From: Mimi Zohar <zohar@linux.ibm.com>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Goldwyn Rodrigues <rgoldwyn@suse.de>,
Ignaz Forster <iforster@suse.de>,
linux-integrity <linux-integrity@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Fabian Vogt <fvogt@suse.de>, Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH v2] ima: define ima_post_create_tmpfile() hook and add missing call
Date: Tue, 22 Jan 2019 10:43:09 -0500 [thread overview]
Message-ID: <1548171789.4038.6.camel@linux.ibm.com> (raw)
In-Reply-To: <CAOQ4uxjNhNFfFidjzi-8ywQPi54LdzT=LxwdSaX+H-ERS6Qwog@mail.gmail.com>
On Mon, 2019-01-21 at 14:29 +0200, Amir Goldstein wrote:
> On Mon, Jan 21, 2019 at 2:00 PM Mimi Zohar <zohar@linux.ibm.com> wrote:
> >
> > On Thu, 2019-01-17 at 15:34 -0600, Goldwyn Rodrigues wrote:
> > > On 13:47 18/12, Mimi Zohar wrote:
> > > > If tmpfiles can be made persistent, then newly created tmpfiles need to
> > > > be treated like any other new files in policy.
> > > >
> > > > This patch indicates which newly created tmpfiles are in policy, causing
> > > > the file hash to be calculated on __fput().
> > >
> > > Discussed in overlayfs, this would be better if we use this on inode
> > > and called from vfs_tmpfile() instead of do_tmpfile(). This will cover
> > > the overlayfs case which uses tmpfiles while performing copy_up().
> > > The patch is attached.
> > >
> > > Here is the updated patch which works for my cases.
> > > However, it is the the failure case after setting the IMA flags
> > > I am concerned about, though I don't think that should be as harmful.
> >
> > Right. The new IMA hook allocates memory for storing the flags, which
> > needs to be cleaned up on failure. For this reason, the IMA call is
> > deferred until after the transition from locally freeing memory on
> > failure to relying on __fput(). In "do_last", the call to IMA is
> > after "opened"; and in the original version of this patch the call to
> > IMA is after finish_open().
> >
>
> Not sure I understand the concern.
> The integrity context is associated with the inode and will be freed
> on destroy_inode() no matter which error path is taken.
> Am I missing something?
No, as long as destroy_inode() is called, it should be fine.
thanks,
Mimi
next prev parent reply other threads:[~2019-01-22 15:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-18 18:47 [PATCH v2] ima: define ima_post_create_tmpfile() hook and add missing call Mimi Zohar
2018-12-18 19:23 ` Ignaz Forster
2019-01-17 21:34 ` Goldwyn Rodrigues
2019-01-21 12:00 ` Mimi Zohar
2019-01-21 12:29 ` Amir Goldstein
2019-01-22 15:43 ` Mimi Zohar [this message]
2019-01-22 16:38 ` Goldwyn Rodrigues
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1548171789.4038.6.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=amir73il@gmail.com \
--cc=fvogt@suse.de \
--cc=iforster@suse.de \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rgoldwyn@suse.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.