Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'tomoyo-pr-20250123' of git://git.code.sf.net/p/tomoyo/tomoyo

Pull tomoyo updates from Tetsuo Handa:
"Small changes to improve usability"

* tag 'tomoyo-pr-20250123' of git://git.code.sf.net/p/tomoyo/tomoyo:
tomoyo: automatically use patterns for several situations in learning mode
tomoyo: use realpath if symlink's pathname refers to procfs
tomoyo: don't emit warning in tomoyo_write_control()

+40 -3
+31 -1
security/tomoyo/common.c
··· 2024 2024 if (!buffer) 2025 2025 return; 2026 2026 snprintf(buffer, len - 1, "%s", cp); 2027 + if (*cp == 'f' && strchr(buffer, ':')) { 2028 + /* Automatically replace 2 or more digits with \$ pattern. */ 2029 + char *cp2; 2030 + 2031 + /* e.g. file read proc:/$PID/stat */ 2032 + cp = strstr(buffer, " proc:/"); 2033 + if (cp && simple_strtoul(cp + 7, &cp2, 10) >= 10 && *cp2 == '/') { 2034 + *(cp + 7) = '\\'; 2035 + *(cp + 8) = '$'; 2036 + memmove(cp + 9, cp2, strlen(cp2) + 1); 2037 + goto ok; 2038 + } 2039 + /* e.g. file ioctl pipe:[$INO] $CMD */ 2040 + cp = strstr(buffer, " pipe:["); 2041 + if (cp && simple_strtoul(cp + 7, &cp2, 10) >= 10 && *cp2 == ']') { 2042 + *(cp + 7) = '\\'; 2043 + *(cp + 8) = '$'; 2044 + memmove(cp + 9, cp2, strlen(cp2) + 1); 2045 + goto ok; 2046 + } 2047 + /* e.g. file ioctl socket:[$INO] $CMD */ 2048 + cp = strstr(buffer, " socket:["); 2049 + if (cp && simple_strtoul(cp + 9, &cp2, 10) >= 10 && *cp2 == ']') { 2050 + *(cp + 9) = '\\'; 2051 + *(cp + 10) = '$'; 2052 + memmove(cp + 11, cp2, strlen(cp2) + 1); 2053 + goto ok; 2054 + } 2055 + } 2056 + ok: 2027 2057 if (realpath) 2028 2058 tomoyo_addprintf(buffer, len, " exec.%s", realpath); 2029 2059 if (argv0) ··· 2695 2665 2696 2666 if (head->w.avail >= head->writebuf_size - 1) { 2697 2667 const int len = head->writebuf_size * 2; 2698 - char *cp = kzalloc(len, GFP_NOFS); 2668 + char *cp = kzalloc(len, GFP_NOFS | __GFP_NOWARN); 2699 2669 2700 2670 if (!cp) { 2701 2671 error = -ENOMEM;
+9 -2
security/tomoyo/domain.c
··· 722 722 ee->bprm = bprm; 723 723 ee->r.obj = &ee->obj; 724 724 ee->obj.path1 = bprm->file->f_path; 725 - /* Get symlink's pathname of program. */ 725 + /* 726 + * Get symlink's pathname of program, but fallback to realpath if 727 + * symlink's pathname does not exist or symlink's pathname refers 728 + * to proc filesystem (e.g. /dev/fd/<num> or /proc/self/fd/<num> ). 729 + */ 726 730 exename.name = tomoyo_realpath_nofollow(original_name); 731 + if (exename.name && !strncmp(exename.name, "proc:/", 6)) { 732 + kfree(exename.name); 733 + exename.name = NULL; 734 + } 727 735 if (!exename.name) { 728 - /* Fallback to realpath if symlink's pathname does not exist. */ 729 736 exename.name = tomoyo_realpath_from_path(&bprm->file->f_path); 730 737 if (!exename.name) 731 738 goto out;