From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF140CDB483 for ; Fri, 13 Oct 2023 13:19:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231913AbjJMNTA (ORCPT ); Fri, 13 Oct 2023 09:19:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58740 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231590AbjJMNS6 (ORCPT ); Fri, 13 Oct 2023 09:18:58 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C35ABF; Fri, 13 Oct 2023 06:18:57 -0700 (PDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 39DDI009014110; Fri, 13 Oct 2023 13:18:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=OipLsM9Ay1YZlFLfXCD8/SUSKEY3RW42dMk8BIaPPts=; b=MeH97IcpVUTWK5zOaa4xHlyvBMAMEl8kkfEa4K+/4YjctVeRrd4AqsJzPmG3KdwWbM8A CAg0oxn/LjjdZhMS8rz05qsB+WijCPAbGkB0HmBeNOCC+DJdcFq5q//7ZTxJSRBxiCxU IrvZzT64ZiLz1mGfnD8sCA+sv3wVdvAXEEJyo3vwCBRJLJCe8EPdlkeD6Cc0jQpLxtFL bZXZqsP9bLe/2dOV/xPoQ7gbFnwUeHVFN8a5F9H9WC99FK0g3e8UCrBLdH1KMx2/dN/Y 49bBgR4ZkBbX2P0LTNiXvBMFSQx87WPkPcvnZNPmnw+DDDaJOLReeCicfcr6WjSPp41I Mg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3tq6n680sk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 13 Oct 2023 13:18:18 +0000 Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 39DDI7td014828; Fri, 13 Oct 2023 13:18:17 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3tq6n680r9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 13 Oct 2023 13:18:17 +0000 Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 39DBLMcn007530; Fri, 13 Oct 2023 13:18:16 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([172.16.1.8]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 3tpt5ac32g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 13 Oct 2023 13:18:16 +0000 Received: from smtpav03.wdc07v.mail.ibm.com (smtpav03.wdc07v.mail.ibm.com [10.39.53.230]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 39DDIFEl57868690 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 13 Oct 2023 13:18:16 GMT Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C58C658054; Fri, 13 Oct 2023 13:18:15 +0000 (GMT) Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 19C235805D; Fri, 13 Oct 2023 13:18:13 +0000 (GMT) Received: from li-f45666cc-3089-11b2-a85c-c57d1a57929f.ibm.com (unknown [9.61.129.99]) by smtpav03.wdc07v.mail.ibm.com (Postfix) with ESMTP; Fri, 13 Oct 2023 13:18:12 +0000 (GMT) Message-ID: Subject: Re: [PATCH v3 17/25] security: Introduce inode_post_create_tmpfile hook From: Mimi Zohar To: Roberto Sassu , viro@zeniv.linux.org.uk, brauner@kernel.org, chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de, kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, dhowells@redhat.com, jarkko@kernel.org, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, selinux@vger.kernel.org, Roberto Sassu Date: Fri, 13 Oct 2023 09:18:12 -0400 In-Reply-To: <20230904133415.1799503-18-roberto.sassu@huaweicloud.com> References: <20230904133415.1799503-1-roberto.sassu@huaweicloud.com> <20230904133415.1799503-18-roberto.sassu@huaweicloud.com> Content-Type: text/plain; charset="ISO-8859-15" X-Mailer: Evolution 3.28.5 (3.28.5-22.el8) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: iR2zFBc3Xz0Ij_GmqvRjQyUDVntg8yNH X-Proofpoint-ORIG-GUID: iRLTBHwzP0f1ormTaYY3SHqNpdveXyPm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-13_04,2023-10-12_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=862 priorityscore=1501 clxscore=1015 impostorscore=0 lowpriorityscore=0 phishscore=0 mlxscore=0 spamscore=0 adultscore=0 suspectscore=0 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310130111 Precedence: bulk List-ID: On Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote: > From: Roberto Sassu > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the inode_post_create_tmpfile hook. > > It is useful for IMA to mark new temp files as successfully appraised and > let them be subsequently opened for further modification. As tmp files can be made persistent, treat new tmp files like other new files, so that the file hash is calculated and stored in the security xattr. -- thanks, Mimi