selinux: randomize layout of key structures Randomize the layout of key selinux data structures. Initially this is applied to the selinux_state, selinux_ss, policydb, and task_security_struct data structures. NB To test/use this mechanism, one must install the necessary build-time dependencies, e.g. gcc-plugin-devel on Fedora, and enable CONFIG_GCC_PLUGIN_RANDSTRUCT in the kernel configuration. Signed-off-by: Stephen Smalley <[email protected]> Reviewed-by: Kees Cook <[email protected]> [PM: double semi-colon fixed] Signed-off-by: Paul Moore <[email protected]>

commit: 5c108d4e18f80be01965792726c81b105fbd677a [log] [tgz]
author: Stephen Smalley <[email protected]> Fri Dec 13 15:28:38 2019 -0500
committer: Paul Moore <[email protected]> Wed Dec 18 21:26:06 2019 -0500
tree: 5232e3ccd8383887072b4f8f3f7587e8ff237c99
parent: 6c5a682e6497cb1f7a67303ce098462a36bed362 [diff] [blame]
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index a4a86cb..330b7b6 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h

@@ -35,7 +35,7 @@ struct task_security_struct {
 	u32 create_sid;		/* fscreate SID */
 	u32 keycreate_sid;	/* keycreate SID */
 	u32 sockcreate_sid;	/* fscreate SID */
-};
+} __randomize_layout;
 
 enum label_initialized {
 	LABEL_INVALID,		/* invalid or not initialized */
commit	5c108d4e18f80be01965792726c81b105fbd677a	[log] [tgz]
author	Stephen Smalley <[email protected]>	Fri Dec 13 15:28:38 2019 -0500
committer	Paul Moore <[email protected]>	Wed Dec 18 21:26:06 2019 -0500
tree	5232e3ccd8383887072b4f8f3f7587e8ff237c99
parent	6c5a682e6497cb1f7a67303ce098462a36bed362 [diff] [blame]