diff options
| author | Konstantin Andreev <andreev@swemel.ru> | 2025-06-16 04:07:32 +0300 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2025-06-22 08:51:32 -0700 |
| commit | 78fc6a94be252b27bb73e4926eed70b5e302a8e0 (patch) | |
| tree | dba4d4233b8a00d820d56beb7570cafa27fc0fb9 /Documentation | |
| parent | 69204f6cdb90f56b7ca27966d1080841108fc5de (diff) | |
| download | lwn-78fc6a94be252b27bb73e4926eed70b5e302a8e0.tar.gz lwn-78fc6a94be252b27bb73e4926eed70b5e302a8e0.zip | |
smack: fix bug: invalid label of unix socket file
According to [1], the label of a UNIX domain socket (UDS)
file (i.e., the filesystem object representing the socket)
is not supposed to participate in Smack security.
To achieve this, [1] labels UDS files with "*"
in smack_d_instantiate().
Before [2], smack_d_instantiate() was responsible
for initializing Smack security for all inodes,
except ones under /proc
[2] imposed the sole responsibility for initializing
inode security for newly created filesystem objects
on smack_inode_init_security().
However, smack_inode_init_security() lacks some logic
present in smack_d_instantiate().
In particular, it does not label UDS files with "*".
This patch adds the missing labeling of UDS files
with "*" to smack_inode_init_security().
Labeling UDS files with "*" in smack_d_instantiate()
still works for stale UDS files that already exist on
disk. Stale UDS files are useless, but I keep labeling
them for consistency and maybe to make easier for user
to delete them.
Compared to [1], this version introduces the following
improvements:
* UDS file label is held inside inode only
and not saved to xattrs.
* relabeling UDS files (setxattr, removexattr, etc.)
is blocked.
[1] 2010-11-24 Casey Schaufler
commit b4e0d5f0791b ("Smack: UDS revision")
[2] 2023-11-16 roberto.sassu
Fixes: e63d86b8b764 ("smack: Initialize the in-memory inode in smack_inode_init_security()")
Link: https://lore.kernel.org/linux-security-module/20231116090125.187209-5-roberto.sassu@huaweicloud.com/
Signed-off-by: Konstantin Andreev <andreev@swemel.ru>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/admin-guide/LSM/Smack.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Documentation/admin-guide/LSM/Smack.rst b/Documentation/admin-guide/LSM/Smack.rst index 6d44f4fdbf59..1b554b5bf98e 100644 --- a/Documentation/admin-guide/LSM/Smack.rst +++ b/Documentation/admin-guide/LSM/Smack.rst @@ -696,6 +696,11 @@ sockets. A privileged program may set this to match the label of another task with which it hopes to communicate. +UNIX domain socket (UDS) with a BSD address functions both as a file in a +filesystem and as a socket. As a file, it carries the SMACK64 attribute. This +attribute is not involved in Smack security enforcement and is immutably +assigned the label "*". + Smack Netlabel Exceptions ~~~~~~~~~~~~~~~~~~~~~~~~~ |