From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: James Morris <jmorris@namei.org>
Cc: Andreas Gruenbacher <agruenba@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org,
Tyler Hicks <tyhicks@canonical.com>,
ecryptfs@vger.kernel.org, Miklos Szeredi <miklos@szeredi.hu>,
linux-unionfs@vger.kernel.org,
linux-ima-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org,
David Howells <dhowells@redhat.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
Casey Schaufler <casey@schaufler-ca.com>,
Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>
Subject: Re: [PATCH v2 10/18] evm: Turn evm_update_evmxattr into void function
Date: Wed, 25 May 2016 07:08:10 -0400 [thread overview]
Message-ID: <1464174490.2763.146.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <alpine.LRH.2.20.1605251528430.13567@namei.org>
On Wed, 2016-05-25 at 15:30 +1000, James Morris wrote:
> On Fri, 20 May 2016, Andreas Gruenbacher wrote:
>
> > The return value of evm_update_evmxattr is never used.
> >
> > Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
>
> As I mentioned last time, the EVM code is silently ignoring errors here,
> and I'd prefer to see that fixed.
Agreed. evm_update_evmxattr() is called as a result of a "protected"
xattr or some other file metadata having been modified. The two actions
need to remain in sync, otherwise subsequent file access will be denied.
At the point that evm_update_evmxattr() fails, there isn't much that can
be done other than audit the failure. The file metadata has already
been modified.
Mimi
next prev parent reply other threads:[~2016-05-25 11:08 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-20 11:14 [PATCH v2 00/18] Xattr inode operation removal Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 01/18] xattr: Remove unnecessary NULL attribute name check Andreas Gruenbacher
2016-05-26 12:49 ` Carlos Maiolino
2016-05-20 11:14 ` [PATCH v2 02/18] jffs2: Remove jffs2_{get,set,remove}xattr macros Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 03/18] hfs: Switch to generic xattr handlers Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 04/18] kernfs: " Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 05/18] sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 06/18] sockfs: Get rid of getxattr iop Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 07/18] ecryptfs: Switch to generic xattr handlers Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 08/18] overlayfs: " Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 09/18] fuse: " Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 10/18] evm: Turn evm_update_evmxattr into void function Andreas Gruenbacher
2016-05-25 5:30 ` James Morris
2016-05-25 11:08 ` Mimi Zohar [this message]
2016-05-20 11:14 ` [PATCH v2 11/18] vfs: Move xattr_resolve_name to the front of fs/xattr.c Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 12/18] vfs: Add IOP_XATTR inode operations flag Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 13/18] vfs: Use IOP_XATTR flag for bad-inode handling Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 14/18] libfs: Use IOP_XATTR flag for empty directory handling Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 15/18] xattr: Add __vfs_{get,set,remove}xattr helpers Andreas Gruenbacher
2016-05-25 5:38 ` James Morris
2016-05-20 11:14 ` [PATCH v2 16/18] vfs: Check for the IOP_XATTR flag in listxattr Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 17/18] xattr: Stop calling {get,set,remove}xattr inode operations Andreas Gruenbacher
2016-05-20 11:14 ` [PATCH v2 18/18] vfs: Remove " Andreas Gruenbacher
2016-05-26 19:39 ` [PATCH v2 00/18] Xattr inode operation removal Carlos Maiolino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1464174490.2763.146.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=agruenba@redhat.com \
--cc=andreas.dilger@intel.com \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=ecryptfs@vger.kernel.org \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=oleg.drokin@intel.com \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=tyhicks@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.