From: david safford <safford@watson.ibm.com>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
Serge Hallyn <serue@linux.vnet.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH 2/3] integrity: Linux Integrity Module(LIM)
Date: Tue, 14 Oct 2008 13:06:31 -0400 [thread overview]
Message-ID: <1224003991.3089.65.camel@localhost.localdomain> (raw)
In-Reply-To: <20081014155359.GC12330@us.ibm.com>
On Tue, 2008-10-14 at 10:53 -0500, Serge E. Hallyn wrote:
> Quoting david safford (safford@watson.ibm.com):
> > On Tue, 2008-10-14 at 09:28 -0400, Christoph Hellwig wrote:
> > > > int vfs_permission(struct nameidata *nd, int mask)
> > > > {
> > > > - return inode_permission(nd->path.dentry->d_inode, mask);
> > > > + int retval;
> > > > +
> > > > + retval = inode_permission(nd->path.dentry->d_inode, mask);
> > > > + if (retval)
> > > > + return retval;
> > > > + return integrity_inode_permission(NULL, &nd->path,
> > > > + mask & (MAY_READ | MAY_WRITE |
> > > > + MAY_EXEC));
> > > > }
> > > >
> > > > /**
> > > > @@ -306,7 +314,14 @@ int vfs_permission(struct nameidata *nd, int mask)
> > > > */
> > > > int file_permission(struct file *file, int mask)
> > > > {
> > > > - return inode_permission(file->f_path.dentry->d_inode, mask);
> > > > + int retval;
> > > > +
> > > > + retval = inode_permission(file->f_path.dentry->d_inode, mask);
> > > > + if (retval)
> > > > + return retval;
> > > > + return integrity_inode_permission(file, NULL,
> > > > + mask & (MAY_READ | MAY_WRITE |
> > > > + MAY_EXEC));
> > >
> > > Please don't add anything here as these two wrappers will go away.
> > > Please only make decisions based on what you get in inode_permission().
> >
> > Hmm... As Mimi mentioned in the last review, we really need access
> > to a path, which is not available in inode_permission. (Note the
> > path is not used to make any integrity decision, but is recorded along
> > with the measurement to help with the integrity analysis by a third
> > party verifier.) Yes, there are other callers without path information,
> > but getting a path here covers the bulk of the measurements.
> >
> > Is there some other alternative, other than this, or passing the
> > dentry into inode_permission, which was also rejected?
>
> Whatever happened to the patch Mimi had floated to use the audit
> subsystem to output a pathname? I thought that was pretty neat,
> and it made particularly clear the the pathname was purely
> informational.
>
> -serge
I'll double check with Mimi, but my recollection is that using the
audit pathnames was nice, in that it returned a full path as a hint,
not just a dentry filename, but that the audit system often did not
have a path yet, so both the dentry name and the audit path were
desirable.
dave
next prev parent reply other threads:[~2008-10-14 17:07 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-13 17:17 [PATCH 0/3] integrity Mimi Zohar
2008-10-13 17:17 ` [PATCH 1/3] integrity: TPM internel kernel interface Mimi Zohar
2008-10-14 22:23 ` Serge E. Hallyn
2008-10-22 12:47 ` Rajiv Andrade
2008-10-22 14:49 ` Serge E. Hallyn
2008-10-24 20:16 ` Rajiv Andrade
2008-10-24 20:31 ` Serge E. Hallyn
2008-10-13 17:17 ` [PATCH 2/3] integrity: Linux Integrity Module(LIM) Mimi Zohar
2008-10-14 13:28 ` Christoph Hellwig
2008-10-14 15:27 ` david safford
2008-10-14 15:53 ` Serge E. Hallyn
2008-10-14 17:06 ` david safford [this message]
2008-10-20 15:12 ` Serge E. Hallyn
2008-10-24 14:47 ` Mimi Zohar
2008-10-31 16:22 ` Serge E. Hallyn
2008-10-31 16:51 ` Dave Hansen
2008-10-31 19:48 ` Mimi Zohar
2008-10-14 23:27 ` Serge E. Hallyn
2008-10-31 16:40 ` Dave Hansen
2008-10-31 19:35 ` Mimi Zohar
2008-10-31 21:02 ` Dave Hansen
2008-11-02 22:57 ` Serge E. Hallyn
2008-10-13 17:17 ` [PATCH 3/3] integrity: IMA as an integrity service provider Mimi Zohar
2008-10-15 3:32 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1224003991.3089.65.camel@localhost.localdomain \
--to=safford@watson.ibm.com \
--cc=hch@infradead.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@linux.vnet.ibm.com \
--cc=serue@us.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.