diff for duplicates of <1502982275.3172.17.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 816bbea..b80b1ab 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -28,7 +28,7 @@ On Fri, 2017-08-04 at 19:03 -0300, Thiago Jung Bauermann wrote: > Signed-off-by: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com> Other than the appended signature not being properly included in the -measurement list, the patch seems to be working.  This patch is on the +measurement list, the patch seems to be working. This patch is on the rather large size. Could you go back and break this patch up into smaller, more concise patches, with clear patch descriptions (eg. separate code cleanup from changes, new policy option, code for @@ -313,10 +313,10 @@ Mimi > > - status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); > - if ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) { -> - if ((status = INTEGRITY_NOLABEL) -> - || (status = INTEGRITY_NOXATTRS)) +> - if ((status == INTEGRITY_NOLABEL) +> - || (status == INTEGRITY_NOXATTRS)) > - cause = "missing-HMAC"; -> - else if (status = INTEGRITY_FAIL) +> - else if (status == INTEGRITY_FAIL) > - cause = "invalid-HMAC"; > + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, NULL, 0, iint); > + switch (status) { @@ -386,7 +386,7 @@ Mimi > + goto retry; > + } > + -> + if (rc = -EOPNOTSUPP) +> + if (rc == -EOPNOTSUPP) > + status = INTEGRITY_UNKNOWN; > + else if (rc) { > + cause = "invalid-signature"; @@ -405,12 +405,12 @@ Mimi > + xattr_value->type != IMA_MODSIG))) { > if (!ima_fix_xattr(dentry, iint)) > status = INTEGRITY_PASS; -> } else if ((inode->i_size = 0) && +> } else if ((inode->i_size == 0) && > (iint->flags & IMA_NEW_FILE) && > (xattr_value && -> - xattr_value->type = EVM_IMA_XATTR_DIGSIG)) { -> + (xattr_value->type = EVM_IMA_XATTR_DIGSIG || -> + xattr_value->type = IMA_MODSIG))) { +> - xattr_value->type == EVM_IMA_XATTR_DIGSIG)) { +> + (xattr_value->type == EVM_IMA_XATTR_DIGSIG || +> + xattr_value->type == IMA_MODSIG))) { > status = INTEGRITY_PASS; > } > integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename, @@ -423,14 +423,14 @@ Mimi > > result = ima_protect_xattr(dentry, xattr_name, xattr_value, > @@ -405,8 +525,10 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, -> if (result = 1) { +> if (result == 1) { > if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) > return -EINVAL; > - ima_reset_appraise_flags(d_backing_inode(dentry), -> - (xvalue->type = EVM_IMA_XATTR_DIGSIG) ? 1 : 0); +> - (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0); > + -> + digsig = xvalue->type = EVM_IMA_XATTR_DIGSIG || -> + xvalue->type = IMA_MODSIG; +> + digsig = xvalue->type == EVM_IMA_XATTR_DIGSIG || +> + xvalue->type == IMA_MODSIG; > + ima_reset_appraise_flags(d_backing_inode(dentry), digsig); > result = 0; > } @@ -636,7 +636,7 @@ Mimi > + if (!hdr) > + return; > + -> + if (hdr->type = IMA_MODSIG) { +> + if (hdr->type == IMA_MODSIG) { > + struct modsig_hdr *modsig = (struct modsig_hdr *) hdr; > + > + pkcs7_free_message(modsig->pkcs7_msg); @@ -652,11 +652,11 @@ Mimi > } > > ima_log_string(ab, "appraise_type", args[0].from); -> - if ((strcmp(args[0].from, "imasig")) = 0) -> + if (strcmp(args[0].from, "imasig") = 0) +> - if ((strcmp(args[0].from, "imasig")) == 0) +> + if (strcmp(args[0].from, "imasig") == 0) > entry->flags |= IMA_DIGSIG_REQUIRED; > + else if (ima_hook_supports_modsig(entry->func) && -> + strcmp(args[0].from, "modsig|imasig") = 0) +> + strcmp(args[0].from, "modsig|imasig") == 0) > + entry->flags |= IMA_DIGSIG_REQUIRED > + | IMA_MODSIG_ALLOWED; > else @@ -720,7 +720,7 @@ Mimi > + * The xattr_value for IMA_MODSIG is a runtime structure containing > + * pointers. Get its raw data instead. > + */ -> + if (xattr_value->type = IMA_MODSIG) { +> + if (xattr_value->type == IMA_MODSIG) { > + rc = ima_modsig_serialize_data(xattr_value, &xattr_value, > + &xattr_len); > + if (rc) @@ -755,9 +755,4 @@ Mimi > + IMA_MODSIG, > IMA_XATTR_LAST > }; -> - --- -To unsubscribe from this list: send the line "unsubscribe keyrings" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html +> diff --git a/a/content_digest b/N1/content_digest index 2e32e32..486baad 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,7 +2,7 @@ "ref\020170804220330.30026-8-bauerman@linux.vnet.ibm.com\0" "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Subject\0Re: [PATCH v4 7/7] ima: Support module-style appended signatures for appraisal\0" - "Date\0Thu, 17 Aug 2017 15:04:35 +0000\0" + "Date\0Thu, 17 Aug 2017 11:04:35 -0400\0" "To\0Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>" " linux-security-module@vger.kernel.org\0" "Cc\0linux-ima-devel@lists.sourceforge.net" @@ -53,7 +53,7 @@ "> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>\n" "\n" "Other than the appended signature not being properly included in the\n" - "measurement list, the patch seems to be working. \342\224\254\303\241This patch is on the\n" + "measurement list, the patch seems to be working. \302\240This patch is on the\n" "rather large size. Could you go back and break this patch up into\n" "smaller, more concise patches, with clear patch descriptions (eg.\n" "separate code cleanup from changes, new policy option, code for\n" @@ -338,10 +338,10 @@ "> \n" "> -\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);\n" "> -\tif ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) {\n" - "> -\t\tif ((status = INTEGRITY_NOLABEL)\n" - "> -\t\t || (status = INTEGRITY_NOXATTRS))\n" + "> -\t\tif ((status == INTEGRITY_NOLABEL)\n" + "> -\t\t || (status == INTEGRITY_NOXATTRS))\n" "> -\t\t\tcause = \"missing-HMAC\";\n" - "> -\t\telse if (status = INTEGRITY_FAIL)\n" + "> -\t\telse if (status == INTEGRITY_FAIL)\n" "> -\t\t\tcause = \"invalid-HMAC\";\n" "> +\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, NULL, 0, iint);\n" "> +\tswitch (status) {\n" @@ -411,7 +411,7 @@ "> +\t\t\tgoto retry;\n" "> +\t\t}\n" "> +\n" - "> +\t\tif (rc = -EOPNOTSUPP)\n" + "> +\t\tif (rc == -EOPNOTSUPP)\n" "> +\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\telse if (rc) {\n" "> +\t\t\tcause = \"invalid-signature\";\n" @@ -430,12 +430,12 @@ "> +\t\t xattr_value->type != IMA_MODSIG))) {\n" "> \t\t\tif (!ima_fix_xattr(dentry, iint))\n" "> \t\t\t\tstatus = INTEGRITY_PASS;\n" - "> \t\t} else if ((inode->i_size = 0) &&\n" + "> \t\t} else if ((inode->i_size == 0) &&\n" "> \t\t\t (iint->flags & IMA_NEW_FILE) &&\n" "> \t\t\t (xattr_value &&\n" - "> -\t\t\t xattr_value->type = EVM_IMA_XATTR_DIGSIG)) {\n" - "> +\t\t\t (xattr_value->type = EVM_IMA_XATTR_DIGSIG ||\n" - "> +\t\t\t xattr_value->type = IMA_MODSIG))) {\n" + "> -\t\t\t xattr_value->type == EVM_IMA_XATTR_DIGSIG)) {\n" + "> +\t\t\t (xattr_value->type == EVM_IMA_XATTR_DIGSIG ||\n" + "> +\t\t\t xattr_value->type == IMA_MODSIG))) {\n" "> \t\t\tstatus = INTEGRITY_PASS;\n" "> \t\t}\n" "> \t\tintegrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,\n" @@ -448,14 +448,14 @@ "> \n" "> \tresult = ima_protect_xattr(dentry, xattr_name, xattr_value,\n" "> @@ -405,8 +525,10 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,\n" - "> \tif (result = 1) {\n" + "> \tif (result == 1) {\n" "> \t\tif (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))\n" "> \t\t\treturn -EINVAL;\n" "> -\t\tima_reset_appraise_flags(d_backing_inode(dentry),\n" - "> -\t\t\t (xvalue->type = EVM_IMA_XATTR_DIGSIG) ? 1 : 0);\n" + "> -\t\t\t (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);\n" "> +\n" - "> +\t\tdigsig = xvalue->type = EVM_IMA_XATTR_DIGSIG ||\n" - "> +\t\t\t\txvalue->type = IMA_MODSIG;\n" + "> +\t\tdigsig = xvalue->type == EVM_IMA_XATTR_DIGSIG ||\n" + "> +\t\t\t\txvalue->type == IMA_MODSIG;\n" "> +\t\tima_reset_appraise_flags(d_backing_inode(dentry), digsig);\n" "> \t\tresult = 0;\n" "> \t}\n" @@ -661,7 +661,7 @@ "> +\tif (!hdr)\n" "> +\t\treturn;\n" "> +\n" - "> +\tif (hdr->type = IMA_MODSIG) {\n" + "> +\tif (hdr->type == IMA_MODSIG) {\n" "> +\t\tstruct modsig_hdr *modsig = (struct modsig_hdr *) hdr;\n" "> +\n" "> +\t\tpkcs7_free_message(modsig->pkcs7_msg);\n" @@ -677,11 +677,11 @@ "> \t\t\t}\n" "> \n" "> \t\t\tima_log_string(ab, \"appraise_type\", args[0].from);\n" - "> -\t\t\tif ((strcmp(args[0].from, \"imasig\")) = 0)\n" - "> +\t\t\tif (strcmp(args[0].from, \"imasig\") = 0)\n" + "> -\t\t\tif ((strcmp(args[0].from, \"imasig\")) == 0)\n" + "> +\t\t\tif (strcmp(args[0].from, \"imasig\") == 0)\n" "> \t\t\t\tentry->flags |= IMA_DIGSIG_REQUIRED;\n" "> +\t\t\telse if (ima_hook_supports_modsig(entry->func) &&\n" - "> +\t\t\t\t strcmp(args[0].from, \"modsig|imasig\") = 0)\n" + "> +\t\t\t\t strcmp(args[0].from, \"modsig|imasig\") == 0)\n" "> +\t\t\t\tentry->flags |= IMA_DIGSIG_REQUIRED\n" "> +\t\t\t\t\t\t| IMA_MODSIG_ALLOWED;\n" "> \t\t\telse\n" @@ -745,7 +745,7 @@ "> +\t * The xattr_value for IMA_MODSIG is a runtime structure containing\n" "> +\t * pointers. Get its raw data instead.\n" "> +\t */\n" - "> +\tif (xattr_value->type = IMA_MODSIG) {\n" + "> +\tif (xattr_value->type == IMA_MODSIG) {\n" "> +\t\trc = ima_modsig_serialize_data(xattr_value, &xattr_value,\n" "> +\t\t\t\t\t &xattr_len);\n" "> +\t\tif (rc)\n" @@ -780,11 +780,6 @@ "> +\tIMA_MODSIG,\n" "> \tIMA_XATTR_LAST\n" "> };\n" - "> \n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe keyrings\" in\n" - "the body of a message to majordomo@vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + > -47ba23d6ab78e2aade786c8f3629cd0b03e9c0ab09d8e3bde903eb0c217929cb +6087fc25ffd6a3bd28a2e14cf1814b1fc9f76866dd9b572dca88f7a1784546f5
diff --git a/a/1.txt b/N2/1.txt index 816bbea..1260db4 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -28,7 +28,7 @@ On Fri, 2017-08-04 at 19:03 -0300, Thiago Jung Bauermann wrote: > Signed-off-by: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com> Other than the appended signature not being properly included in the -measurement list, the patch seems to be working.  This patch is on the +measurement list, the patch seems to be working. ?This patch is on the rather large size. Could you go back and break this patch up into smaller, more concise patches, with clear patch descriptions (eg. separate code cleanup from changes, new policy option, code for @@ -313,10 +313,10 @@ Mimi > > - status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); > - if ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) { -> - if ((status = INTEGRITY_NOLABEL) -> - || (status = INTEGRITY_NOXATTRS)) +> - if ((status == INTEGRITY_NOLABEL) +> - || (status == INTEGRITY_NOXATTRS)) > - cause = "missing-HMAC"; -> - else if (status = INTEGRITY_FAIL) +> - else if (status == INTEGRITY_FAIL) > - cause = "invalid-HMAC"; > + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, NULL, 0, iint); > + switch (status) { @@ -386,7 +386,7 @@ Mimi > + goto retry; > + } > + -> + if (rc = -EOPNOTSUPP) +> + if (rc == -EOPNOTSUPP) > + status = INTEGRITY_UNKNOWN; > + else if (rc) { > + cause = "invalid-signature"; @@ -405,12 +405,12 @@ Mimi > + xattr_value->type != IMA_MODSIG))) { > if (!ima_fix_xattr(dentry, iint)) > status = INTEGRITY_PASS; -> } else if ((inode->i_size = 0) && +> } else if ((inode->i_size == 0) && > (iint->flags & IMA_NEW_FILE) && > (xattr_value && -> - xattr_value->type = EVM_IMA_XATTR_DIGSIG)) { -> + (xattr_value->type = EVM_IMA_XATTR_DIGSIG || -> + xattr_value->type = IMA_MODSIG))) { +> - xattr_value->type == EVM_IMA_XATTR_DIGSIG)) { +> + (xattr_value->type == EVM_IMA_XATTR_DIGSIG || +> + xattr_value->type == IMA_MODSIG))) { > status = INTEGRITY_PASS; > } > integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename, @@ -423,14 +423,14 @@ Mimi > > result = ima_protect_xattr(dentry, xattr_name, xattr_value, > @@ -405,8 +525,10 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, -> if (result = 1) { +> if (result == 1) { > if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) > return -EINVAL; > - ima_reset_appraise_flags(d_backing_inode(dentry), -> - (xvalue->type = EVM_IMA_XATTR_DIGSIG) ? 1 : 0); +> - (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0); > + -> + digsig = xvalue->type = EVM_IMA_XATTR_DIGSIG || -> + xvalue->type = IMA_MODSIG; +> + digsig = xvalue->type == EVM_IMA_XATTR_DIGSIG || +> + xvalue->type == IMA_MODSIG; > + ima_reset_appraise_flags(d_backing_inode(dentry), digsig); > result = 0; > } @@ -636,7 +636,7 @@ Mimi > + if (!hdr) > + return; > + -> + if (hdr->type = IMA_MODSIG) { +> + if (hdr->type == IMA_MODSIG) { > + struct modsig_hdr *modsig = (struct modsig_hdr *) hdr; > + > + pkcs7_free_message(modsig->pkcs7_msg); @@ -652,11 +652,11 @@ Mimi > } > > ima_log_string(ab, "appraise_type", args[0].from); -> - if ((strcmp(args[0].from, "imasig")) = 0) -> + if (strcmp(args[0].from, "imasig") = 0) +> - if ((strcmp(args[0].from, "imasig")) == 0) +> + if (strcmp(args[0].from, "imasig") == 0) > entry->flags |= IMA_DIGSIG_REQUIRED; > + else if (ima_hook_supports_modsig(entry->func) && -> + strcmp(args[0].from, "modsig|imasig") = 0) +> + strcmp(args[0].from, "modsig|imasig") == 0) > + entry->flags |= IMA_DIGSIG_REQUIRED > + | IMA_MODSIG_ALLOWED; > else @@ -720,7 +720,7 @@ Mimi > + * The xattr_value for IMA_MODSIG is a runtime structure containing > + * pointers. Get its raw data instead. > + */ -> + if (xattr_value->type = IMA_MODSIG) { +> + if (xattr_value->type == IMA_MODSIG) { > + rc = ima_modsig_serialize_data(xattr_value, &xattr_value, > + &xattr_len); > + if (rc) @@ -758,6 +758,6 @@ Mimi > -- -To unsubscribe from this list: send the line "unsubscribe keyrings" in -the body of a message to majordomo@vger.kernel.org +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 2e32e32..387bb4a 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,26 +1,9 @@ "ref\020170804220330.30026-1-bauerman@linux.vnet.ibm.com\0" "ref\020170804220330.30026-8-bauerman@linux.vnet.ibm.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [PATCH v4 7/7] ima: Support module-style appended signatures for appraisal\0" - "Date\0Thu, 17 Aug 2017 15:04:35 +0000\0" - "To\0Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>" - " linux-security-module@vger.kernel.org\0" - "Cc\0linux-ima-devel@lists.sourceforge.net" - keyrings@vger.kernel.org - linux-crypto@vger.kernel.org - linuxppc-dev@lists.ozlabs.org - linux-kernel@vger.kernel.org - Dmitry Kasatkin <dmitry.kasatkin@gmail.com> - James Morris <james.l.morris@oracle.com> - Serge E. Hallyn <serge@hallyn.com> - David Howells <dhowells@redhat.com> - David Woodhouse <dwmw2@infradead.org> - Jessica Yu <jeyu@redhat.com> - Rusty Russell <rusty@rustcorp.com.au> - Herbert Xu <herbert@gondor.apana.org.au> - David S. Miller <davem@davemloft.net> - AKASHI - " Takahiro <takahiro.akashi@linaro.org>\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[PATCH v4 7/7] ima: Support module-style appended signatures for appraisal\0" + "Date\0Thu, 17 Aug 2017 11:04:35 -0400\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Fri, 2017-08-04 at 19:03 -0300, Thiago Jung Bauermann wrote:\n" @@ -53,7 +36,7 @@ "> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>\n" "\n" "Other than the appended signature not being properly included in the\n" - "measurement list, the patch seems to be working. \342\224\254\303\241This patch is on the\n" + "measurement list, the patch seems to be working. ?This patch is on the\n" "rather large size. Could you go back and break this patch up into\n" "smaller, more concise patches, with clear patch descriptions (eg.\n" "separate code cleanup from changes, new policy option, code for\n" @@ -338,10 +321,10 @@ "> \n" "> -\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);\n" "> -\tif ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) {\n" - "> -\t\tif ((status = INTEGRITY_NOLABEL)\n" - "> -\t\t || (status = INTEGRITY_NOXATTRS))\n" + "> -\t\tif ((status == INTEGRITY_NOLABEL)\n" + "> -\t\t || (status == INTEGRITY_NOXATTRS))\n" "> -\t\t\tcause = \"missing-HMAC\";\n" - "> -\t\telse if (status = INTEGRITY_FAIL)\n" + "> -\t\telse if (status == INTEGRITY_FAIL)\n" "> -\t\t\tcause = \"invalid-HMAC\";\n" "> +\tstatus = evm_verifyxattr(dentry, XATTR_NAME_IMA, NULL, 0, iint);\n" "> +\tswitch (status) {\n" @@ -411,7 +394,7 @@ "> +\t\t\tgoto retry;\n" "> +\t\t}\n" "> +\n" - "> +\t\tif (rc = -EOPNOTSUPP)\n" + "> +\t\tif (rc == -EOPNOTSUPP)\n" "> +\t\t\tstatus = INTEGRITY_UNKNOWN;\n" "> +\t\telse if (rc) {\n" "> +\t\t\tcause = \"invalid-signature\";\n" @@ -430,12 +413,12 @@ "> +\t\t xattr_value->type != IMA_MODSIG))) {\n" "> \t\t\tif (!ima_fix_xattr(dentry, iint))\n" "> \t\t\t\tstatus = INTEGRITY_PASS;\n" - "> \t\t} else if ((inode->i_size = 0) &&\n" + "> \t\t} else if ((inode->i_size == 0) &&\n" "> \t\t\t (iint->flags & IMA_NEW_FILE) &&\n" "> \t\t\t (xattr_value &&\n" - "> -\t\t\t xattr_value->type = EVM_IMA_XATTR_DIGSIG)) {\n" - "> +\t\t\t (xattr_value->type = EVM_IMA_XATTR_DIGSIG ||\n" - "> +\t\t\t xattr_value->type = IMA_MODSIG))) {\n" + "> -\t\t\t xattr_value->type == EVM_IMA_XATTR_DIGSIG)) {\n" + "> +\t\t\t (xattr_value->type == EVM_IMA_XATTR_DIGSIG ||\n" + "> +\t\t\t xattr_value->type == IMA_MODSIG))) {\n" "> \t\t\tstatus = INTEGRITY_PASS;\n" "> \t\t}\n" "> \t\tintegrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,\n" @@ -448,14 +431,14 @@ "> \n" "> \tresult = ima_protect_xattr(dentry, xattr_name, xattr_value,\n" "> @@ -405,8 +525,10 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,\n" - "> \tif (result = 1) {\n" + "> \tif (result == 1) {\n" "> \t\tif (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))\n" "> \t\t\treturn -EINVAL;\n" "> -\t\tima_reset_appraise_flags(d_backing_inode(dentry),\n" - "> -\t\t\t (xvalue->type = EVM_IMA_XATTR_DIGSIG) ? 1 : 0);\n" + "> -\t\t\t (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);\n" "> +\n" - "> +\t\tdigsig = xvalue->type = EVM_IMA_XATTR_DIGSIG ||\n" - "> +\t\t\t\txvalue->type = IMA_MODSIG;\n" + "> +\t\tdigsig = xvalue->type == EVM_IMA_XATTR_DIGSIG ||\n" + "> +\t\t\t\txvalue->type == IMA_MODSIG;\n" "> +\t\tima_reset_appraise_flags(d_backing_inode(dentry), digsig);\n" "> \t\tresult = 0;\n" "> \t}\n" @@ -661,7 +644,7 @@ "> +\tif (!hdr)\n" "> +\t\treturn;\n" "> +\n" - "> +\tif (hdr->type = IMA_MODSIG) {\n" + "> +\tif (hdr->type == IMA_MODSIG) {\n" "> +\t\tstruct modsig_hdr *modsig = (struct modsig_hdr *) hdr;\n" "> +\n" "> +\t\tpkcs7_free_message(modsig->pkcs7_msg);\n" @@ -677,11 +660,11 @@ "> \t\t\t}\n" "> \n" "> \t\t\tima_log_string(ab, \"appraise_type\", args[0].from);\n" - "> -\t\t\tif ((strcmp(args[0].from, \"imasig\")) = 0)\n" - "> +\t\t\tif (strcmp(args[0].from, \"imasig\") = 0)\n" + "> -\t\t\tif ((strcmp(args[0].from, \"imasig\")) == 0)\n" + "> +\t\t\tif (strcmp(args[0].from, \"imasig\") == 0)\n" "> \t\t\t\tentry->flags |= IMA_DIGSIG_REQUIRED;\n" "> +\t\t\telse if (ima_hook_supports_modsig(entry->func) &&\n" - "> +\t\t\t\t strcmp(args[0].from, \"modsig|imasig\") = 0)\n" + "> +\t\t\t\t strcmp(args[0].from, \"modsig|imasig\") == 0)\n" "> +\t\t\t\tentry->flags |= IMA_DIGSIG_REQUIRED\n" "> +\t\t\t\t\t\t| IMA_MODSIG_ALLOWED;\n" "> \t\t\telse\n" @@ -745,7 +728,7 @@ "> +\t * The xattr_value for IMA_MODSIG is a runtime structure containing\n" "> +\t * pointers. Get its raw data instead.\n" "> +\t */\n" - "> +\tif (xattr_value->type = IMA_MODSIG) {\n" + "> +\tif (xattr_value->type == IMA_MODSIG) {\n" "> +\t\trc = ima_modsig_serialize_data(xattr_value, &xattr_value,\n" "> +\t\t\t\t\t &xattr_len);\n" "> +\t\tif (rc)\n" @@ -783,8 +766,8 @@ "> \n" "\n" "--\n" - "To unsubscribe from this list: send the line \"unsubscribe keyrings\" in\n" - "the body of a message to majordomo@vger.kernel.org\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" More majordomo info at http://vger.kernel.org/majordomo-info.html -47ba23d6ab78e2aade786c8f3629cd0b03e9c0ab09d8e3bde903eb0c217929cb +5ec414e0dda682f9c51d68a3b455b8f97ce6aa6e82dd168565ce77ee6f6aa26d
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.