GxSVDjyjKa1oCGhSHU2prhVgeV098Dyxr8ncNfYt29TOKuXUI8+Nvj9M66YrWqJ/vV EV250GEZ0k9vwxjC7LfEyJacYSvXjODg6UShmatmE1KeWaA+4+MV4w2aZI2ybkxkBz52 L7IuDTB4eYbowDgJ5oGFaOJyNwJAILDVqbH2rhFVVEjz3Ktpti6/1d4kC1lJ5ysVLEiT cWEQ== X-Forwarded-Encrypted: i=1; AJvYcCUE5S5QTYwgtN7/1F04gyjO5HNoCCli/EMrk0KHVSR6yU2mkKfXg380yklffCIv1+GO4q6eJvksCCIzLnk=@vger.kernel.org X-Gm-Message-State: AOJu0Yyr9GGgn/7pCt5eIm9ch2cevd52TbbXC33pMGcavfQ87u1HhPSM F4Fsn8Wj8be4ZtA6jlAH1pgMAVh1DFodpgLmCzkchU0DXNP8EL5U/MeWyr+8tJ+sv0OPySwglLs Sxo1ueBWgFi8g4BgWnFUZ/0Cj8rt4VBp14/xVxfW+YPevIcREjLMRBsOhQcaNc7a8P0vVZVW1Nd Z7ug== X-Gm-Gg: ASbGncuRrZwSj7HTKPsZHv2RTlNL7Adrw1QIzZvaG7/l52DMfJI/X3mss3VMBigot99 vIJ2NfU3mn5Kgz+FtuAUUKXd0R9PwZWucJmKM2FMpaORpsL+Zqv03l7/xpCzVjODjvym6BXwYlF wL0E6FItCZKb/sycVh6lqxqbrO+K80aLvsuLufBG7H5lbGhXMykNiaW4FyCmmz1+JVCs1P0gh/G YOBdQo+FqZZsrHyO7ZYLxNF0ILa50CUVC9+VEDDeh2mgO56RXW6PkHKzyGhgByVRpORSxbK5iFx BrRbYt9qOSRi8qEwkVBKsw0sRg/ON87o9SyBvPGGSrkFl+4SQvOvpD48/nfRfXKiHBTnmHw= X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id 98e67ed59e1d1-2ff7cf2a4dfmr33760040a91.29.1741814566534; Wed, 12 Mar 2025 14:22:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGAh7edf+w4rzXzQLR0fkq9YMtlXCTroL93A1jr+Tsldo2r/RTEDBE9CJvpxWToVeKTIWZWGQ== X-Received: by 2002:a17:90b:38c7:b0:2ff:62f3:5b31 with SMTP id 98e67ed59e1d1-2ff7cf2a4dfmr33760017a91.29.1741814566237; Wed, 12 Mar 2025 14:22:46 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:45 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , =?UTF-8?q?G=C3=BCnther=20Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 2/6] apparmor: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:42 -0700 Message-ID: <20250312212148.274205-3-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Previously, we saw O_PATH fds only when mediating fd inheritance on exec, but because they would have no request associated with them, we would unconditionally let them be inherited. Until we have better handling of O_PATH fds, preserve the existing behavior of unconditionally allowing them. Signed-off-by: Ryan Lee --- security/apparmor/lsm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 11ace667cbbf..2349a1dd41f4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -647,6 +647,16 @@ static int apparmor_file_open(struct file *file) return 0; } =20 + /* + * Preserve the behavior of O_PATH fd creation not being mediated. + * + * TODO: we weren't handling O_PATH fds in aa_inherit_files anyways + * (all-zero request -> fds unconditionally inherited), so proper + * mediation of those will require changes in multiple places. + */ + if (file->f_flags & O_PATH) + return 0; + label =3D aa_get_newest_cred_label_condref(file->f_cred, &needput); if (!unconfined(label)) { struct mnt_idmap *idmap =3D file_mnt_idmap(file); --=20 2.43.0 base-kernel: v6.14-rc6 From nobody Thu Dec 18 18:04:43 2025 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34DDB1F03EF for ; Wed, 12 Mar 2025 21:22:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814581; cv=none; b=UK+iMwznytzGY0HBu3V41LtSiKyVVfhWKYNw5uqDyKyvRSaqF8bMSJcJ9hpvD9HcnXw3pse7AZ2xH5eoWLq3XfxLwKUFHCZ4hIhTSCIdj3/fucLh1JUW3AXY0JD18TabLuvDLf+Jl+GEIA+EpCwDrkw1iVBQi6OMOg59MjRqV98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814581; c=relaxed/simple; bh=YKJUOhSAlbceCTtQeFmVs8IFwOcyWaVLfzVCuOajKmQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ibndG6pcnqLfcTJg6GV3DkzhFAbIPx3mGBg4BCxzZ3sa2Ek7RPOCXFsriAT+vzcWwpEdEvplT74HhrD/h8IkUaeKZK01tIOcTa1R/Gc5ljTv9PgssQi2D85HZ6c4WGnzqXuyVSS7FwxBJoWUVo6RYOi0R23xXdsppHA2IjC0h5E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=vmL06F9F; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="vmL06F9F" Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 49BD33F72F for ; Wed, 12 Mar 2025 21:22:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814570; bh=bQ5ilq+qjctbW08HSKcwKvLmj0dzCcpGagg2F3uVrL4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=vmL06F9FBtpJLaaYr55tRaWWAuRysWlSghmlHws+4ccfGIOKu/r09XtkJ0t2XeANd i6mp2xCB2TcwZfGBQQko9G7AptQBV6tAVGPPt+Ny/IdmUxR3AsLJcRYT2JF93t6Tbr KPIAH1xPhRWNs9Yaat8RznLCojnUFhn1uD77B3EU+nWlfhWXPS9b7txWNmiy7XJQSN VEq4ftfPlpUlroju6uaPfkAmUVq4lAYrho/T2qX/+pcv+/MHxlKcIfnPIKu7pMUieM I0sgw/skR3jkjn7NgU72gDmhz8J2SOkyySW3W8l80To2O+b7ga9qDH1LkXYoZkSmiq C1faCZS04BR3A== Received: by mail-pj1-f72.google.com with SMTP id 98e67ed59e1d1-301192d5d75so804185a91.0 for ; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814568; x=1742419368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bQ5ilq+qjctbW08HSKcwKvLmj0dzCcpGagg2F3uVrL4=; b=cyLJ3LXVnZ3s+ZUBqfMYH7ZodnAugXitJYzj8aFPCC9XGRC4SeMZo8PzXP68rw6KnQ HrNEl/6jb3QUeizflXKGbWSRIedQQQrP43cH2HnkVGDdPvmkUELm6O11U6IRgAMgZIIP VfNs5HlhTis7VgNghE/hlYyg5ick7S7+J2m6k3c0otk6mMeyyAjY2+Xkv7zb9D5Qq/QS GWFAATjm6/lvWAzknbp2trhoctcoubl1FVAX9j2P9PmXp5u/ZtR39IW3w0qb5yNwJNKq lh+JMymE3Hszq8UUArz/z057D4M7m6PIJmguQNjbJjXZGfLK5Yt43j7rEdmfc4VbDDXs pb/Q== X-Forwarded-Encrypted: i=1; AJvYcCWyMwZNbbo8oHlip4brwWigMZ4+xDOdhvZm+FYFQit+c1lI9c5dymPOwSOP/iVVWhrIsVP/3BWd9P02RH4=@vger.kernel.org X-Gm-Message-State: AOJu0Yw/9/MdX8CHDVBclF/H3oLcDdas9a8L6v7yggO5MlGa4nIC9Nm2 +lRNliRniMo9ci95W9emJFpBrmDvS+rjIFDpOZKA8Ckfj0gUr62Bi3JNDicTSwBKwaETrD1FArB Dv2Cgm+3dI8TujnJT1qwCbiOQH4qhUqdU2MMkqTuvCZPuel7yjsMMmVQZ8lJxpIdBZojtCy7wDA Rx2w== X-Gm-Gg: ASbGnculUTHp23xx4tMIYb1FTLNxBfijcWOuZQagtGzmyDo3egE7EjGjoTfv11eodq0 vpVwjkko0TmHbun7tdNaLQHfn8jsNC+IUHO+RspjfBMGBf73zmOG85FvI0bY6U/LTnDB7227NVJ ZFK1TCj+HSuqQyMrtsY6cCrrnon6+NGl5HBXUXBSiuXIyQZC1Ft7BSqj4WJt7YcPE6Mj7u2xKu3 /mlT64wbv1KKh84BCZT5lL5vdGpZ0Zm4NYxm0gfAGmfn5bAJiC3vdr57fK2qnqKv8l7IUspe9TS 545MuuWnRC6po0qJm720Qnp1gsVQRNkO09M//VTlc+1J+zaV04ycvQnkVFxOz0WXUbNrelY= X-Received: by 2002:a17:90b:38c8:b0:2ee:74a1:fba2 with SMTP id 98e67ed59e1d1-2ff7ce84c7bmr34243258a91.20.1741814568678; Wed, 12 Mar 2025 14:22:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE6kNFGkR2Ar2yfV2Wm7/OWkigwZeggzkNDef+VFj2HbCWbxEzVxXle+EcNd+qkPs6JAUusng== X-Received: by 2002:a17:90b:38c8:b0:2ee:74a1:fba2 with SMTP id 98e67ed59e1d1-2ff7ce84c7bmr34243239a91.20.1741814568350; Wed, 12 Mar 2025 14:22:48 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:47 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , =?UTF-8?q?G=C3=BCnther=20Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 3/6] landlock: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:43 -0700 Message-ID: <20250312212148.274205-4-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Landlock currently does not have handling of O_PATH fds. Now that they are being passed to the file_open hook, explicitly skip mediation of them until we can handle them. Signed-off-by: Ryan Lee --- security/landlock/fs.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 0804f76a67be..37b2167bf4c6 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1522,6 +1522,14 @@ static int hook_file_open(struct file *const file) if (!dom) return 0; =20 + /* + * Preserve the behavior of O_PATH fd creation not being mediated, for + * now. Remove this when the comment below about handling O_PATH fds + * is resolved. + */ + if (file->f_flags & O_PATH) + return 0; + /* * Because a file may be opened with O_PATH, get_required_file_open_acces= s() * may return 0. This case will be handled with a future Landlock --=20 2.43.0 base-kernel: v6.14-rc6 From nobody Thu Dec 18 18:04:43 2025 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 793761EF393 for ; Wed, 12 Mar 2025 21:22:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; cv=none; b=iimCSLCwh/5F+vIcXruokf64LikxZo2674XaLZa3d6g8XQSZigTSU6VVRKkdhniplD+cMFxnsgec+Aqs4coRtk3ds05U4J8VFlfVAFMg+CxvdPDolMxR4R7c3E4sibxQJ92UuSj1cO5SCRwF2gie09625HOMlsNX7PyeSgd30bM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814580; c=relaxed/simple; bh=UQi4jGJd9JPX9q54M13Eyu1joQsCWppMerqI6/F5Zeo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JhMwTi0F6F8Y4KJsLZefiw4rhx5Z4a7VrSb8ogqmjsxXy+Jss9fBJKWjVI/nYxiviq+jbmZYnh0dIqwKWnHVxxJXOj3UFNRfSl/uGgQ1GbhTvO7ROw1T7uiCb4PJyXpfED4E2OXbxqJurYnStyrYcDyt8D/qIrJhGYHL5MXNVHM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=sCFyKZak; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="sCFyKZak" Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 73F8D3F71C for ; Wed, 12 Mar 2025 21:22:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814573; bh=vkBChevR2KYwwFZBDZ6M820pfzcyPKZb2PO3mstNSrA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sCFyKZakaUftWxs9QToSa2iYDRjmwymogEnh5bqNk+TcutGHQj9F0evcRwByZfnif mzfGT37QLIhi9GxW0NLVMtPvVL8i/4N1Z11S0gz3Am+a+fAkqQFRcweqS6j45bU4Ps di9NaLEzCZUIPwau/tK1oxZg1naxvstlzn9m0EtpyabpVX0+7NiMlEoRJppbuDrUrZ TbAimvT/OXzsfPIaIbjkJMa3Q18gbvrYKrjQ3Qgj67zWju3huasfBqTn4n75QcTCPB EEgl958EFmTLiUBE5PCwCT2Ve49CRgm6WRLWa80uv8GJk3b4Bj5dvMk0kBsdiq20pi dBXKQP0ViouSg== Received: by mail-pj1-f72.google.com with SMTP id 98e67ed59e1d1-2ff6167e9ccso734407a91.1 for ; Wed, 12 Mar 2025 14:22:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814571; x=1742419371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vkBChevR2KYwwFZBDZ6M820pfzcyPKZb2PO3mstNSrA=; b=kAVfIrBWxrN5QwC13H0VIeKUwAafvktPbVMjdCbMKHqibQ0rRoCnliuIFSdkneA4Uf TcIqzHiasA/aWcgBV2IP+0womcpa1JWhNsgDL6ut4zN79c7SNxpS2PONANb7rx5oRnwz MIanB4tQwhlet/iQRhMulgqg6X7oqOIR8FmVoa6ExlfUHqiB0GgyKRaEVCFaALjIqtvA Mg5JRVMdZQVkmEfmbHSXruqqDs4X38NJl9YQks6QdG+ozj5saNByEm/K8zvJtaucYXXq WOcy7HKGttZtvaSlrmtaQZIng/I0sf5Aevri0k9Gg5cRR99ysMht7m5g5kIpeYrIRSgk OpCQ== X-Forwarded-Encrypted: i=1; AJvYcCUgPsG4Hl/1MmJBNSwGKvaZqBVkbbgPbMd8nUh/n0DSuevwnLaOjOayc9ctpI2hyF+MX8BiJ9SygllrtgI=@vger.kernel.org X-Gm-Message-State: AOJu0YyhcDBpGRy56PuJf0k2rOksh3gD+YCJd7GaEPc0Aox7bhtCb4nS vpaB9ABJRxCD5AN6jlisQuBnxuBVyiE+s+jLhx8V2wZeBJ8wsk7j+PHyi7UDD3npWTs7BzNX9Fz ma8IlHI34qvI+brer0sHwlw7k/GNXPG+ouv7r6Vsm7oJKbt2PxvGGZ0d3sjG5+1Dvcc+OqrVdZU tDCw== X-Gm-Gg: ASbGncvlyW3NGBXH5Y5oMr2qI7RnHiXi4o32f7yKeRh0Y6uPoxrRsH8H2iSCl3Pqv7S exvUXMK/ivYNZZMUU1I4yfABmlvgR49gB8It7kRESAmhkVCQQNfqcVOezfJw6E2eDN1mIGT2x15 jg8Q3Pk6tT0FTulb70qAg7Thgo847s+1OBtKW4RaK9XMmknbrLeJIu3sPuD7cfF1QOo7zxf8etH 9mQlx5ZeuEMUC+br+Xsh0AS9AvpGgA+X4sX6bMlInc+MZAxqNDFG6nfZnoWTIVbEUXDS+EoxR8X 1zyHD5d11eG5jnbEudN5et2YnzwqEAoR6Tjsnrfy428jLNdzTIVpsU8D1MOyDmFXICOs9Ds= X-Received: by 2002:a17:90b:1b05:b0:2ee:8427:4b02 with SMTP id 98e67ed59e1d1-2ff7cef76acmr32847529a91.28.1741814570801; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG2zy2F9PoKbQMeK6fUS3X/Yt717KlC839Q5G4xkP4Nr8/wnDbMYJ8pDxU6TgdAPfQxzzejkA== X-Received: by 2002:a17:90b:1b05:b0:2ee:8427:4b02 with SMTP id 98e67ed59e1d1-2ff7cef76acmr32847501a91.28.1741814570519; Wed, 12 Mar 2025 14:22:50 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:50 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , =?UTF-8?q?G=C3=BCnther=20Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 4/6] selinux: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:44 -0700 Message-ID: <20250312212148.274205-5-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/selinux/hooks.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 07f71e6c2660..886ee9381507 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4009,6 +4009,11 @@ static int selinux_file_open(struct file *file) */ fsec->isid =3D isec->sid; fsec->pseqno =3D avc_policy_seqno(); + + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (file->f_flags & O_PATH) + return 0; + /* * Since the inode label or policy seqno may have changed * between the selinux_inode_permission check and the saving --=20 2.43.0 base-kernel: v6.14-rc6 From nobody Thu Dec 18 18:04:43 2025 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BBB831F130F for ; Wed, 12 Mar 2025 21:23:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; cv=none; b=pewmrOdur7K26WpJAU+9Yb5ivHVesI+gol0a04uX34Z9CLRoilMmUEdkoRzGh3O0lVg8+Y059+AnpUb84ha7ZxNHiYTEY4OfgtrMlc2fO7VO2sKD7/312tYcztOxAAOCUYFTXwOcQ2qmh8Gw5snworlzaqOyXkd93JtLTU7N0qA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814583; c=relaxed/simple; bh=G2e3iolvH9qEslV/akG34i7cS7UuqJvA1p2iiSDOzVc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PthjYb635uazI0uc2HJ0fxTT2/YeSktAUk0HK7VL9y002r542DnQXTt6e4gWqS3Sf7UMb+Xuyi0lSrzbvPnVfs0LXBPoTEKWsGoUxkn51NhI/Ryb3izJXojK/Kz7C+HSXwFR4KlKG3yRSdm7KU6PNiB2FFaqzmig97WVoQnE4aM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=dUGjWfB4; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="dUGjWfB4" Received: from mail-pj1-f69.google.com (mail-pj1-f69.google.com [209.85.216.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 8523A3F1F4 for ; Wed, 12 Mar 2025 21:22:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814578; bh=yf0KmmK+2JCiuqTR1dE5uJSectdXjdHO7BaOi/Ze5/Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dUGjWfB4MVh6GMbZatjMA6Br1feE//dP06FPzq7TXU9MzDzIAx3Z3YO55Z9FVbWRX 7rtoSKfTmY9HOjTvl47BZRrKQYdY+T513U1/TiDHyESuhoXdwHKbkk9yHQ3qWDXvD1 5IxJOFJJx2OOzcWwS3+40T5Z+cuA2w8W0Qgeq0pqvxM9/1156qRxcPR6GVvPP6QSSb w1V/f/ddRHretnppcF4LToQHzb8LXMKXTEiXhGnUFLiVfqblI18bOfLdWG9YxxX+KN 3izU/eZc809+Od93qfSx8mCC5zf4Vzu1RxVXMiCgG+tlC4HmlLQh0GLl0KdPARHwSX 6hgcdmff/PwiQ== Received: by mail-pj1-f69.google.com with SMTP id 98e67ed59e1d1-2ff64898e2aso2105924a91.1 for ; Wed, 12 Mar 2025 14:22:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814574; x=1742419374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yf0KmmK+2JCiuqTR1dE5uJSectdXjdHO7BaOi/Ze5/Q=; b=OgELPD0WUA/nqYheukmQJAx0gx+6FTQyZ4D2YHWxjZxHsg1UQRX7EkHYH8O3MWUIs1 7fZB1Hjn/U4+hXpnwdoiZJktAshf07x8JBTyR8pT9pYm45OxUbo+REVoa+VNKIZDk/qt slsIHJbkUMcv2sXUciBBZSuUAPSOn7b8B1cH4xcqZU4wGC7ZbwLihI+oUyac1X2ORX2g GAMH9tEGPZiniODV0EBXyFmxT8UMO+5oXQS9p5ASmOvTuaXJrDhqlT9LV1jNEjxmw/Zx PmyOVAfQ7kHGr8Hm1Qs0oXIglebhSt0w3vGId1MfyTb7ItQxwMWOxodVIorkps4IZ7Kv +vSg== X-Forwarded-Encrypted: i=1; AJvYcCXkGCJS/2Xl3cnpwptjIASs7Gy4cKKzEsu5aZVn6Sa/MBBEdYtc7IKEfQ5X8FYCbAqXbnOiQC6yjpjrThA=@vger.kernel.org X-Gm-Message-State: AOJu0YzQnosdV9oeMaP2gVndy+u9Nv7IoxS7U2Cz01qKYfuz084Ev15P vwSv4oUivpfhAX0nQ4CQtxV8mLJPeRGGvfLyPdFmzvg0YvvhyVrE3Ti4h4Zmq95JvyCrU5XJUrH QrtVyUFl3SLj/nhCwoqLNKLPE56xo9VO78bbk3cr7Aod1CsG7XTDUqNaaMz9N2D+AufV4Z1wMDr lHDWr2xVLmh4l7 X-Gm-Gg: ASbGncu3JfVj8jsm71bnThfShYTc9vCVTUkkOjZHZUavxdn2lfctUm2iX3a9hkQGchA v1PnMaRd6UeF0phiXnI/y+7mi62qvw7+gGO5MU53wt1cF0wo7GauMUJ8jCUk1jJ/NPNYCe9xuUj chfGNlUHYsqYZ8phGqD7M8t/um7l/ZZuViJSVAxCtfbr6nef0cgLs52xtb2X3O+m2WzkLMhrVnS UWEjcTifMsCldXSnVX/7cmN6zlsiL1o6HOhmx/QrvYLw98fxjWxu1UIdN/dgEm49Kyt6gBWAhHx F3oHiWOKW7uLUrxUb8uv/uUa6WcnR5ikCurAXm0//8rec/ujbLyfKTQX9W+qukAPBgc87LM= X-Received: by 2002:a17:90b:3bce:b0:2ef:ad48:7175 with SMTP id 98e67ed59e1d1-30135f6037cmr88394a91.15.1741814573787; Wed, 12 Mar 2025 14:22:53 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHwAw+1MiMC/B8BNZEJ4oppU1sIELS1vCTl7SNsacHdi/KdGlgg9CgoB/KGdKxX2Zf2vFxSyQ== X-Received: by 2002:a17:90b:3bce:b0:2ef:ad48:7175 with SMTP id 98e67ed59e1d1-30135f6037cmr88319a91.15.1741814572564; Wed, 12 Mar 2025 14:22:52 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:52 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , =?UTF-8?q?G=C3=BCnther=20Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 5/6] smack: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:45 -0700 Message-ID: <20250312212148.274205-6-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/smack/smack_lsm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2f65eb392bc0..c05e223bfb33 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2062,6 +2062,10 @@ static int smack_file_open(struct file *file) struct smk_audit_info ad; int rc; =20 + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (file->f_flags & O_PATH) + return 0; + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, file->f_path); rc =3D smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad); --=20 2.43.0 base-kernel: v6.14-rc6 From nobody Thu Dec 18 18:04:43 2025 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 622381F12F8 for ; Wed, 12 Mar 2025 21:23:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814582; cv=none; b=nIzikmf+2S5F1osyj9vQViOxeTXFtOngFryD2rWIHUXDALWGNyaafF4Jt5TrLMcdPGKUfnKV/JDWoSenv0eEabX19bvNkRw/bHF9kd3BmAT2QaNA27SlQo5e8Ld6gda/Geyu5dGluAcVgidhYsVubmnBtUERJi6JnRI29FIUu+0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741814582; c=relaxed/simple; bh=nQa75EiYN3ygFHWP5CltgBdCU2YvLoFl9S3DeRklaTs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fMOVHQ4i1ccqzOa0bDUjT2tJiSe68q8LsH489d4E6jFCaxsxTb7aFenCmxJ9Dt5TOJId2NCSkKq3Bqi9mEtsz0sGuWfMV6vBk5xwCCV0frlbUfpeL2cCK9U+SjuOhiEklN6O0FkxX4fTKhx9oahkbHc8I7UU82eKTxPtcllukSI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=oPZTfyZk; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="oPZTfyZk" Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 1AAEF3F75A for ; Wed, 12 Mar 2025 21:22:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1741814577; bh=sxXlT+NKuH/R8o+IpND8qEtQPr3+MVFoHvHlcLQeNOw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oPZTfyZkG3nK6Ke3V03kcoylP3G8dBLsS6lUvTeOgmtV7zHW4IEzi8Yr4xDQ29L0O Tc4ThwbLlkrcEDsx0jtWr2UjlomoBNoxjICvEt03YQL4MbSUtNYD4NK26bofnVtMDN +qEcJWrbW56pzagNvte4O4/Qvu4vrTROYN8kP82QiPnAKsXIO25Ul24qhTt2Jspbj/ ilq6UfWcbYPqZUTOrGCAZEkbWRuIb4J7+tKgZS7z/oCxWGMnfoOdOxzn8KQDvQcDt7 EguZr9dBNVGF3vzJ6AfpTnk8rKyTP+SD3sswAmo0HVCxKqdFe5vXFekWoIM8AxWsAV uSL5OesuozGKg== Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2ff581215f7so501241a91.3 for ; Wed, 12 Mar 2025 14:22:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741814575; x=1742419375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sxXlT+NKuH/R8o+IpND8qEtQPr3+MVFoHvHlcLQeNOw=; b=YYYwlk/spZzLf5m5EXPjy51UUh75lqTo6w5LFj97FxsbxdyujxmM5qnUgbAKqvrfye qXVvszPCdNQsl/q0zodyw1S333nJcKWwZk+EfNHdkSnm0aNYS+cuXXKsHzAO+iYVaCuj F51yP2LViLKid+FPqDe5LUSHCBIE1cQFwaaMQCevgFEH0fijiMthoHsYSF/IER0zFkfM yotWJMAt4piZcaTwvs2hEaJSgskdzNcCaEzcoEzeW6Rs0zwfgc4njiS/ufxzMLGMxeqE RkOab1cwfNxFOFiRUW3P8GIt96tmsThSZKcumDUB10dDajnxeKz1cFRvT2FZwnFZw5Mn rrww== X-Forwarded-Encrypted: i=1; AJvYcCVu83w3I6mEeHuHZaHsGwir2CBWCTQSItP+mW1wh4/8SnT4lS0csK1MuoQFZ9U9zRje9Gs0BPLa/unwXnk=@vger.kernel.org X-Gm-Message-State: AOJu0Yw/Si3obCzSPC/az80/rFNz2mGPqJM5ZMVOfxM/o+TwFi8sIVns Upy7eOAS8N9tOMQE4qZy1a+Dges/62CnTyGepM9OLFsKACDYZRI/YgOkFzDoI41M/qNHeuDf1Pd 0abfjLbYlJHgt6VP/RKkLLQ2pMj6p1roP6TUfX9IsKH7fyEB8kQolksl9+puIvDfrolujukQcLE XalA== X-Gm-Gg: ASbGncuVnfDV4+1573lCNePeKq6dHJH0HqH/RYSHZpYX7H7+4mrmjPeb8QIQOcLcj0m 2LvtpI7/dX8kzRwx+SftIfoGLGAWsoy4KqY0zDx7LeaneRXxjHgVOMSav7ZxaRf7azvvcCN1yiH Qq9RNhsjy0oMkK2Ws9vcBKitNct12BnXDEcl5Db3pf6F8tKjmbk6XtXkphdKmLFLuRuThQqwbTH NTci4vY/8gxAKXNX5qoTh6oePmOoV/KCMN8Qbt3aw2p+LGh1OOcis//N8zRAeNsDTGUgyq5AVfK crpoM8wWyzbUzNCqq2RqSAGPIZ59Xw/H2WhCkkDdz0+5dnrZNyXlUngSgRI2OKY6e6BCEs8= X-Received: by 2002:a17:90a:7345:b0:301:1bce:c255 with SMTP id 98e67ed59e1d1-3011bcec36fmr4989223a91.27.1741814575230; Wed, 12 Mar 2025 14:22:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF7VJ3I6Ag0U5c89zoKAvdV8xkokC+gkGPKK5VTC7ZbVdDme14D+x+zHYl4u3ZWPKhOLxMFvA== X-Received: by 2002:a17:90a:7345:b0:301:1bce:c255 with SMTP id 98e67ed59e1d1-3011bcec36fmr4989199a91.27.1741814574931; Wed, 12 Mar 2025 14:22:54 -0700 (PDT) Received: from ryan-lee-laptop-13-amd.. (c-76-103-38-92.hsd1.ca.comcast.net. [76.103.38.92]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-301190b98b7sm2353887a91.32.2025.03.12.14.22.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Mar 2025 14:22:54 -0700 (PDT) From: Ryan Lee To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: Ryan Lee , Alexander Viro , Christian Brauner , Jan Kara , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , =?UTF-8?q?G=C3=BCnther=20Noack?= , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH 6/6] tomoyo: explicitly skip mediation of O_PATH file descriptors Date: Wed, 12 Mar 2025 14:21:46 -0700 Message-ID: <20250312212148.274205-7-ryan.lee@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250312212148.274205-1-ryan.lee@canonical.com> References: <20250312212148.274205-1-ryan.lee@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee --- security/tomoyo/file.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 8f3b90b6e03d..efecfa7d15b2 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -762,6 +762,10 @@ int tomoyo_check_open_permission(struct tomoyo_domain_= info *domain, }; int idx; =20 + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (flag & O_PATH) + return 0; + buf.name =3D NULL; r.mode =3D TOMOYO_CONFIG_DISABLED; idx =3D tomoyo_read_lock(); --=20 2.43.0 base-kernel: v6.14-rc6