For programming questions about the Linux Security Module (LSM), a framework used by the Linux kernel for security checks.
For programming questions about the Linux Security Module (LSM), a framework used by the Linux kernel for security checks.
Questions tagged [linux-security-module]
32 questions
0
votes
0 answers
ebpf + lsm - krsi_get_env_var is invalid
#!/usr/bin/env python3
from bcc import BPF
BPF_PROGRAM = """
#include
#include
#include
#define __LOWER(x) (x & 0xffffffff)
#define __UPPER(x) (x >> 32)
#define MAX_SIZE…
0
votes
0 answers
What does "invalid_context" in /var/log/audit/audit.log mean?
I have a SELinux log line from /var/log/audit/audit.log as below:
*type=SELINUX_ERR msg=audit(1686136392.111:154486): op=security_compute_sid invalid_context="user_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"…
teckky
- 1
0
votes
0 answers
Linux Security Module: Is there a way to check/audit shared library loading?
I'm working on a linux security module based on xattr (file's extended attributes), and I want to implement security measures to prevent shared libraries without certain xattr from loading. This requires me to hook file_open and check the file's…
Pairman
- 1
- 2
0
votes
0 answers
How can I correctly read a file in a LSM?
I am recently working on a LSM that load some configurations from file.
Tried filp_open() before, but it turned out a kernel panic.
Linux kernel source version: 5.15.77
Smtbook
- 1
- 1
0
votes
1 answer
Why Linux kernel LSM_HOOK macro is defined with many parameters?
In Linux kernel, the LSM_HOOK usage is like:
LSM_HOOK(int, 0, binder_set_context_mgr, const struct cred *mgr)
LSM_HOOK(int, 0, binder_transaction, const struct cred *from,
const struct cred *to)
LSM_HOOK(int, 0, binder_transfer_binder, const…
Junhui Zhu
- 93
- 5
0
votes
1 answer
In the latest linux kernel is it possible to write a loadable Linux Security Module (LSM), which can be loaded and unloaded using insmod and rmmod?
I am a beginner in the field of Linux kernel programming. I was studying Linux Security Modules (LSM). The references which I have seen (recent ones) especially this video here, bakes the module written into the kernel itself, and then the entire…
Abhishek Ghosh
- 597
- 7
- 18
0
votes
0 answers
How to correctly hook lsm on linux 5.1x
Below code can hook lsm successfully on Redhat8 server, but it will cause crash on Redhat9 server. I have try to find any resource about hlist_add_head_rcu or hook way change on linux 5.1x but cannot find any useful workaround. Could you help check…
T.Cris
- 53
- 6
0
votes
0 answers
Security for setns system call
Are there any relevant LSM hooks in the Linux kernel, not proposed patches, that can be used to secure the use of the setns system call? If there isn't, then what can be used to restrict the namespaces that a process can switch into?
Melab
- 2,594
- 7
- 30
- 51
0
votes
1 answer
How to get SECMARK work on Ubuntu 18.04 or centOS 7.7
I have a question about SECMARK, a package labeling function in iptables.
I tried to config based on Paul Moore's guide(a very old 14 yrs old blog), but it turns out an error on both ubuntu 18.04 and centOS 7.7:
command: iptables -t mangle -A INPUT…
JackABlack
- 11
- 2
0
votes
1 answer
absolute path of executable in multipartition Linux
I am using LSM hook to intercept exec system call to print the path of the executable being executed. On Debian with default partitioning options, the path of the executable is absolute path. But on Debian with multiple partions having separate…
incompetent
- 1,715
- 18
- 29
0
votes
0 answers
Monitoring Linux logs for an ec2 instance
How do I monitor Linux logs for an ec2 instance? I was thinking of using guard duty but came to know that it doesn't scan the os logs. How do I ensure that if any kind of attack/security threat happens into the ec2 instance I get notified…
Murchana Adhikary
- 15
- 6
0
votes
1 answer
eBPF: insert a new inner map to `BPF_MAP_TYPE_HASH_OF_MAPS`?
I am trying to implement LSM BPF programs and I want to use BPF_MAP_TYPE_HASH_OF_MAPS to store information for each super block as the sb_alloc_security LSM hook is triggered. For example, I want to define the map as:
struct bpf_map_def SEC("SBMap")…
vanbastelaer
- 368
- 2
- 15
0
votes
1 answer
Why does this kernel_write-call crash?
Whenever I try to write to a file inside the Linux Security Module I am working on, the kernel crashes with the error message below.
I tried using vfs_write instead of kernel_write, tried using a normal character array instead of the buffer I am…
0
votes
1 answer
SELinux - how do I call my custom interface?
I wrote a new policy contains new type definition (.te) and interface method (.if):
.te file:
policy_module(dummy, 1.0.0)
type dummy_t;
files_type(dummy_t)
.if file:
##
## Do Bla bla
##
##
## …
0
votes
1 answer
How do I register a security module with register_security on linux-kernel 4.18?
At the moment i'm trying to register a linux security module with a hook on system call file open. I can't seem to find the register_security function anywhere. Can someone tell me where it is and if it's still possible to do such hook.
Here's what…
Francois Rioux
- 1
- 1