kernel/security/Kconfig, branch linux-5.1.y

LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"

2019-03-29T21:08:49Z

Commit 70b62c25665f636c ("LoadPin: Initialize as ordered LSM") removed CONFIG_DEFAULT_SECURITY_{SELINUX,SMACK,TOMOYO,APPARMOR,DAC} from security/Kconfig and changed CONFIG_LSM to provide a fixed ordering as a default value. That commit expected that existing users (upgrading from Linux 5.0 and earlier) will edit CONFIG_LSM value in accordance with their CONFIG_DEFAULT_SECURITY_* choice in their old kernel configs. But since users might forget to edit CONFIG_LSM value, this patch revives the choice (only for providing the default value for CONFIG_LSM) in order to make sure that CONFIG_LSM reflects CONFIG_DEFAULT_SECURITY_* from their old kernel configs. Note that since TOMOYO can be fully stacked against the other legacy major LSMs, when it is selected, it explicitly disables the other LSMs to avoid them also initializing since TOMOYO does not expect this currently. Reported-by: Jakub Kicinski Reported-by: Randy Dunlap Fixes: 70b62c25665f636c ("LoadPin: Initialize as ordered LSM") Co-developed-by: Tetsuo Handa Signed-off-by: Tetsuo Handa Signed-off-by: Kees Cook Acked-by: Casey Schaufler Signed-off-by: James Morris

LSM: Update list of SECURITYFS users in Kconfig

2019-03-01T17:52:54Z

Remove modules not using it (SELinux and SMACK aren't the only ones not using it). Signed-off-by: Petr Vorel Signed-off-by: James Morris

LSM: add SafeSetID module that gates setid calls

2019-01-25T19:22:45Z

SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist. These restrictions also prohibit the given UIDs/GIDs from obtaining auxiliary privileges associated with CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID mappings. For now, only gating the set*uid family of syscalls is supported, with support for set*gid coming in a future patch set. Signed-off-by: Micah Morton Acked-by: Kees Cook Signed-off-by: James Morris

Yama: Initialize as ordered LSM

2019-01-08T21:18:43Z

This converts Yama from being a direct "minor" LSM into an ordered LSM. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler

LoadPin: Initialize as ordered LSM

2019-01-08T21:18:43Z

This converts LoadPin from being a direct "minor" LSM into an ordered LSM. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler

LSM: Introduce "lsm=" for boottime LSM selection

2019-01-08T21:18:42Z

Provide a way to explicitly choose LSM initialization order via the new "lsm=" comma-separated list of LSMs. Signed-off-by: Kees Cook

LSM: Introduce CONFIG_LSM

2019-01-08T21:18:42Z

This provides a way to declare LSM initialization order via the new CONFIG_LSM. Currently only non-major LSMs are recognized. This will be expanded in future patches. Signed-off-by: Kees Cook

treewide: surround Kconfig file paths with double quotes

2018-12-21T15:25:54Z

The Kconfig lexer supports special characters such as '.' and '/' in the parameter context. In my understanding, the reason is just to support bare file paths in the source statement. I do not see a good reason to complicate Kconfig for the room of ambiguity. The majority of code already surrounds file paths with double quotes, and it makes sense since file paths are constant string literals. Make it treewide consistent now. Signed-off-by: Masahiro Yamada Acked-by: Wolfram Sang Acked-by: Geert Uytterhoeven Acked-by: Ingo Molnar

Revert "x86/mm/legacy: Populate the user page-table with user pgd's"

2018-09-14T15:08:45Z

This reverts commit 1f40a46cf47c12d93a5ad9dccd82bd36ff8f956a. It turned out that this patch is not sufficient to enable PTI on 32 bit systems with legacy 2-level page-tables. In this paging mode the huge-page PTEs are in the top-level page-table directory, where also the mirroring to the user-space page-table happens. So every huge PTE exits twice, in the kernel and in the user page-table. That means that accessed/dirty bits need to be fetched from two PTEs in this mode to be safe, but this is not trivial to implement because it needs changes to generic code just for the sake of enabling PTI with 32-bit legacy paging. As all systems that need PTI should support PAE anyway, remove support for PTI when 32-bit legacy paging is used. Fixes: 7757d607c6b3 ('x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32') Reported-by: Meelis Roos Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Cc: hpa@zytor.com Cc: linux-mm@kvack.org Cc: Linus Torvalds Cc: Andy Lutomirski Cc: Dave Hansen Cc: Borislav Petkov Cc: Andrea Arcangeli Link: https://lkml.kernel.org/r/1536922754-31379-1-git-send-email-joro@8bytes.org

Merge tag 'hardened-usercopy-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

2018-08-15T15:45:54Z

Pull hardened usercopy updates from Kees Cook: "This cleans up a minor Kconfig issue and adds a kernel boot option for disabling hardened usercopy for distro users that may have corner-case performance issues (e.g. high bandwidth small-packet UDP traffic). Summary: - drop unneeded Kconfig "select BUG" (Kamal Mostafa) - add "hardened_usercopy=off" rare performance needs (Chris von Recklinghausen)" * tag 'hardened-usercopy-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: usercopy: Allow boot cmdline disabling of hardening usercopy: Do not select BUG with HARDENED_USERCOPY