From cb30d388792aca81cf112d6512df7e90003dbf0a Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Oct 05 2016 15:50:17 +0000 Subject: Linux v4.8-2283-ga3443cd --- diff --git a/config-arm-generic b/config-arm-generic index 4759a44..5588faa 100644 --- a/config-arm-generic +++ b/config-arm-generic @@ -148,6 +148,7 @@ CONFIG_HW_RANDOM_BCM2835=m CONFIG_I2C_BCM2835=m CONFIG_SPI_BCM2835=m CONFIG_SPI_BCM2835AUX=m +# CONFIG_SPI_BCM_QSPI is not set CONFIG_BCM2835_WDT=m CONFIG_SND_BCM2835_SOC_I2S=m CONFIG_DRM_VC4=m @@ -686,6 +687,7 @@ CONFIG_NET_VENDOR_MELLANOX=y # CONFIG_REGULATOR_TPS65023 is not set # CONFIG_REGULATOR_TPS6507X is not set # CONFIG_REGULATOR_TPS6524X is not set +# CONFIG_REGULATOR_LTC3676 is not set # drm # CONFIG_DRM_VMWGFX is not set diff --git a/config-arm64 b/config-arm64 index c4d0a1e..88197fc 100644 --- a/config-arm64 +++ b/config-arm64 @@ -149,6 +149,7 @@ CONFIG_PCI_XGENE_MSI=y CONFIG_I2C_XGENE_SLIMPRO=m CONFIG_XGENE_SLIMPRO_MBOX=m CONFIG_MDIO_XGENE=m +# CONFIG_SENSORS_XGENE is not set # AMD Seattle CONFIG_NET_SB1000=y @@ -282,6 +283,7 @@ CONFIG_THUNDER_NIC_PF=m CONFIG_THUNDER_NIC_VF=m CONFIG_THUNDER_NIC_BGX=m # CONFIG_LIQUIDIO is not set +# CONFIG_SPI_THUNDERX is not set CONFIG_SATA_AHCI_PLATFORM=y CONFIG_SATA_AHCI_SEATTLE=m diff --git a/config-armv7 b/config-armv7 index eea55a2..e8427d5 100644 --- a/config-armv7 +++ b/config-armv7 @@ -302,6 +302,8 @@ CONFIG_MSM_GCC_8974=m CONFIG_MSM_MMCC_8974=m CONFIG_MSM_GCC_8996=m CONFIG_MSM_MMCC_8996=m +# CONFIG_MDM_GCC_9615 is not set +# CONFIG_MDM_LCC_9615 is not set CONFIG_HW_RANDOM_MSM=m CONFIG_I2C_QUP=m CONFIG_SPI_QUP=m diff --git a/config-generic b/config-generic index 6bd3b4e..c61a050 100644 --- a/config-generic +++ b/config-generic @@ -222,6 +222,12 @@ CONFIG_BINFMT_MISC=m # CONFIG_COMMON_CLK_OXNAS is not set # CONFIG_COMMON_CLK_HI3519 is not set # CONFIG_SUNXI_CCU is not set +# CONFIG_COMMON_CLK_MT8135 is not set +# CONFIG_COMMON_CLK_MT8173 is not set +# CONFIG_SUN6I_A31_CCU is not set +# CONFIG_SUN8I_A23_CCU is not set +# CONFIG_SUN8I_A33_CCU is not set + # # Generic Driver Options @@ -5455,11 +5461,14 @@ CONFIG_LEDS_TRIGGER_DISK=y CONFIG_LEDS_WM8350=m CONFIG_LEDS_WM831X_STATUS=m # CONFIG_LEDS_DAC124S085 is not set +# CONFIG_LEDS_IS31FL319X is not set # Do not enable the below. They selects the fw user helper, which we don't want # CONFIG_LEDS_LP5521 is not set # CONFIG_LEDS_LP5523 is not set # CONFIG_LEDS_LP5562 is not set # CONFIG_LEDS_LP55XX_COMMON is not set +# CONFIG_LEDS_PM8058 is not set +# CONFIG_LEDS_MLXCPLD is not set CONFIG_DMADEVICES=y CONFIG_DMA_ENGINE=y diff --git a/gitrev b/gitrev index d825b40..f4ff208 100644 --- a/gitrev +++ b/gitrev @@ -1 +1 @@ -21f54ddae449f4bdd9f1498124901d67202243d9 +a3443cda5588985a2724d6d0f4a5f04e625be6eb diff --git a/kernel.spec b/kernel.spec index fa60f66..3a63b06 100644 --- a/kernel.spec +++ b/kernel.spec @@ -69,7 +69,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 1 +%define gitrev 2 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -606,9 +606,6 @@ Patch842: qxl-reapply-cursor-after-SetCrtc-calls.patch # From kernel list, currently in linux-next Patch845: HID-microsoft-Add-Surface-4-type-cover-pro-4-JP.patch -# SELinux OverlayFS support (queued for 4.9) -Patch846: security-selinux-overlayfs-support.patch - #rhbz 1360688 Patch847: rc-core-fix-repeat-events.patch @@ -2157,6 +2154,9 @@ fi # # %changelog +* Wed Oct 05 2016 Laura Abbott - 4.9.0-0.rc0.git2.1 +- Linux v4.8-2283-ga3443cd + * Tue Oct 04 2016 Laura Abbott - 4.9.0-0.rc0.git1.1 - Linux v4.8-1558-g21f54dd - Reenable debugging options. diff --git a/security-selinux-overlayfs-support.patch b/security-selinux-overlayfs-support.patch deleted file mode 100644 index 7149e45..0000000 --- a/security-selinux-overlayfs-support.patch +++ /dev/null @@ -1,931 +0,0 @@ -From 1a93a6eac32a2853177f10e274b9b761b42356eb Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 8 Aug 2016 13:08:25 -0400 -Subject: [PATCH 01/10] security: Use IS_ENABLED() instead of checking for - built-in or module - -The IS_ENABLED() macro checks if a Kconfig symbol has been enabled -either built-in or as a module, use that macro instead of open coding -the same. - -Signed-off-by: Javier Martinez Canillas -Acked-by: Casey Schaufler -Signed-off-by: Paul Moore ---- - security/lsm_audit.c | 2 +- - security/selinux/hooks.c | 12 ++++++------ - security/smack/smack_netfilter.c | 4 ++-- - 3 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/security/lsm_audit.c b/security/lsm_audit.c -index cccbf30..5369036 100644 ---- a/security/lsm_audit.c -+++ b/security/lsm_audit.c -@@ -99,7 +99,7 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb, - } - return ret; - } --#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#if IS_ENABLED(CONFIG_IPV6) - /** - * ipv6_skb_to_auditdata : fill auditdata from skb - * @skb : the skb -diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 13185a6..880f953 100644 ---- a/security/selinux/hooks.c -+++ b/security/selinux/hooks.c -@@ -3984,7 +3984,7 @@ out: - return ret; - } - --#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#if IS_ENABLED(CONFIG_IPV6) - - /* Returns error only if unable to parse addresses */ - static int selinux_parse_skb_ipv6(struct sk_buff *skb, -@@ -4075,7 +4075,7 @@ static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad, - &ad->u.net->v4info.daddr); - goto okay; - --#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#if IS_ENABLED(CONFIG_IPV6) - case PF_INET6: - ret = selinux_parse_skb_ipv6(skb, ad, proto); - if (ret) -@@ -5029,7 +5029,7 @@ static unsigned int selinux_ipv4_forward(void *priv, - return selinux_ip_forward(skb, state->in, PF_INET); - } - --#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#if IS_ENABLED(CONFIG_IPV6) - static unsigned int selinux_ipv6_forward(void *priv, - struct sk_buff *skb, - const struct nf_hook_state *state) -@@ -5087,7 +5087,7 @@ static unsigned int selinux_ipv4_output(void *priv, - return selinux_ip_output(skb, PF_INET); - } - --#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#if IS_ENABLED(CONFIG_IPV6) - static unsigned int selinux_ipv6_output(void *priv, - struct sk_buff *skb, - const struct nf_hook_state *state) -@@ -5273,7 +5273,7 @@ static unsigned int selinux_ipv4_postroute(void *priv, - return selinux_ip_postroute(skb, state->out, PF_INET); - } - --#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#if IS_ENABLED(CONFIG_IPV6) - static unsigned int selinux_ipv6_postroute(void *priv, - struct sk_buff *skb, - const struct nf_hook_state *state) -@@ -6317,7 +6317,7 @@ static struct nf_hook_ops selinux_nf_ops[] = { - .hooknum = NF_INET_LOCAL_OUT, - .priority = NF_IP_PRI_SELINUX_FIRST, - }, --#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#if IS_ENABLED(CONFIG_IPV6) - { - .hook = selinux_ipv6_postroute, - .pf = NFPROTO_IPV6, -diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c -index aa6bf1b..205b785 100644 ---- a/security/smack/smack_netfilter.c -+++ b/security/smack/smack_netfilter.c -@@ -20,7 +20,7 @@ - #include - #include "smack.h" - --#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#if IS_ENABLED(CONFIG_IPV6) - - static unsigned int smack_ipv6_output(void *priv, - struct sk_buff *skb, -@@ -64,7 +64,7 @@ static struct nf_hook_ops smack_nf_ops[] = { - .hooknum = NF_INET_LOCAL_OUT, - .priority = NF_IP_PRI_SELINUX_FIRST, - }, --#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#if IS_ENABLED(CONFIG_IPV6) - { - .hook = smack_ipv6_output, - .pf = NFPROTO_IPV6, --- -2.7.4 - -From 8b31f456c72e53ee97474a538bcd91bfb1b93fb7 Mon Sep 17 00:00:00 2001 -From: William Roberts -Date: Mon, 8 Aug 2016 13:08:34 -0400 -Subject: [PATCH 02/10] selinux: print leading 0x on ioctlcmd audits - -ioctlcmd is currently printing hex numbers, but their is no leading -0x. Thus things like ioctlcmd=1234 are misleading, as the base is -not evident. - -Correct this by adding 0x as a prefix, so ioctlcmd=1234 becomes -ioctlcmd=0x1234. - -Signed-off-by: William Roberts -Signed-off-by: Paul Moore ---- - security/lsm_audit.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/security/lsm_audit.c b/security/lsm_audit.c -index 5369036..9bf8518 100644 ---- a/security/lsm_audit.c -+++ b/security/lsm_audit.c -@@ -257,7 +257,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, - audit_log_format(ab, " ino=%lu", inode->i_ino); - } - -- audit_log_format(ab, " ioctlcmd=%hx", a->u.op->cmd); -+ audit_log_format(ab, " ioctlcmd=0x%hx", a->u.op->cmd); - break; - } - case LSM_AUDIT_DATA_DENTRY: { --- -2.7.4 - -From d8ad8b49618410ddeafd78465b63a6cedd6c9484 Mon Sep 17 00:00:00 2001 -From: Vivek Goyal -Date: Wed, 13 Jul 2016 11:13:56 -0400 -Subject: [PATCH 03/10] security, overlayfs: provide copy up security hook for - unioned files - -Provide a security hook to label new file correctly when a file is copied -up from lower layer to upper layer of a overlay/union mount. - -This hook can prepare a new set of creds which are suitable for new file -creation during copy up. Caller will use new creds to create file and then -revert back to old creds and release new creds. - -Signed-off-by: Vivek Goyal -Acked-by: Stephen Smalley -[PM: whitespace cleanup to appease checkpatch.pl] -Signed-off-by: Paul Moore ---- - fs/overlayfs/copy_up.c | 15 +++++++++++++++ - include/linux/lsm_hooks.h | 11 +++++++++++ - include/linux/security.h | 6 ++++++ - security/security.c | 8 ++++++++ - 4 files changed, 40 insertions(+) - -diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c -index 54e5d66..c297b1f 100644 ---- a/fs/overlayfs/copy_up.c -+++ b/fs/overlayfs/copy_up.c -@@ -246,6 +246,8 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir, - struct dentry *upper = NULL; - umode_t mode = stat->mode; - int err; -+ const struct cred *old_creds = NULL; -+ struct cred *new_creds = NULL; - - newdentry = ovl_lookup_temp(workdir, dentry); - err = PTR_ERR(newdentry); -@@ -258,10 +260,23 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir, - if (IS_ERR(upper)) - goto out1; - -+ err = security_inode_copy_up(dentry, &new_creds); -+ if (err < 0) -+ goto out2; -+ -+ if (new_creds) -+ old_creds = override_creds(new_creds); -+ - /* Can't properly set mode on creation because of the umask */ - stat->mode &= S_IFMT; - err = ovl_create_real(wdir, newdentry, stat, link, NULL, true); - stat->mode = mode; -+ -+ if (new_creds) { -+ revert_creds(old_creds); -+ put_cred(new_creds); -+ } -+ - if (err) - goto out2; - -diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h -index 101bf19..cb69fc8 100644 ---- a/include/linux/lsm_hooks.h -+++ b/include/linux/lsm_hooks.h -@@ -401,6 +401,15 @@ - * @inode contains a pointer to the inode. - * @secid contains a pointer to the location where result will be saved. - * In case of failure, @secid will be set to zero. -+ * @inode_copy_up: -+ * A file is about to be copied up from lower layer to upper layer of -+ * overlay filesystem. Security module can prepare a set of new creds -+ * and modify as need be and return new creds. Caller will switch to -+ * new creds temporarily to create new file and release newly allocated -+ * creds. -+ * @src indicates the union dentry of file that is being copied up. -+ * @new pointer to pointer to return newly allocated creds. -+ * Returns 0 on success or a negative error code on error. - * - * Security hooks for file operations - * -@@ -1425,6 +1434,7 @@ union security_list_options { - int (*inode_listsecurity)(struct inode *inode, char *buffer, - size_t buffer_size); - void (*inode_getsecid)(struct inode *inode, u32 *secid); -+ int (*inode_copy_up)(struct dentry *src, struct cred **new); - - int (*file_permission)(struct file *file, int mask); - int (*file_alloc_security)(struct file *file); -@@ -1696,6 +1706,7 @@ struct security_hook_heads { - struct list_head inode_setsecurity; - struct list_head inode_listsecurity; - struct list_head inode_getsecid; -+ struct list_head inode_copy_up; - struct list_head file_permission; - struct list_head file_alloc_security; - struct list_head file_free_security; -diff --git a/include/linux/security.h b/include/linux/security.h -index 7831cd5..c5b0ccd 100644 ---- a/include/linux/security.h -+++ b/include/linux/security.h -@@ -282,6 +282,7 @@ int security_inode_getsecurity(struct inode *inode, const char *name, void **buf - int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); - int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); - void security_inode_getsecid(struct inode *inode, u32 *secid); -+int security_inode_copy_up(struct dentry *src, struct cred **new); - int security_file_permission(struct file *file, int mask); - int security_file_alloc(struct file *file); - void security_file_free(struct file *file); -@@ -758,6 +759,11 @@ static inline void security_inode_getsecid(struct inode *inode, u32 *secid) - *secid = 0; - } - -+static inline int security_inode_copy_up(struct dentry *src, struct cred **new) -+{ -+ return 0; -+} -+ - static inline int security_file_permission(struct file *file, int mask) - { - return 0; -diff --git a/security/security.c b/security/security.c -index 4838e7f..f2a7f27 100644 ---- a/security/security.c -+++ b/security/security.c -@@ -748,6 +748,12 @@ void security_inode_getsecid(struct inode *inode, u32 *secid) - call_void_hook(inode_getsecid, inode, secid); - } - -+int security_inode_copy_up(struct dentry *src, struct cred **new) -+{ -+ return call_int_hook(inode_copy_up, 0, src, new); -+} -+EXPORT_SYMBOL(security_inode_copy_up); -+ - int security_file_permission(struct file *file, int mask) - { - int ret; -@@ -1684,6 +1690,8 @@ struct security_hook_heads security_hook_heads = { - LIST_HEAD_INIT(security_hook_heads.inode_listsecurity), - .inode_getsecid = - LIST_HEAD_INIT(security_hook_heads.inode_getsecid), -+ .inode_copy_up = -+ LIST_HEAD_INIT(security_hook_heads.inode_copy_up), - .file_permission = - LIST_HEAD_INIT(security_hook_heads.file_permission), - .file_alloc_security = --- -2.7.4 - -From 56909eb3f559103196ecbf2c08c923e0804980fb Mon Sep 17 00:00:00 2001 -From: Vivek Goyal -Date: Wed, 13 Jul 2016 10:44:48 -0400 -Subject: [PATCH 04/10] selinux: Implementation for inode_copy_up() hook - -A file is being copied up for overlay file system. Prepare a new set of -creds and set create_sid appropriately so that new file is created with -appropriate label. - -Overlay inode has right label for both context and non-context mount -cases. In case of non-context mount, overlay inode will have the label -of lower file and in case of context mount, overlay inode will have -the label from context= mount option. - -Signed-off-by: Vivek Goyal -Acked-by: Stephen Smalley -Signed-off-by: Paul Moore ---- - security/selinux/hooks.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 880f953..40597ed 100644 ---- a/security/selinux/hooks.c -+++ b/security/selinux/hooks.c -@@ -3293,6 +3293,26 @@ static void selinux_inode_getsecid(struct inode *inode, u32 *secid) - *secid = isec->sid; - } - -+static int selinux_inode_copy_up(struct dentry *src, struct cred **new) -+{ -+ u32 sid; -+ struct task_security_struct *tsec; -+ struct cred *new_creds = *new; -+ -+ if (new_creds == NULL) { -+ new_creds = prepare_creds(); -+ if (!new_creds) -+ return -ENOMEM; -+ } -+ -+ tsec = new_creds->security; -+ /* Get label from overlay inode and set it in create_sid */ -+ selinux_inode_getsecid(d_inode(src), &sid); -+ tsec->create_sid = sid; -+ *new = new_creds; -+ return 0; -+} -+ - /* file security operations */ - - static int selinux_revalidate_file_permission(struct file *file, int mask) -@@ -6088,6 +6108,7 @@ static struct security_hook_list selinux_hooks[] = { - LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity), - LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity), - LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid), -+ LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up), - - LSM_HOOK_INIT(file_permission, selinux_file_permission), - LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), --- -2.7.4 - -From 121ab822ef21914adac2fa3730efeeb8fd762473 Mon Sep 17 00:00:00 2001 -From: Vivek Goyal -Date: Wed, 13 Jul 2016 10:44:49 -0400 -Subject: [PATCH 05/10] security,overlayfs: Provide security hook for copy up - of xattrs for overlay file - -Provide a security hook which is called when xattrs of a file are being -copied up. This hook is called once for each xattr and LSM can return -0 if the security module wants the xattr to be copied up, 1 if the -security module wants the xattr to be discarded on the copy, -EOPNOTSUPP -if the security module does not handle/manage the xattr, or a -errno -upon an error. - -Signed-off-by: David Howells -Signed-off-by: Vivek Goyal -Acked-by: Stephen Smalley -[PM: whitespace cleanup for checkpatch.pl] -Signed-off-by: Paul Moore ---- - fs/overlayfs/copy_up.c | 7 +++++++ - include/linux/lsm_hooks.h | 10 ++++++++++ - include/linux/security.h | 6 ++++++ - security/security.c | 8 ++++++++ - 4 files changed, 31 insertions(+) - -diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c -index c297b1f..cd65f12 100644 ---- a/fs/overlayfs/copy_up.c -+++ b/fs/overlayfs/copy_up.c -@@ -103,6 +103,13 @@ retry: - goto retry; - } - -+ error = security_inode_copy_up_xattr(name); -+ if (error < 0 && error != -EOPNOTSUPP) -+ break; -+ if (error == 1) { -+ error = 0; -+ continue; /* Discard */ -+ } - error = vfs_setxattr(new, name, value, size, 0); - if (error) - break; -diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h -index cb69fc8..5797122 100644 ---- a/include/linux/lsm_hooks.h -+++ b/include/linux/lsm_hooks.h -@@ -410,6 +410,14 @@ - * @src indicates the union dentry of file that is being copied up. - * @new pointer to pointer to return newly allocated creds. - * Returns 0 on success or a negative error code on error. -+ * @inode_copy_up_xattr: -+ * Filter the xattrs being copied up when a unioned file is copied -+ * up from a lower layer to the union/overlay layer. -+ * @name indicates the name of the xattr. -+ * Returns 0 to accept the xattr, 1 to discard the xattr, -EOPNOTSUPP if -+ * security module does not know about attribute or a negative error code -+ * to abort the copy up. Note that the caller is responsible for reading -+ * and writing the xattrs as this hook is merely a filter. - * - * Security hooks for file operations - * -@@ -1435,6 +1443,7 @@ union security_list_options { - size_t buffer_size); - void (*inode_getsecid)(struct inode *inode, u32 *secid); - int (*inode_copy_up)(struct dentry *src, struct cred **new); -+ int (*inode_copy_up_xattr)(const char *name); - - int (*file_permission)(struct file *file, int mask); - int (*file_alloc_security)(struct file *file); -@@ -1707,6 +1716,7 @@ struct security_hook_heads { - struct list_head inode_listsecurity; - struct list_head inode_getsecid; - struct list_head inode_copy_up; -+ struct list_head inode_copy_up_xattr; - struct list_head file_permission; - struct list_head file_alloc_security; - struct list_head file_free_security; -diff --git a/include/linux/security.h b/include/linux/security.h -index c5b0ccd..536fafd 100644 ---- a/include/linux/security.h -+++ b/include/linux/security.h -@@ -283,6 +283,7 @@ int security_inode_setsecurity(struct inode *inode, const char *name, const void - int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); - void security_inode_getsecid(struct inode *inode, u32 *secid); - int security_inode_copy_up(struct dentry *src, struct cred **new); -+int security_inode_copy_up_xattr(const char *name); - int security_file_permission(struct file *file, int mask); - int security_file_alloc(struct file *file); - void security_file_free(struct file *file); -@@ -764,6 +765,11 @@ static inline int security_inode_copy_up(struct dentry *src, struct cred **new) - return 0; - } - -+static inline int security_inode_copy_up_xattr(const char *name) -+{ -+ return -EOPNOTSUPP; -+} -+ - static inline int security_file_permission(struct file *file, int mask) - { - return 0; -diff --git a/security/security.c b/security/security.c -index f2a7f27..a9e2bb9 100644 ---- a/security/security.c -+++ b/security/security.c -@@ -754,6 +754,12 @@ int security_inode_copy_up(struct dentry *src, struct cred **new) - } - EXPORT_SYMBOL(security_inode_copy_up); - -+int security_inode_copy_up_xattr(const char *name) -+{ -+ return call_int_hook(inode_copy_up_xattr, -EOPNOTSUPP, name); -+} -+EXPORT_SYMBOL(security_inode_copy_up_xattr); -+ - int security_file_permission(struct file *file, int mask) - { - int ret; -@@ -1692,6 +1698,8 @@ struct security_hook_heads security_hook_heads = { - LIST_HEAD_INIT(security_hook_heads.inode_getsecid), - .inode_copy_up = - LIST_HEAD_INIT(security_hook_heads.inode_copy_up), -+ .inode_copy_up_xattr = -+ LIST_HEAD_INIT(security_hook_heads.inode_copy_up_xattr), - .file_permission = - LIST_HEAD_INIT(security_hook_heads.file_permission), - .file_alloc_security = --- -2.7.4 - -From 19472b69d639d58415866bf127d5f9005038c105 Mon Sep 17 00:00:00 2001 -From: Vivek Goyal -Date: Wed, 13 Jul 2016 10:44:50 -0400 -Subject: [PATCH 06/10] selinux: Implementation for inode_copy_up_xattr() hook - -When a file is copied up in overlay, we have already created file on -upper/ with right label and there is no need to copy up selinux -label/xattr from lower file to upper file. In fact in case of context -mount, we don't want to copy up label as newly created file got its label -from context= option. - -Signed-off-by: Vivek Goyal -Acked-by: Stephen Smalley -Signed-off-by: Paul Moore ---- - security/selinux/hooks.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 40597ed..a2d5108 100644 ---- a/security/selinux/hooks.c -+++ b/security/selinux/hooks.c -@@ -3313,6 +3313,21 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new) - return 0; - } - -+static int selinux_inode_copy_up_xattr(const char *name) -+{ -+ /* The copy_up hook above sets the initial context on an inode, but we -+ * don't then want to overwrite it by blindly copying all the lower -+ * xattrs up. Instead, we have to filter out SELinux-related xattrs. -+ */ -+ if (strcmp(name, XATTR_NAME_SELINUX) == 0) -+ return 1; /* Discard */ -+ /* -+ * Any other attribute apart from SELINUX is not claimed, supported -+ * by selinux. -+ */ -+ return -EOPNOTSUPP; -+} -+ - /* file security operations */ - - static int selinux_revalidate_file_permission(struct file *file, int mask) -@@ -6109,6 +6124,7 @@ static struct security_hook_list selinux_hooks[] = { - LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity), - LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid), - LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up), -+ LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr), - - LSM_HOOK_INIT(file_permission, selinux_file_permission), - LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), --- -2.7.4 - -From c957f6df52c509ccfbb96659fd1a0f7812de333f Mon Sep 17 00:00:00 2001 -From: Vivek Goyal -Date: Wed, 13 Jul 2016 10:44:51 -0400 -Subject: [PATCH 07/10] selinux: Pass security pointer to - determine_inode_label() - -Right now selinux_determine_inode_label() works on security pointer of -current task. Soon I need this to work on a security pointer retrieved -from a set of creds. So start passing in a pointer and caller can -decide where to fetch security pointer from. - -Signed-off-by: Vivek Goyal -Acked-by: Stephen Smalley -Signed-off-by: Paul Moore ---- - security/selinux/hooks.c | 19 ++++++++++--------- - 1 file changed, 10 insertions(+), 9 deletions(-) - -diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index a2d5108..f9d398b 100644 ---- a/security/selinux/hooks.c -+++ b/security/selinux/hooks.c -@@ -1808,13 +1808,13 @@ out: - /* - * Determine the label for an inode that might be unioned. - */ --static int selinux_determine_inode_label(struct inode *dir, -- const struct qstr *name, -- u16 tclass, -- u32 *_new_isid) -+static int -+selinux_determine_inode_label(const struct task_security_struct *tsec, -+ struct inode *dir, -+ const struct qstr *name, u16 tclass, -+ u32 *_new_isid) - { - const struct superblock_security_struct *sbsec = dir->i_sb->s_security; -- const struct task_security_struct *tsec = current_security(); - - if ((sbsec->flags & SE_SBINITIALIZED) && - (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) { -@@ -1857,8 +1857,8 @@ static int may_create(struct inode *dir, - if (rc) - return rc; - -- rc = selinux_determine_inode_label(dir, &dentry->d_name, tclass, -- &newsid); -+ rc = selinux_determine_inode_label(current_security(), dir, -+ &dentry->d_name, tclass, &newsid); - if (rc) - return rc; - -@@ -2838,7 +2838,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, - u32 newsid; - int rc; - -- rc = selinux_determine_inode_label(d_inode(dentry->d_parent), name, -+ rc = selinux_determine_inode_label(current_security(), -+ d_inode(dentry->d_parent), name, - inode_mode_to_security_class(mode), - &newsid); - if (rc) -@@ -2863,7 +2864,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, - sid = tsec->sid; - newsid = tsec->create_sid; - -- rc = selinux_determine_inode_label( -+ rc = selinux_determine_inode_label(current_security(), - dir, qstr, - inode_mode_to_security_class(inode->i_mode), - &newsid); --- -2.7.4 - -From 2602625b7e46576b00db619ac788c508ba3bcb2c Mon Sep 17 00:00:00 2001 -From: Vivek Goyal -Date: Wed, 13 Jul 2016 10:44:52 -0400 -Subject: [PATCH 08/10] security, overlayfs: Provide hook to correctly label - newly created files - -During a new file creation we need to make sure new file is created with the -right label. New file is created in upper/ so effectively file should get -label as if task had created file in upper/. - -We switched to mounter's creds for actual file creation. Also if there is a -whiteout present, then file will be created in work/ dir first and then -renamed in upper. In none of the cases file will be labeled as we want it to -be. - -This patch introduces a new hook dentry_create_files_as(), which determines -the label/context dentry will get if it had been created by task in upper -and modify passed set of creds appropriately. Caller makes use of these new -creds for file creation. - -Signed-off-by: Vivek Goyal -Acked-by: Stephen Smalley -[PM: fix whitespace issues found with checkpatch.pl] -[PM: changes to use stat->mode in ovl_create_or_link()] -Signed-off-by: Paul Moore ---- - fs/overlayfs/dir.c | 10 ++++++++++ - include/linux/lsm_hooks.h | 15 +++++++++++++++ - include/linux/security.h | 12 ++++++++++++ - security/security.c | 11 +++++++++++ - 4 files changed, 48 insertions(+) - -diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c -index 12bcd07..a155e52 100644 ---- a/fs/overlayfs/dir.c -+++ b/fs/overlayfs/dir.c -@@ -435,6 +435,15 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, - if (override_cred) { - override_cred->fsuid = inode->i_uid; - override_cred->fsgid = inode->i_gid; -+ if (!hardlink) { -+ err = security_dentry_create_files_as(dentry, -+ stat->mode, &dentry->d_name, old_cred, -+ override_cred); -+ if (err) { -+ put_cred(override_cred); -+ goto out_revert_creds; -+ } -+ } - put_cred(override_creds(override_cred)); - put_cred(override_cred); - -@@ -445,6 +454,7 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, - err = ovl_create_over_whiteout(dentry, inode, stat, - link, hardlink); - } -+out_revert_creds: - revert_creds(old_cred); - if (!err) { - struct inode *realinode = d_inode(ovl_dentry_upper(dentry)); -diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h -index 5797122..f2af2af 100644 ---- a/include/linux/lsm_hooks.h -+++ b/include/linux/lsm_hooks.h -@@ -151,6 +151,16 @@ - * @name name of the last path component used to create file - * @ctx pointer to place the pointer to the resulting context in. - * @ctxlen point to place the length of the resulting context. -+ * @dentry_create_files_as: -+ * Compute a context for a dentry as the inode is not yet available -+ * and set that context in passed in creds so that new files are -+ * created using that context. Context is calculated using the -+ * passed in creds and not the creds of the caller. -+ * @dentry dentry to use in calculating the context. -+ * @mode mode used to determine resource type. -+ * @name name of the last path component used to create file -+ * @old creds which should be used for context calculation -+ * @new creds to modify - * - * - * Security hooks for inode operations. -@@ -1375,6 +1385,10 @@ union security_list_options { - int (*dentry_init_security)(struct dentry *dentry, int mode, - const struct qstr *name, void **ctx, - u32 *ctxlen); -+ int (*dentry_create_files_as)(struct dentry *dentry, int mode, -+ struct qstr *name, -+ const struct cred *old, -+ struct cred *new); - - - #ifdef CONFIG_SECURITY_PATH -@@ -1675,6 +1689,7 @@ struct security_hook_heads { - struct list_head sb_clone_mnt_opts; - struct list_head sb_parse_opts_str; - struct list_head dentry_init_security; -+ struct list_head dentry_create_files_as; - #ifdef CONFIG_SECURITY_PATH - struct list_head path_unlink; - struct list_head path_mkdir; -diff --git a/include/linux/security.h b/include/linux/security.h -index 536fafd..a6c6d5d 100644 ---- a/include/linux/security.h -+++ b/include/linux/security.h -@@ -242,6 +242,10 @@ int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); - int security_dentry_init_security(struct dentry *dentry, int mode, - const struct qstr *name, void **ctx, - u32 *ctxlen); -+int security_dentry_create_files_as(struct dentry *dentry, int mode, -+ struct qstr *name, -+ const struct cred *old, -+ struct cred *new); - - int security_inode_alloc(struct inode *inode); - void security_inode_free(struct inode *inode); -@@ -600,6 +604,14 @@ static inline int security_dentry_init_security(struct dentry *dentry, - return -EOPNOTSUPP; - } - -+static inline int security_dentry_create_files_as(struct dentry *dentry, -+ int mode, struct qstr *name, -+ const struct cred *old, -+ struct cred *new) -+{ -+ return 0; -+} -+ - - static inline int security_inode_init_security(struct inode *inode, - struct inode *dir, -diff --git a/security/security.c b/security/security.c -index a9e2bb9..f825304 100644 ---- a/security/security.c -+++ b/security/security.c -@@ -364,6 +364,15 @@ int security_dentry_init_security(struct dentry *dentry, int mode, - } - EXPORT_SYMBOL(security_dentry_init_security); - -+int security_dentry_create_files_as(struct dentry *dentry, int mode, -+ struct qstr *name, -+ const struct cred *old, struct cred *new) -+{ -+ return call_int_hook(dentry_create_files_as, 0, dentry, mode, -+ name, old, new); -+} -+EXPORT_SYMBOL(security_dentry_create_files_as); -+ - int security_inode_init_security(struct inode *inode, struct inode *dir, - const struct qstr *qstr, - const initxattrs initxattrs, void *fs_data) -@@ -1635,6 +1644,8 @@ struct security_hook_heads security_hook_heads = { - LIST_HEAD_INIT(security_hook_heads.sb_parse_opts_str), - .dentry_init_security = - LIST_HEAD_INIT(security_hook_heads.dentry_init_security), -+ .dentry_create_files_as = -+ LIST_HEAD_INIT(security_hook_heads.dentry_create_files_as), - #ifdef CONFIG_SECURITY_PATH - .path_unlink = LIST_HEAD_INIT(security_hook_heads.path_unlink), - .path_mkdir = LIST_HEAD_INIT(security_hook_heads.path_mkdir), --- -2.7.4 - -From a518b0a5b0d7f3397e065acb956bca9635aa892d Mon Sep 17 00:00:00 2001 -From: Vivek Goyal -Date: Wed, 13 Jul 2016 10:44:53 -0400 -Subject: [PATCH 09/10] selinux: Implement dentry_create_files_as() hook - -Calculate what would be the label of newly created file and set that -secid in the passed creds. - -Context of the task which is actually creating file is retrieved from -set of creds passed in. (old->security). - -Signed-off-by: Vivek Goyal -Acked-by: Stephen Smalley -Signed-off-by: Paul Moore ---- - security/selinux/hooks.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index f9d398b..e15e560 100644 ---- a/security/selinux/hooks.c -+++ b/security/selinux/hooks.c -@@ -2848,6 +2848,27 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, - return security_sid_to_context(newsid, (char **)ctx, ctxlen); - } - -+static int selinux_dentry_create_files_as(struct dentry *dentry, int mode, -+ struct qstr *name, -+ const struct cred *old, -+ struct cred *new) -+{ -+ u32 newsid; -+ int rc; -+ struct task_security_struct *tsec; -+ -+ rc = selinux_determine_inode_label(old->security, -+ d_inode(dentry->d_parent), name, -+ inode_mode_to_security_class(mode), -+ &newsid); -+ if (rc) -+ return rc; -+ -+ tsec = new->security; -+ tsec->create_sid = newsid; -+ return 0; -+} -+ - static int selinux_inode_init_security(struct inode *inode, struct inode *dir, - const struct qstr *qstr, - const char **name, -@@ -6098,6 +6119,7 @@ static struct security_hook_list selinux_hooks[] = { - LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str), - - LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security), -+ LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as), - - LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security), - LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security), --- -2.7.4 - -From 348a0db9e69e4c214bf5d7677f17cb99cdc47db0 Mon Sep 17 00:00:00 2001 -From: William Roberts -Date: Mon, 15 Aug 2016 12:42:12 -0700 -Subject: [PATCH 10/10] selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAX - -Remove the SECURITY_SELINUX_POLICYDB_VERSION_MAX Kconfig option - -Per: https://github.com/SELinuxProject/selinux/wiki/Kernel-Todo - -This was only needed on Fedora 3 and 4 and just causes issues now, -so drop it. - -The MAX and MIN should just be whatever the kernel can support. - -Signed-off-by: William Roberts -Signed-off-by: Paul Moore ---- - security/selinux/Kconfig | 38 ------------------------------------- - security/selinux/include/security.h | 4 ---- - 2 files changed, 42 deletions(-) - -diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig -index 8691e92..ea7e3ef 100644 ---- a/security/selinux/Kconfig -+++ b/security/selinux/Kconfig -@@ -93,41 +93,3 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE - via /selinux/checkreqprot if authorized by policy. - - If you are unsure how to answer this question, answer 0. -- --config SECURITY_SELINUX_POLICYDB_VERSION_MAX -- bool "NSA SELinux maximum supported policy format version" -- depends on SECURITY_SELINUX -- default n -- help -- This option enables the maximum policy format version supported -- by SELinux to be set to a particular value. This value is reported -- to userspace via /selinux/policyvers and used at policy load time. -- It can be adjusted downward to support legacy userland (init) that -- does not correctly handle kernels that support newer policy versions. -- -- Examples: -- For the Fedora Core 3 or 4 Linux distributions, enable this option -- and set the value via the next option. For Fedora Core 5 and later, -- do not enable this option. -- -- If you are unsure how to answer this question, answer N. -- --config SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE -- int "NSA SELinux maximum supported policy format version value" -- depends on SECURITY_SELINUX_POLICYDB_VERSION_MAX -- range 15 23 -- default 19 -- help -- This option sets the value for the maximum policy format version -- supported by SELinux. -- -- Examples: -- For Fedora Core 3, use 18. -- For Fedora Core 4, use 19. -- -- If you are unsure how to answer this question, look for the -- policy format version supported by your policy toolchain, by -- running 'checkpolicy -V'. Or look at what policy you have -- installed under /etc/selinux/$SELINUXTYPE/policy, where -- SELINUXTYPE is defined in your /etc/selinux/config. -- -diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h -index 38feb55..308a286 100644 ---- a/security/selinux/include/security.h -+++ b/security/selinux/include/security.h -@@ -39,11 +39,7 @@ - - /* Range of policy versions we understand*/ - #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE --#ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX --#define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE --#else - #define POLICYDB_VERSION_MAX POLICYDB_VERSION_XPERMS_IOCTL --#endif - - /* Mask for just the mount related flags */ - #define SE_MNTMASK 0x0f --- -2.7.4 - diff --git a/sources b/sources index d1da58f..556a70a 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ c1af0afbd3df35c1ccdc7a5118cd2d07 linux-4.8.tar.xz 0dad03f586e835d538d3e0d2cbdb9a28 perf-man-4.8.tar.gz 16c84040a62d0127bc02b8cad49910fd patch-4.8-git1.xz +7d9925bfab67c065fbfa4df91cf9a4b4 patch-4.8-git2.xz