[PATCH v14 00/23] LSM: Module stacking for AppArmor

[Casey Schaufler]

On 1/27/2020 8:14 AM, Stephen Smalley wrote:
> On 1/24/20 4:49 PM, Casey Schaufler wrote:
>> On 1/24/2020 1:04 PM, Stephen Smalley wrote:
>>> On 1/23/20 7:22 PM, Casey Schaufler wrote:
>>>> This patchset provides the changes required for
>>>> the AppArmor security module to stack safely with any other.
>>>>
>>>> v14: Rebase to 5.5-rc5
>>>>        Incorporate feedback from v13
>>>>        - Use an array of audit rules (patch 0002)
>>>>        - Significant change, removed Acks (patch 0002)
>>>>        - Remove unneeded include (patch 0013)
>>>>        - Use context.len correctly (patch 0015)
>>>>        - Reorder code to be more sensible (patch 0016)
>>>>        - Drop SO_PEERCONTEXT as it's not needed yet (patch 0023)
>>>
>>> I don't know for sure if this is your bug, but it happens every time I boot with your patches applied and not at all on stock v5.5-rc5 so here it is.  Will try to bisect as time permits but not until next week. Trigger seems to be loading the tun driver.
>>
>> Thanks. I will have a look as well.
>
> Bisection led to the first patch in the series, "LSM: Infrastructure management of the sock security". Still not sure if the bug is in the patch itself or just being surfaced by it.

It looks like the tun code is making a private socket in tun_chr_open()
without initializing the sk_security member. It's possible that this used
to work implicitly, but I don't see how the change should have broken that.
Investigation continues.