search

cormander / tpe-lkm

Trusted Path Execution (TPE) Linux Kernel Module
Other
157 stars 55 forks source link

tpe.trusted_apps doesn't work #34

Open morfikov opened 5 years ago

morfikov commented 5 years ago

I'm just testing some of the module features and it looks like tpe.trusted_apps doesn't work on the 4.20.16-amd64 kernel. 

#  sysctl -a | grep  trust
tpe.trusted_apps = "/home/morfik/gems/bin/jekyll"
tpe.trusted_gid = 0
tpe.trusted_invert = 0
kernel: tpe: Denied untrusted exec of /home/morfik/gems/bin/jekyll (uid:1000) by /bin/zsh (uid:1000), parents: /bin/zsh (uid:1000), /usr/bin/tmux (uid:1000), /lib/systemd/systemd (uid:0). Deny reason: directory uid not trusted
kernel: tpe: If this exec was legitimate and you cannot correct the behavior, an exception can be made to allow this by running; setfattr -n security.tpe -v "soften_exec:soften_mmap" /home/morfik/gems/bin/jekyll. To silence this message, run; sysctl tpe.log_verbose = 0
kernel: tpe: Denied untrusted exec of /home/morfik/gems/bin/jekyll (uid:1000) by /bin/zsh (uid:1000), parents: /bin/zsh (uid:1000), /usr/bin/tmux (uid:1000), /lib/systemd/systemd (uid:0). Deny reason: directory uid not trusted
kernel: tpe: If this exec was legitimate and you cannot correct the behavior, an exception can be made to allow this by running; setfattr -n security.tpe -v "soften_exec:soften_mmap" /home/morfik/gems/bin/jekyll. To silence this message, run; sysctl tpe.log_verbose = 0

But using setfattr -n security.tpe -v "soften_exec:soften_mmap" works well, so only tpe.trusted_apps doesn't work.

luhaiyong commented 3 years ago

tpe.trusted_apps = /home/morfik/gems/bin/jekyll