Some kernel stuff, discovered while developing Blare (development in progress).

Changes in LSM

There are a couple of articles introducing the LSM (Linux security modules) framework here and there, such as

• the Unixgarden article [FR]
• the linuxjournal articule
• the USENIX article from 2002

However, things have changed since the initial interface, and the LSM API is no longer the same.

I started to develop a LSM module for kernel version 2.6.22, and took the realtime_lsm module as an example. I then realized that things have changed since then, when I tried to compile it with newer kernel versions. Here is a non exhaustive list of changes :

The main changes were introduced in a serie of patches from David Howells in Nov. 2008, around the following commit :

commit a6f76f23d297f70e2a6b3ec607f7aeeea9e37e8d
     Author: David Howells <dhowells@redhat.com>
     Date:   Fri Nov 14 10:39:24 2008 +1100

This patch does, amongst other things, make changes to the LSM interface :

(*) security_bprm_alloc(), ->bprm_alloc_security()
(*) security_bprm_free(), ->bprm_free_security()

Removed in favour of preparing new credentials and modifying those.

(*) security_bprm_apply_creds(), ->bprm_apply_creds()
(*) security_bprm_post_apply_creds(), ->bprm_post_apply_creds()

Removed; split between security_bprm_set_creds(),
security_bprm_committing_creds() and security_bprm_committed_creds().

(*) security_bprm_set(), ->bprm_set_security()

Removed; folded into security_bprm_set_creds().

(*) security_bprm_set_creds(), ->bprm_set_creds()

 New. The new credentials in bprm->creds should be checked and set up
as appropriate.  bprm->cred_prepared is 0 on the first call, 1 on the
second and subsequent calls.

(*) security_bprm_committing_creds(), ->bprm_committing_creds()
(*) security_bprm_committed_creds(), ->bprm_committed_creds()

 New.  Apply the security effects of the new credentials.  This
includes closing unauthorised files in SELinux.  This function may not
fail.  When the former is called, the creds haven't yet been applied
to the process; when the latter is called, they have.

The former may access bprm->cred, the latter may not.
[...]

• LSM symbols are no longer exported to modules. You have to select which LSM “module” you want to use at compile time (for security reasons, rootkits …).
  Those are no longer exported (security.h) :
  EXPORT_SYMBOL_GPL(register_security);
  EXPORT_SYMBOL_GPL(unregister_security);
  EXPORT_SYMBOL_GPL(mod_reg_security);
  EXPORT_SYMBOL_GPL(mod_unreg_security);
  EXPORT_SYMBOL(security_ops);

• There is no void* security field attached to struct task_struct objects anymore…
  I found out that :
  “The way the kernel handles a tasks security credentials was changed in 2.6.29? (get commit number). All task credentials got coalesced into a single shared security structure. This necessitated a significant change on how AppArmor did locking and managed profiles associated with tasks.”
  https://apparmor.wiki.kernel.org/index.php/TechnicalDoc_Kernel

• RCU has been introduced

A good practice is to clone the git repo from kernel.org and work on a local branch. You can then easily pull changes and merge with your branch, and thus keep in sync with the newest versions.

Links

struct list_head

http://wiki.kldp.org/wiki.php/LinkedList
http://kernelnewbies.org/FAQ/LinkedLists
http://isis.poly.edu/kulesh/stuff/src/klist/

struct task_struct

http://linuxgazette.net/133/saha.html

Printk and logging

http://www.de-brauwer.be/wiki/wikka.php?wakka=printk

Git and kernel

http://linux.yyz.us/git-howto.html