superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include
History
Thiébaud Weksteen 094e94d13b memfd,selinux: call security_inode_init_security_anon() 
Prior to this change, no security hooks were called at the creation of a
memfd file. It means that, for SELinux as an example, it will receive
the default type of the filesystem that backs the in-memory inode. In
most cases, that would be tmpfs, but if MFD_HUGETLB is passed, it will
be hugetlbfs. Both can be considered implementation details of memfd.

It also means that it is not possible to differentiate between a file
coming from memfd_create and a file coming from a standard tmpfs mount
point.

Additionally, no permission is validated at creation, which differs from
the similar memfd_secret syscall.

Call security_inode_init_security_anon during creation. This ensures
that the file is setup similarly to other anonymous inodes. On SELinux,
it means that the file will receive the security context of its task.

The ability to limit fexecve on memfd has been of interest to avoid
potential pitfalls where /proc/self/exe or similar would be executed
[1][2]. Reuse the "execute_no_trans" and "entrypoint" access vectors,
similarly to the file class. These access vectors may not make sense for
the existing "anon_inode" class. Therefore, define and assign a new
class "memfd_file" to support such access vectors.

Guard these changes behind a new policy capability named "memfd_class".

[1] https://crbug.com/1305267
[2] https://lore.kernel.org/lkml/20221215001205.51969-1-jeffxu@google.com/

Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
[PM: subj tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
 		2025-10-22 19:28:27 -04:00
..
acpi More power management updates for 6.18-rc1 2025-10-07 09:39:51 -07:00
asm-generic hyperv-next for v6.18 2025-10-07 08:40:15 -07:00
clocksource
crypto This update includes the following changes: 2025-10-04 14:59:29 -07:00
cxl
drm drm/gpuvm: Fix kernel-doc warning for drm_gpuvm_map_req.map 2025-10-15 18:37:05 +02:00
dt-bindings There's a bunch of patches here across drivers/clk/ to migrate drivers to use 2025-10-07 09:28:37 -07:00
hyperv hyperv: Remove the spurious null directive line 2025-10-02 21:21:24 +00:00
keys
kunit linux_kselftest-kunit-6.18-rc1 2025-10-01 19:15:11 -07:00
kvm KVM: arm64: Kill leftovers of ad-hoc timer userspace access 2025-10-13 14:42:41 +01:00
linux memfd,selinux: call security_inode_init_security_anon() 2025-10-22 19:28:27 -04:00
math-emu
media
memory
misc
net net/ip6_tunnel: Prevent perpetual tunnel growth 2025-10-13 17:43:46 -07:00
pcmcia
ras
rdma
rv
scsi SCSI misc on 20251002 2025-10-03 19:17:48 -07:00
soc There's a bunch of patches here across drivers/clk/ to migrate drivers to use 2025-10-07 09:28:37 -07:00
sound ASoC: tas2781: Support more newly-released amplifiers tas58xx in the driver 2025-10-13 11:08:09 +01:00
target
trace dma-mapping fixes for Linux 6.18: 2025-10-07 12:48:06 -07:00
uapi ARM: 2025-10-18 07:07:14 -10:00
ufs scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS 2025-09-30 16:10:29 -04:00
vdso Updates for the VDSO subsystem: 2025-09-30 16:58:21 -07:00
video
xen
Kbuild