From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Dave Chinner <david@fromorbit.com>
Cc: linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
James Morris <jmorris@namei.org>,
David Safford <safford@watson.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Greg KH <greg@kroah.com>,
Dmitry Kasatkin <dmitry.s.kasatkin@gmail.com>,
Mimi Zohar <zohar@us.ibm.com>,
Sunil Mushran <sunil.mushran@oracle.com>,
Tiger Yang <tiger.yang@oracle.com>,
Steven Whitehouse <swhiteho@redhat.com>
Subject: Re: [PATCH v6 08/20] evm: evm_inode_post_init
Date: Fri, 03 Jun 2011 01:06:32 -0400 [thread overview]
Message-ID: <1307077592.3124.65.camel@localhost.localdomain> (raw)
In-Reply-To: <20110603022100.GA561@dastard>
On Fri, 2011-06-03 at 12:21 +1000, Dave Chinner wrote:
> On Thu, Jun 02, 2011 at 08:23:31AM -0400, Mimi Zohar wrote:
> > Initialize 'security.evm' for new files. Reduce number of arguments
> > by defining 'struct xattr'.
>
> why does this need a new security callout from every filesystem?
> Once the security xattr is initialised, the name, len and value is
> not going to change so surely the evm xattr can be initialised at
> the same time the lsm xattr is initialised.
Steve Whitehouse asked a similar question, suggesting that
security_inode_init_security() return a vector of xattrs to minimize the
number of xattr writes. Casey pointed out the "stacking" of LSMs will
result in multiple calls to security_inode_init_security(), once for
each LSM. The conclusion (http://lkml.org/lkml/2011/5/19/125) was:
Moving evm_inode_init_security() into security_inode_init_security()
only works for the single LSM and EVM case, but not for the multiple
LSMs and EVM case, as the 'stacker' would call each LSM's
security_inode_iint_security(). Having the 'stacker' return an array of
xattrs would make sense and, at the same time, resolve the EVM issue. In
evm_inode_post_init_security(), EVM could then walk the list of xattrs.
> Then all you need to do in each filesystem is add the evm_xattr
> structure to the existing security init call and a:
>
> #ifdef CONFIG_EVM
> /* set evm.xattr */
> #endif
>
> to avoid adding code that is never executed when EVM is not
> configured into the kernel.
>
> That way you don't create the lsm_xattr at all if the evm_xattr is
> not created, and then the file creation should fail in an atomic
> manner, right? i.e. you don't leave files with unverified security
> attributes around when interesting failure corner cases occur (e.g.
> ENOSPC).
That would imply EVM must be enabled for all LSMs that define a security
xattr. That's definitely a good goal, but probably not a good idea for
right now.
> And while you are there, it's probably also be a good idea to add
> support for all filesystems that support xattrs, not just a random
> subset of them...
>
> Cheers,
>
> Dave.
The EVM xattr is initialized based on the LSM xattr. At this point, as
far as I'm aware, the only remaining filesystems that call
security_inode_init_security() to initialize the LSM xattr, are ocfs2
and reiserfs. Both of which might have memory leaks. Tiger Yang is
addressing the memory leak for ocfs2.
thanks,
Mimi
next prev parent reply other threads:[~2011-06-03 5:06 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-02 12:23 [PATCH v6 00/20] EVM Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 01/20] integrity: move ima inode integrity data management Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 02/20] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 03/20] evm: re-release Mimi Zohar
2011-06-02 22:38 ` Serge E. Hallyn
2011-06-02 12:23 ` [PATCH v6 04/20] evm: add support for different security.evm data types Mimi Zohar
2011-06-02 22:50 ` Serge E. Hallyn
2011-06-03 12:31 ` Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 05/20] security: imbed evm calls in security hooks Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 06/20] evm: evm_inode_post_removexattr Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 07/20] evm: imbed evm_inode_post_setattr Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 08/20] evm: evm_inode_post_init Mimi Zohar
2011-06-03 2:21 ` Dave Chinner
2011-06-03 5:06 ` Mimi Zohar [this message]
2011-06-04 23:50 ` Dave Chinner
2011-06-05 2:46 ` Mimi Zohar
2011-06-07 15:56 ` Casey Schaufler
2011-06-02 12:23 ` [PATCH v6 09/20] fs: add evm_inode_post_init calls Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 10/20] evm: crypto hash replaced by shash Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 11/20] evm: add evm_inode_post_init call in btrfs Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 12/20] evm: add evm_inode_post_init call in gfs2 Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 13/20] evm: add evm_inode_post_init call in jffs2 Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 14/20] evm: add evm_inode_post_init call in jfs Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 15/20] evm: add evm_inode_post_init call in xfs Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 16/20] evm: additional parameter to pass integrity cache entry 'iint' Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 17/20] evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 18/20] evm: replace hmac_status with evm_status Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 19/20] evm: permit only valid security.evm xattrs to be updated Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 20/20] evm: add evm_inode_setattr to prevent updating an invalid security.evm Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1307077592.3124.65.camel@localhost.localdomain \
--to=zohar@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=david@fromorbit.com \
--cc=dmitry.s.kasatkin@gmail.com \
--cc=greg@kroah.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=sunil.mushran@oracle.com \
--cc=swhiteho@redhat.com \
--cc=tiger.yang@oracle.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).