From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from e23smtp01.au.ibm.com ([202.81.31.143]:34131 "EHLO
	e23smtp01.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751081AbbG1WdT (ORCPT
	<rfc822;stable@vger.kernel.org>); Tue, 28 Jul 2015 18:33:19 -0400
Received: from /spool/local
	by e23smtp01.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
	for <stable@vger.kernel.org> from <zohar@linux.vnet.ibm.com>;
	Wed, 29 Jul 2015 08:33:17 +1000
Received: from d23relay06.au.ibm.com (d23relay06.au.ibm.com [9.185.63.219])
	by d23dlp02.au.ibm.com (Postfix) with ESMTP id F38BA2BB0054
	for <stable@vger.kernel.org>; Wed, 29 Jul 2015 08:33:14 +1000 (EST)
Received: from d23av01.au.ibm.com (d23av01.au.ibm.com [9.190.234.96])
	by d23relay06.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id t6SMX6PP57671890
	for <stable@vger.kernel.org>; Wed, 29 Jul 2015 08:33:14 +1000
Received: from d23av01.au.ibm.com (localhost [127.0.0.1])
	by d23av01.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id t6SMWgTU032758
	for <stable@vger.kernel.org>; Wed, 29 Jul 2015 08:32:42 +1000
Message-ID: <1438122743.3039.74.camel@linux.vnet.ibm.com>
Subject: Re: [PATCH] evm: labeling pseudo filesystems exception
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Date: Tue, 28 Jul 2015 18:32:23 -0400
In-Reply-To: <20150728220110.GA13914@kroah.com>
References: <1438119190-24399-1-git-send-email-zohar@linux.vnet.ibm.com>
	 <20150728220110.GA13914@kroah.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Tue, 2015-07-28 at 15:01 -0700, Greg KH wrote:
> On Tue, Jul 28, 2015 at 05:33:10PM -0400, Mimi Zohar wrote:
> > To prevent offline stripping of existing file xattrs and relabeling of
> > them at runtime, EVM allows only newly created files to be labeled.  As
> > pseudo filesystems are not persistent, stripping of xattrs is not a
> > concern.
> > 
> > Some LSMs defer file labeling on pseudo filesystems.  This patch
> > permits the labeling of existing files on pseudo files systems.
> > 
> > Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> > (cherry picked from commit 5101a1850bb7ccbf107929dee9af0cd2f400940f)
> > ---
> >  security/integrity/evm/evm_main.c | 11 +++++++++++
> >  1 file changed, 11 insertions(+)
> 
> What stable kernel version(s) do you want this applied to?

Commit "3dcbad5 evm: properly handle INTEGRITY_NOXATTRS EVM status"
changed how new files were identified, introducing the problem addressed
by this patch. Stable branches  4.1.y - 3.17.y and 3.14.y are affected.

Mimi