<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><style>body { line-height: 1.5; }blockquote { margin-top: 0px; margin-bottom: 0px; margin-left: 0.5em; }div.FoxDiv20210118190950008898 { }body { font-size: 14px; font-family: 'Microsoft YaHei UI'; color: rgb(0, 0, 0); line-height: 1.5; }</style></head><body>
<div><span></span>Right, smack is disabled in my system, and <span style="line-height: 1.5; background-color: transparent;">enabled </span><span style="line-height: 1.5; background-color: transparent;">appamor.</span></div><div><br></div><div><div>static int apparmor_getprocattr(struct task_struct *task, char *name,</div><div> char **value)</div><div>{</div><div> int error = -ENOENT;</div><div> /* released below */</div><div> const struct cred *cred = get_task_cred(task);</div><div> struct aa_task_ctx *ctx = task_ctx(current);</div><div> struct aa_label *label = NULL;</div><div> bool newline = true;</div><div><br></div><div> if (strcmp(name, "current") == 0)</div><div> label = aa_get_newest_label(cred_label(cred));</div><div> else if (strcmp(name, "prev") == 0 && ctx->previous) //HERE <span style="line-height: 1.5; background-color: transparent;">ctx->previous == NULL then return </span><span style="line-height: 1.5; background-color: transparent;">-EINVAL;</span></div><div> label = aa_get_newest_label(ctx->previous);</div><div> else if (strcmp(name, "exec") == 0 && ctx->onexec) <span style="line-height: 1.5; background-color: transparent;"> //HERE </span><span style="line-height: 1.5; background-color: transparent;">ctx-></span>onexec<span style="line-height: 1.5; background-color: transparent;"> == NULL then return </span><span style="line-height: 1.5; background-color: transparent;">-EINVAL;</span></div><div> label = aa_get_newest_label(ctx->onexec);</div><div> else if (strcmp(name, "context") == 0) {</div><div> label = aa_get_newest_label(cred_label(cred));</div><div> newline = false;</div><div> } else</div><div> error = -EINVAL;</div><div><br></div><div> if (label)</div><div> error = aa_getprocattr(label, value, newline);</div><div><br></div><div> aa_put_label(label);</div><div> put_cred(cred);</div><div><br></div><div> return error;</div><div>}</div></div><div><br></div><div>thanks for your direction.</div><div><br></div>
<blockquote style="margin-Top: 0px; margin-Bottom: 0px; margin-Left: 0.5em; margin-Right: inherit"><div> </div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm"><div style="PADDING-RIGHT: 8px; PADDING-LEFT: 8px; FONT-SIZE: 12px;FONT-FAMILY:tahoma;COLOR:#000000; BACKGROUND: #efefef; PADDING-BOTTOM: 8px; PADDING-TOP: 8px"><div><b>From:</b> <a href="mailto:jstancek@redhat.com">Jan Stancek</a></div><div><b>Date:</b> 2021-01-18 19:04</div><div><b>To:</b> <a href="mailto:liuxp11@chinatelecom.cn">liuxp11</a></div><div><b>CC:</b> <a href="mailto:ltp@lists.linux.it">ltp</a>; <a href="mailto:lkml@jv-coder.de">lkml</a></div><div><b>Subject:</b> Re: [LTP] [PATCH] fs/proc01.c:add known issues</div></div></div><div><div class="FoxDiv20210118190950008898"><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div><br></div><hr id="zwchr"><blockquote style="border-left-width: 2px; border-left-style: solid; border-left-color: rgb(16, 16, 255); margin-left: 0.5em; padding-left: 5px; color: rgb(0, 0, 0); font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica, Arial, sans-serif; font-size: 12pt; margin-top: 0px; margin-bottom: 0px;"><div>thanks for good question.</div><div><br></div><div>i check the source linux-source-5.8.0,in filesecurity/smack/smack_lsm.c:<span style="line-height: 1.5; background-color: transparent;">smack_getprocattr</span></div><div>directly return <b style="line-height: 1.5; background-color: transparent;">-EINVAL.</b></div><div><br></div><div><div>static int smack_getprocattr(struct task_struct *p, char *name, char **value)</div><div>{</div><div> struct smack_known *skp = smk_of_task_struct(p);</div><div> char *cp;</div><div> int slen;</div><div><br></div><div><b> if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0)</b></div><div><b> return -EINVAL;</b></div></div></blockquote><div><br></div><div>That doesn't look correct, strcmp when reading "current" returns 0, so you condition above<br></div><div>shouldn't be hit.<br></div><div><br></div><div>I'm guessing you don't have smack enabled, and EINVAL is the default LSM ret value<br></div><div>in such case:<br></div><div><br></div><div><strong>LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, char *name,</strong><br><strong> char **value)</strong></div><div><br></div><div>int security_getprocattr(struct task_struct *p, const char *lsm, char *name,<br> char **value)<br>{<br> struct security_hook_list *hp;<br><br> hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) {<br> if (lsm != NULL && strcmp(lsm, hp->lsm))<br> continue;<br> return hp->hook.getprocattr(p, name, value);<br> }<br> <strong>return LSM_RET_DEFAULT(getprocattr);</strong><br>}</div><div><br></div><blockquote style="border-left-width: 2px; border-left-style: solid; border-left-color: rgb(16, 16, 255); margin-left: 0.5em; padding-left: 5px; color: rgb(0, 0, 0); font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica, Arial, sans-serif; font-size: 12pt; margin-top: 0px; margin-bottom: 0px;"><div><br></div><div><div> cp = kstrdup(skp->smk_known, GFP_KERNEL);</div><div> if (cp == NULL)</div><div> return -ENOMEM;</div><div><br></div><div> slen = strlen(cp);</div><div> *value = cp;</div><div> return slen;</div><div>}</div></div><div><br></div><div><br></div><blockquote style="margin-Top: 0px; margin-Bottom: 0px; margin-Left: 0.5em; margin-Right: inherit"><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm"><div style="PADDING-RIGHT: 8px; PADDING-LEFT: 8px; FONT-SIZE: 12px;FONT-FAMILY:tahoma;COLOR:#000000; BACKGROUND: #efefef; PADDING-BOTTOM: 8px; PADDING-TOP: 8px"><div><b>From:</b><a href="mailto:jstancek@redhat.com" target="_blank">Jan Stancek</a><br data-mce-bogus="1"></div><div><b>Date:</b> 2021-01-15 22:54</div><div><b>To:</b><a href="mailto:liuxp11@chinatelecom.cn" target="_blank">Xinpeng Liu</a><br data-mce-bogus="1"></div><div><b>CC:</b><a href="mailto:ltp@lists.linux.it" target="_blank">ltp</a><br data-mce-bogus="1"></div><div><b>Subject:</b> Re: [LTP] [PATCH] fs/proc01.c:add known issues</div></div></div><div><div>----- Original Message -----</div><div>> Test in ubuntu20.10,there are several failure tests.</div><div>> </div><div>> proc01 1 TFAIL : proc01.c:396: read failed:</div><div>> /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument</div><div>> proc01 2 TFAIL : proc01.c:396: read failed:</div><div>> /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument</div><div>> proc01 3 TFAIL : proc01.c:396: read failed:</div><div>> /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument</div><div>> proc01 4 TFAIL : proc01.c:396: read failed:</div><div>> /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument</div><div>> proc01 5 TFAIL : proc01.c:396: read failed:</div><div>> /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument</div><div>> proc01 6 TFAIL : proc01.c:396: read failed:</div><div>> /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument</div><div>I'm OK with ignoring it, but commit log could explain more why we get EINVAL</div><div>on read here.</div></div></blockquote></blockquote><div><br></div></div></div></div></blockquote>
</body></html>