From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Subject: Re: [PATCH] evm: labeling pseudo filesystems exception
Date: Tue, 28 Jul 2015 18:32:23 -0400 [thread overview]
Message-ID: <1438122743.3039.74.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20150728220110.GA13914@kroah.com>
On Tue, 2015-07-28 at 15:01 -0700, Greg KH wrote:
> On Tue, Jul 28, 2015 at 05:33:10PM -0400, Mimi Zohar wrote:
> > To prevent offline stripping of existing file xattrs and relabeling of
> > them at runtime, EVM allows only newly created files to be labeled. As
> > pseudo filesystems are not persistent, stripping of xattrs is not a
> > concern.
> >
> > Some LSMs defer file labeling on pseudo filesystems. This patch
> > permits the labeling of existing files on pseudo files systems.
> >
> > Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> > (cherry picked from commit 5101a1850bb7ccbf107929dee9af0cd2f400940f)
> > ---
> > security/integrity/evm/evm_main.c | 11 +++++++++++
> > 1 file changed, 11 insertions(+)
>
> What stable kernel version(s) do you want this applied to?
Commit "3dcbad5 evm: properly handle INTEGRITY_NOXATTRS EVM status"
changed how new files were identified, introducing the problem addressed
by this patch. Stable branches 4.1.y - 3.17.y and 3.14.y are affected.
Mimi
prev parent reply other threads:[~2015-07-28 22:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-28 21:33 [PATCH] evm: labeling pseudo filesystems exception Mimi Zohar
2015-07-28 22:01 ` Greg KH
2015-07-28 22:32 ` Mimi Zohar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1438122743.3039.74.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.