selinux: randomize layout of key structures Randomize the layout of key selinux data structures. Initially this is applied to the selinux_state, selinux_ss, policydb, and task_security_struct data structures. NB To test/use this mechanism, one must install the necessary build-time dependencies, e.g. gcc-plugin-devel on Fedora, and enable CONFIG_GCC_PLUGIN_RANDSTRUCT in the kernel configuration. Signed-off-by: Stephen Smalley <[email protected]> Reviewed-by: Kees Cook <[email protected]> [PM: double semi-colon fixed] Signed-off-by: Paul Moore <[email protected]>

commit: 5c108d4e18f80be01965792726c81b105fbd677a [log] [tgz]
author: Stephen Smalley <[email protected]> Fri Dec 13 15:28:38 2019 -0500
committer: Paul Moore <[email protected]> Wed Dec 18 21:26:06 2019 -0500
tree: 5232e3ccd8383887072b4f8f3f7587e8ff237c99
parent: 6c5a682e6497cb1f7a67303ce098462a36bed362 [diff] [blame]
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index af623f0..ecdd610 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h

@@ -110,7 +110,7 @@ struct selinux_state {
 	bool policycap[__POLICYDB_CAPABILITY_MAX];
 	struct selinux_avc *avc;
 	struct selinux_ss *ss;
-};
+} __randomize_layout;
 
 void selinux_ss_init(struct selinux_ss **ss);
 void selinux_avc_init(struct selinux_avc **avc);
commit	5c108d4e18f80be01965792726c81b105fbd677a	[log] [tgz]
author	Stephen Smalley <[email protected]>	Fri Dec 13 15:28:38 2019 -0500
committer	Paul Moore <[email protected]>	Wed Dec 18 21:26:06 2019 -0500
tree	5232e3ccd8383887072b4f8f3f7587e8ff237c99
parent	6c5a682e6497cb1f7a67303ce098462a36bed362 [diff] [blame]