]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3df7546) | patch
tomoyo: use realpath if symlink's pathname refers to procfs
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tue, 17 Dec 2024 09:55:32 +0000 (18:55 +0900)
committerTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tue, 17 Dec 2024 10:03:39 +0000 (19:03 +0900)
commit0476fd4ff45261744da6bb2df2f8080571902bf0
tree7276b8dfa635ec2e87be029337c3fcaa4e4f9f90tree
parent3df7546fc03b8f004eee0b9e3256369f7d096685commit | diff
tomoyo: use realpath if symlink's pathname refers to procfs

Fedora 41 has reached Linux 6.12 kernel with TOMOYO enabled. I observed
that /usr/lib/systemd/systemd executes /usr/lib/systemd/systemd-executor
by passing dirfd == 9 or dirfd == 16 upon execveat().

Commit ada1986d0797 ("tomoyo: fallback to realpath if symlink's pathname
does not exist") used realpath only if symlink's pathname does not exist.
But an out of tree patch suggested that it will be reasonable to always
use realpath if symlink's pathname refers to proc filesystem.

Therefore, this patch changes the pathname used for checking "file execute"
and the domainname used after a successful execve() request.

Before:

  <kernel> /usr/lib/systemd/systemd
  file execute proc:/self/fd/16 exec.realpath="/usr/lib/systemd/systemd-executor" exec.argv[0]="/usr/lib/systemd/systemd-executor"
  file execute proc:/self/fd/9 exec.realpath="/usr/lib/systemd/systemd-executor" exec.argv[0]="/usr/lib/systemd/systemd-executor"

  <kernel> /usr/lib/systemd/systemd proc:/self/fd/16
  file execute /usr/sbin/auditd exec.realpath="/usr/sbin/auditd" exec.argv[0]="/usr/sbin/auditd"

  <kernel> /usr/lib/systemd/systemd proc:/self/fd/16 /usr/sbin/auditd

  <kernel> /usr/lib/systemd/systemd proc:/self/fd/9
  file execute /usr/bin/systemctl exec.realpath="/usr/bin/systemctl" exec.argv[0]="/usr/bin/systemctl"

  <kernel> /usr/lib/systemd/systemd proc:/self/fd/9 /usr/bin/systemctl

After:

  <kernel> /usr/lib/systemd/systemd
  file execute /usr/lib/systemd/systemd-executor exec.realpath="/usr/lib/systemd/systemd-executor" exec.argv[0]="/usr/lib/systemd/systemd-executor"

  <kernel> /usr/lib/systemd/systemd /usr/lib/systemd/systemd-executor
  file execute /usr/bin/systemctl exec.realpath="/usr/bin/systemctl" exec.argv[0]="/usr/bin/systemctl"
  file execute /usr/sbin/auditd exec.realpath="/usr/sbin/auditd" exec.argv[0]="/usr/sbin/auditd"

  <kernel> /usr/lib/systemd/systemd /usr/lib/systemd/systemd-executor /usr/bin/systemctl

  <kernel> /usr/lib/systemd/systemd /usr/lib/systemd/systemd-executor /usr/sbin/auditd

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
security/tomoyo/domain.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git