Re: [PATCH 2/3] integrity: Linux Integrity Module(LIM)

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: david safford <safford@watson.ibm.com>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: Christoph Hellwig <hch@infradead.org>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
	Serge Hallyn <serue@linux.vnet.ibm.com>,
	Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH 2/3] integrity: Linux Integrity Module(LIM)
Date: Tue, 14 Oct 2008 13:06:31 -0400	[thread overview]
Message-ID: <1224003991.3089.65.camel@localhost.localdomain> (raw)
In-Reply-To: <20081014155359.GC12330@us.ibm.com>

On Tue, 2008-10-14 at 10:53 -0500, Serge E. Hallyn wrote:
> Quoting david safford (safford@watson.ibm.com):
> > On Tue, 2008-10-14 at 09:28 -0400, Christoph Hellwig wrote:
> > > >  int vfs_permission(struct nameidata *nd, int mask)
> > > >  {
> > > > -	return inode_permission(nd->path.dentry->d_inode, mask);
> > > > +	int retval;
> > > > +
> > > > +	retval = inode_permission(nd->path.dentry->d_inode, mask);
> > > > +	if (retval)
> > > > +		return retval;
> > > > +	return integrity_inode_permission(NULL, &nd->path,
> > > > +					  mask & (MAY_READ | MAY_WRITE |
> > > > +						  MAY_EXEC));
> > > >  }
> > > >  
> > > >  /**
> > > > @@ -306,7 +314,14 @@ int vfs_permission(struct nameidata *nd, int mask)
> > > >   */
> > > >  int file_permission(struct file *file, int mask)
> > > >  {
> > > > -	return inode_permission(file->f_path.dentry->d_inode, mask);
> > > > +	int retval;
> > > > +
> > > > +	retval = inode_permission(file->f_path.dentry->d_inode, mask);
> > > > +	if (retval)
> > > > +		return retval;
> > > > +	return integrity_inode_permission(file, NULL,
> > > > +					  mask & (MAY_READ | MAY_WRITE |
> > > > +						  MAY_EXEC));
> > > 
> > > Please don't add anything here as these two wrappers will go away.
> > > Please only make decisions based on what you get in inode_permission().
> > 
> > Hmm... As Mimi mentioned in the last review, we really need access
> > to a path, which is not available in inode_permission. (Note the
> > path is not used to make any integrity decision, but is recorded along
> > with the measurement to help with the integrity analysis by a third
> > party verifier.) Yes, there are other callers without path information,
> > but getting a path here covers the bulk of the measurements.
> > 
> > Is there some other alternative, other than this, or passing the 
> > dentry into inode_permission, which was also rejected?
> 
> Whatever happened to the patch Mimi had floated to use the audit
> subsystem to output a pathname?  I thought that was pretty neat,
> and it made particularly clear the the pathname was purely
> informational.
> 
> -serge

I'll double check with Mimi, but my recollection is that using the 
audit pathnames was nice, in that it returned a full path as a hint, 
not just a dentry filename, but that the audit system often did not 
have a path yet, so both the dentry name and the audit path were 
desirable.

dave

next prev parent reply	other threads:[~2008-10-14 17:07 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-13 17:17 [PATCH 0/3] integrity Mimi Zohar
2008-10-13 17:17 ` [PATCH 1/3] integrity: TPM internel kernel interface Mimi Zohar
2008-10-14 22:23   ` Serge E. Hallyn
2008-10-22 12:47     ` Rajiv Andrade
2008-10-22 14:49       ` Serge E. Hallyn
2008-10-24 20:16         ` Rajiv Andrade
2008-10-24 20:31           ` Serge E. Hallyn
2008-10-13 17:17 ` [PATCH 2/3] integrity: Linux Integrity Module(LIM) Mimi Zohar
2008-10-14 13:28   ` Christoph Hellwig
2008-10-14 15:27     ` david safford
2008-10-14 15:53       ` Serge E. Hallyn
2008-10-14 17:06         ` david safford [this message]
2008-10-20 15:12       ` Serge E. Hallyn
2008-10-24 14:47     ` Mimi Zohar
2008-10-31 16:22     ` Serge E. Hallyn
2008-10-31 16:51     ` Dave Hansen
2008-10-31 19:48       ` Mimi Zohar
2008-10-14 23:27   ` Serge E. Hallyn
2008-10-31 16:40   ` Dave Hansen
2008-10-31 19:35     ` Mimi Zohar
2008-10-31 21:02       ` Dave Hansen
2008-11-02 22:57     ` Serge E. Hallyn
2008-10-13 17:17 ` [PATCH 3/3] integrity: IMA as an integrity service provider Mimi Zohar
2008-10-15  3:32   ` Serge E. Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1224003991.3089.65.camel@localhost.localdomain \
    --to=safford@watson.ibm.com \
    --cc=hch@infradead.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=serue@linux.vnet.ibm.com \
    --cc=serue@us.ibm.com \
    --cc=zohar@linux.vnet.ibm.com \
    --cc=zohar@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox