Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1035011pxj; Thu, 17 Jun 2021 20:48:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyAam+yzGFDeZx23ZcCTFizt2HXoKxsF60YlS8smRBJPY8cMhOawKTvJeW+n/aaeygBgRFM X-Received: by 2002:a17:907:a8f:: with SMTP id by15mr8711384ejc.91.1623988107840; Thu, 17 Jun 2021 20:48:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623988107; cv=none; d=google.com; s=arc-20160816; b=RJfMc2yiaCAMo6W9gfJwywxhuNCpJfZKQCezvvoBHp0glgcCNMzB8DoXDjvmCWP1+S C83B7WMmNC8BzLpXH+ZAUOtvYWDwkoopUTfmwLFyjGOS9OH9yhws8C0WFdPKDQucBXTy 3tVg8zrO2y07L+R/s8iOGeYPR7uLdkxXBdbcXxEnlghjGdUkkTnOxZyypYJ/k0YqbU/v Pyi3PDr8tJaljNg36/WO5cne5Y8OnhUpzQiOPxpFMRWPcHxZ3YMMpDKNQm6L9ZQU+lm1 rXBauZ2R1K9xh48c5jRToOgpBOnZ9RCx3ex01AuB7ozUm2bPPkmI4e1qCzxEG0lNZrZt IyUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=zLggwlEz9KvaqTsvD1N67bjXjYEPfw0xJN+eofsbIEg=; b=KND7nDyQJwAXrAMg7Blm8Km8Q/qdEweb3F1mO2D1yglZ0yMaqgJEj2nE6CG+yXLQCx sq0HAjroIL4xyQ/YCVZfKwuyTepuIwcnpgrOrWYSZuowtQQ5NSw6MsxyBHp4+19zAyWu pWM5XQKDkrJf+C1AAkV2iNDseezQVJkBSVwrBu4zGNA0JeykQdjARYA+XgzrKYsTSYiS OSZcGGe95n4p4lndwMI5vGpW+oLg5Es5YuCDVKAW2gBsyP+iSSd5yJj+9HJdm07nUFeI LoL508EHiUEP9VXWbW+DnpoHxVl3+23AR2tJ/bwpdCvSXZ4HM3cRn74eV42GPFFsTO/v 7dmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=LeS2JjPw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b19si7503318ede.547.2021.06.17.20.48.05; Thu, 17 Jun 2021 20:48:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=LeS2JjPw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231812AbhFRDUt (ORCPT + 99 others); Thu, 17 Jun 2021 23:20:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36590 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230484AbhFRDUr (ORCPT ); Thu, 17 Jun 2021 23:20:47 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CE6EC06175F for ; Thu, 17 Jun 2021 20:18:38 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id og14so13420029ejc.5 for ; Thu, 17 Jun 2021 20:18:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zLggwlEz9KvaqTsvD1N67bjXjYEPfw0xJN+eofsbIEg=; b=LeS2JjPwBohnWSN3UMBVdfjycTPlOisHQcuIJVwOlO9eR1p8p0xWOrm91+3FZl6C97 G1rwNnlyYPzxy4McN2Y037p0crdsF8/zAOMC2sXR+QxnLekiwdb2BA+MMd4JepSPJy4j CtB3r+X1EkC31clb9Iw+5PQUXoOjC9nRmepkaZcWiAgX1oufedkU7HIKEpZokMf2qH7H RoEZKXdE3J0HnWEGuz8BKlTKHms1uoIqXENdI0+x5J0wBZHBJ74G78bGhvGT5wvq2Etw VAuHVTYtD4nanHpASudOb+OmfBfxWJlFH8e/oxrCBqWm+l60T8FlLlDOj+Nq6rDyxqaA a1kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zLggwlEz9KvaqTsvD1N67bjXjYEPfw0xJN+eofsbIEg=; b=GmO++Hq5P54aCFjUKIb4t+ZZmoWxsysFmHhZ2YKQQRIlkJQkPqRVhZjFFLdNQ59+WO i+AoBDA2zdU6PFwnNWjxSXkJVAfaZkRzncJlUj62tOPrI8aO3ejOvLHy6eOv030hhc2a cUiXzLC1myQkor/xyEUgVYQk/nD7ENB7J6D9WxXvI6PS+lhurkVziifkLTsfr+nYjvm2 ZhDq6uArOSyWOwPu/HRhnLiU/O8uUxzrmSS2fUQVSf9J7gSyWZTqmAldY87aH9ZVCwZQ PAm3mnEn3/bBi6biuYv/MZ+f/jnNPcMzenaKrYBraIBJfE2+dXI9WmqppncK1/6T+r+f qORg== X-Gm-Message-State: AOAM531LkSIAIJiA9ao4qnPGO5DRnfOFU7j4b33k3ZzIHlauxN6NUJnL jyNPKiY8+NjK8ZHxQIX9kPM8aPkZGx6pEjXAR5xO X-Received: by 2002:a17:907:a8f:: with SMTP id by15mr8609968ejc.91.1623986316521; Thu, 17 Jun 2021 20:18:36 -0700 (PDT) MIME-Version: 1.0 References: <20210616132227.999256-1-roberto.sassu@huawei.com> <6e1c9807-d7e8-7c26-e0ee-975afa4b9515@linux.ibm.com> <9cb676de40714d0288f85292c1f1a430@huawei.com> In-Reply-To: From: Paul Moore Date: Thu, 17 Jun 2021 23:18:25 -0400 Message-ID: Subject: Re: [PATCH] fs: Return raw xattr for security.* if there is size disagreement with LSMs To: Mimi Zohar Cc: Roberto Sassu , Stefan Berger , "viro@zeniv.linux.org.uk" , "stephen.smalley.work@gmail.com" , "casey@schaufler-ca.com" , "linux-fsdevel@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "selinux@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 17, 2021 at 11:28 AM Mimi Zohar wrote: > On Thu, 2021-06-17 at 07:09 +0000, Roberto Sassu wrote: ... > > An alternative would be to do the EVM verification twice if the > > first time didn't succeed (with vfs_getxattr_alloc() and with the > > new function that behaves like vfs_getxattr()). > > Unfortunately, I don't see an alternative. ... and while unfortunate, the impact should be non-existant if you are using the right tools to label files or ensuring that you are formatting labels properly if doing it by hand. Handling a corner case is good, but I wouldn't add a lot of code complexity trying to optimize it. -- paul moore www.paul-moore.com