All of lore.kernel.org
 help / color / mirror / Atom feed
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Dmitry Kasatkin <d.kasatkin@samsung.com>,
	linux-security-module <linux-security-module@vger.kernel.org>,
	John Johansen <john.johansen@canonical.com>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	James Morris <jmorris@namei.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	kernel-team <kernel-team@lists.ubuntu.com>
Subject: Re: Kernel panic at Ubuntu: IMA + Apparmor
Date: Sat, 26 Apr 2014 18:42:29 +0100	[thread overview]
Message-ID: <20140426174229.GG18016@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CACE9dm-Ruvt-kDk3B3YJ9SJ3PvRKa+NJ-e1zpnxcTPk7aDBmug@mail.gmail.com>

On Sat, Apr 26, 2014 at 07:54:47PM +0300, Dmitry Kasatkin wrote:
> On 26 April 2014 16:56, Al Viro <viro@zeniv.linux.org.uk> wrote:
> > On Sat, Apr 26, 2014 at 11:58:45AM +0300, Dmitry Kasatkin wrote:
> >
> >> Conflict with Apparmor means with Ubuntu.
> >>
> >> But answering to your early question..
> >> IMA does not want permission denied when measuring and re-measuring files.
> >> may_open() is doing that job before.
> >>
> >> We need quickly introduce kernel_read without LSM checks...
> >
> > *snarl*
> >
> > What we need quickly is to introduce you to a textbook or two.  As the
> > matter of fact, in this case even wikipedia might suffice...
> >
> 
> Hopefully we have you who were introduced to a textbook or two about relevant
> subject and able kindly help us with the solution instead of telling
> me this crap...

See the discussion of that very topic (required modifications of vfs_read())
upthread.  And Eric has a very good point about the usefulness of understanding
the basics of IO-related system calls in Unix for anybody who does any
kind of development related to keeping track of file contents modifications,
etc.  It's *not* about some arcane knowledge of VFS internals (which also might
come handy when sticking hooks into said internals); it's about being familiar
with the semantics of read(2) and related concepts.

  reply	other threads:[~2014-04-26 17:42 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-25 13:00 Kernel panic at Ubuntu: IMA + Apparmor Dmitry Kasatkin
2014-04-25 14:48 ` Dmitry Kasatkin
2014-04-25 18:23   ` Oleg Nesterov
2014-04-25 19:04     ` Eric W. Biederman
2014-04-25 19:25       ` Oleg Nesterov
2014-04-25 19:40         ` Eric W. Biederman
2014-04-25 20:01           ` Oleg Nesterov
2014-04-25 20:20             ` Dmitry Kasatkin
2014-04-25 20:45               ` Eric W. Biederman
2014-04-25 20:52                 ` Dmitry Kasatkin
2014-04-25 21:27                   ` Eric W. Biederman
2014-04-25 21:46                     ` Dmitry Kasatkin
2014-04-25 21:56                       ` Dmitry Kasatkin
2014-04-25 22:38                         ` Eric W. Biederman
2014-04-26  8:58                           ` Dmitry Kasatkin
2014-04-26 13:56                             ` Al Viro
2014-04-26 16:54                               ` Dmitry Kasatkin
2014-04-26 17:42                                 ` Al Viro [this message]
2014-04-26 19:03                                   ` Dmitry Kasatkin
2014-04-25 22:11                       ` Eric W. Biederman
2014-04-26  8:49                         ` Dmitry Kasatkin
2014-04-25 21:21                 ` Al Viro
2014-04-25 21:43                   ` Eric W. Biederman
2014-04-25 21:55                     ` Al Viro
2014-04-25 22:25                       ` Eric W. Biederman
2014-04-29 13:00                         ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140426174229.GG18016@ZenIV.linux.org.uk \
    --to=viro@zeniv.linux.org.uk \
    --cc=d.kasatkin@samsung.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=kernel-team@lists.ubuntu.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=oleg@redhat.com \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.