Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp807943pxj; Fri, 14 May 2021 17:03:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJycGgaotxkuYHJLxaSFc3VQMQlvCupwbKhxw/0iTaZkStAdc0pWFRsVCN/kA4q4PdO7sK3i X-Received: by 2002:aa7:d952:: with SMTP id l18mr57884137eds.83.1621037028051; Fri, 14 May 2021 17:03:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621037028; cv=none; d=google.com; s=arc-20160816; b=fEbsGbeLik9o4e1ywJJAlu8T07+4gkSDshUzenJJ7jqMrtJosTdRQe3qlJmNBS9KEg CMTbw0HpWRZYrVro2orCa45FqBCNLlZIhNuRdtyQPe7FrAIm1HX4+1K4O4B3SSBQm2iy 6rYUy417wg60fF6o5gR4XgB34fmAVwRI5FLutp2BMp2JnsWa56FXYbWFN/mLPPznk6ZD 3OAGoN7fdvwrjUHyY1UuiNx0ULGvdsk9vMeTkvFlbEGPE2PgKSM/s0zTifrehJwoodVk Ph0xGJ2ozCTg+Z3ileKc/ab7P+51b4npE6pK4RJ5sKufQg+2dINwOyNfY7hnTeEMG2u8 r8DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=1Y1K/iwU5TVQlnVHXML2r3l/bjTyS5OEToYO/brM/1I=; b=jzvCxN9Aa+H0tfr/FMsqNOqcEqp9rRZNmzNvPJ3x9VNFWGw+PU0Ei38VgyajzWhYqN dav+8XUg83WEKcJpUNaEbbU+D1+MiZlj/eKcrkpHzhqqa2zEeHc427oj1NBOyRIVcb9r 0D69/oe88AmszRQU1yWSQO4sz1pZYThx7+RmbaThSO62RllAS/0Ifwloy17ue7cftoRW jM2nmFy3K4oGOfNuqsO+sqmxpc4/ajA7t7Ml6dMvV0ORxJOUR06pl8QwzzfzHTIr5n7P WfLoR2lBueo/dRtRDNL/6M3hoUJjyHPl+9z0assQbB5Ra3RAycYElJMM92+TnCqBCqrn l9XQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n11si3572457edy.80.2021.05.14.17.02.57; Fri, 14 May 2021 17:03:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234752AbhENPak (ORCPT + 99 others); Fri, 14 May 2021 11:30:40 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3075 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231296AbhENPag (ORCPT ); Fri, 14 May 2021 11:30:36 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4FhXNT2g2Rz6cw7l; Fri, 14 May 2021 23:23:21 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.62.217) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Fri, 14 May 2021 17:29:23 +0200 From: Roberto Sassu To: , CC: , , , Roberto Sassu , Christian Brauner , Andreas Gruenbacher Subject: [PATCH v7 07/12] evm: Pass user namespace to set/remove xattr hooks Date: Fri, 14 May 2021 17:27:48 +0200 Message-ID: <20210514152753.982958-8-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210514152753.982958-1-roberto.sassu@huawei.com> References: <20210514152753.982958-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.204.62.217] X-ClientProxiedBy: lhreml753-chm.china.huawei.com (10.201.108.203) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In preparation for 'evm: Allow setxattr() and setattr() for unmodified metadata', this patch passes mnt_userns to the inode set/remove xattr hooks so that the GID of the inode on an idmapped mount is correctly determined by posix_acl_update_mode(). Cc: Christian Brauner Cc: Andreas Gruenbacher Signed-off-by: Roberto Sassu Reviewed-by: Christian Brauner --- include/linux/evm.h | 12 ++++++++---- security/integrity/evm/evm_main.c | 17 +++++++++++------ security/security.c | 4 ++-- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/include/linux/evm.h b/include/linux/evm.h index 39bb17a8236b..31ef1dbbb3ac 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -23,13 +23,15 @@ extern enum integrity_status evm_verifyxattr(struct dentry *dentry, struct integrity_iint_cache *iint); extern int evm_inode_setattr(struct dentry *dentry, struct iattr *attr); extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); -extern int evm_inode_setxattr(struct dentry *dentry, const char *name, +extern int evm_inode_setxattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *name, const void *value, size_t size); extern void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name, const void *xattr_value, size_t xattr_value_len); -extern int evm_inode_removexattr(struct dentry *dentry, const char *xattr_name); +extern int evm_inode_removexattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *xattr_name); extern void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name); extern int evm_inode_init_security(struct inode *inode, @@ -72,7 +74,8 @@ static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) return; } -static inline int evm_inode_setxattr(struct dentry *dentry, const char *name, +static inline int evm_inode_setxattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *name, const void *value, size_t size) { return 0; @@ -86,7 +89,8 @@ static inline void evm_inode_post_setxattr(struct dentry *dentry, return; } -static inline int evm_inode_removexattr(struct dentry *dentry, +static inline int evm_inode_removexattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *xattr_name) { return 0; diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 77259cc901e2..12cb0ff590af 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -342,7 +342,8 @@ static enum integrity_status evm_verify_current_integrity(struct dentry *dentry) * For posix xattr acls only, permit security.evm, even if it currently * doesn't exist, to be updated unless the EVM signature is immutable. */ -static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, +static int evm_protect_xattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *xattr_name, const void *xattr_value, size_t xattr_value_len) { enum integrity_status evm_status; @@ -405,6 +406,7 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, /** * evm_inode_setxattr - protect the EVM extended attribute + * @mnt_userns: user namespace of the idmapped mount * @dentry: pointer to the affected dentry * @xattr_name: pointer to the affected extended attribute name * @xattr_value: pointer to the new extended attribute value @@ -416,8 +418,9 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, * userspace from writing HMAC value. Writing 'security.evm' requires * requires CAP_SYS_ADMIN privileges. */ -int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name, - const void *xattr_value, size_t xattr_value_len) +int evm_inode_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, + const char *xattr_name, const void *xattr_value, + size_t xattr_value_len) { const struct evm_ima_xattr_data *xattr_data = xattr_value; @@ -434,19 +437,21 @@ int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name, xattr_data->type != EVM_XATTR_PORTABLE_DIGSIG) return -EPERM; } - return evm_protect_xattr(dentry, xattr_name, xattr_value, + return evm_protect_xattr(mnt_userns, dentry, xattr_name, xattr_value, xattr_value_len); } /** * evm_inode_removexattr - protect the EVM extended attribute + * @mnt_userns: user namespace of the idmapped mount * @dentry: pointer to the affected dentry * @xattr_name: pointer to the affected extended attribute name * * Removing 'security.evm' requires CAP_SYS_ADMIN privileges and that * the current value is valid. */ -int evm_inode_removexattr(struct dentry *dentry, const char *xattr_name) +int evm_inode_removexattr(struct user_namespace *mnt_userns, + struct dentry *dentry, const char *xattr_name) { /* Policy permits modification of the protected xattrs even though * there's no HMAC key loaded @@ -454,7 +459,7 @@ int evm_inode_removexattr(struct dentry *dentry, const char *xattr_name) if (evm_initialized & EVM_ALLOW_METADATA_WRITES) return 0; - return evm_protect_xattr(dentry, xattr_name, NULL, 0); + return evm_protect_xattr(mnt_userns, dentry, xattr_name, NULL, 0); } static void evm_reset_status(struct inode *inode) diff --git a/security/security.c b/security/security.c index b38155b2de83..e9f8010a2341 100644 --- a/security/security.c +++ b/security/security.c @@ -1354,7 +1354,7 @@ int security_inode_setxattr(struct user_namespace *mnt_userns, ret = ima_inode_setxattr(dentry, name, value, size); if (ret) return ret; - return evm_inode_setxattr(dentry, name, value, size); + return evm_inode_setxattr(mnt_userns, dentry, name, value, size); } void security_inode_post_setxattr(struct dentry *dentry, const char *name, @@ -1399,7 +1399,7 @@ int security_inode_removexattr(struct user_namespace *mnt_userns, ret = ima_inode_removexattr(dentry, name); if (ret) return ret; - return evm_inode_removexattr(dentry, name); + return evm_inode_removexattr(mnt_userns, dentry, name); } int security_inode_need_killpriv(struct dentry *dentry) -- 2.25.1