From: Mimi Zohar <zohar@linux.ibm.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
linux-integrity <linux-integrity@vger.kernel.org>
Cc: LSM <linux-security-module@vger.kernel.org>
Subject: Re: evm_inode_init_security and module stacking
Date: Thu, 17 Jan 2019 21:31:29 -0500 [thread overview]
Message-ID: <1547778689.3982.20.camel@linux.ibm.com> (raw)
In-Reply-To: <f1a86814-716a-d02d-42ce-8ef64d680feb@schaufler-ca.com>
On Thu, 2019-01-17 at 16:47 -0800, Casey Schaufler wrote:
> security_inode_init_security() currently calls at most one
> of selinux_inode_init_security() and smack_inode_init_security().
> It then sends the result to evm_inode_init_security to create
> the security.evm attribute. This isn't going to work on a system
> that has both SELinux and Smack.
Calculating security.evm based on multiple xattrs sounded really
familiar. Looking back at the git log, 9d8f13ba3f48 ("security: new
security_inode_init_security API adds function callback") addressed
filesystems wanting to be able to write all the xattrs at the same
time and prepared for multiple LSM xattr support.
> I see two options:
> - create security.evm with the information from all
> security modules that provide inode_init_security hooks
> - create a separate attribute for each module,
> security.evm-selinux and security.evm-smack in the
> current case.
>
> How would you like to have it work? I am agnostic, although the
> separate attributes would be easier for the infrastructure.
Having separate attributes for each LSM module would require re-
calculating the hmac for each one, any time any of the other file
metadata changed. That doesn't sound like a good idea.
Mimi
next prev parent reply other threads:[~2019-01-18 2:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 0:47 evm_inode_init_security and module stacking Casey Schaufler
2019-01-18 2:31 ` Mimi Zohar [this message]
2019-01-18 18:49 ` Casey Schaufler
2019-01-20 16:42 ` Mimi Zohar
2019-01-20 18:54 ` Casey Schaufler
-- strict thread matches above, loose matches on Subject: below --
2017-08-19 0:14 Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1547778689.3982.20.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=casey@schaufler-ca.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.