Received: by 2002:a05:7412:8598:b0:f9:33c2:5753 with SMTP id n24csp547749rdh; Tue, 19 Dec 2023 06:49:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IESZxV6uOTyUCy4/xrqPAcbCtFxgtR1qyB/7NEhQG0fJSbfpR3CFobrbfuTpEM5fHF/1PgR X-Received: by 2002:a92:c54c:0:b0:35f:7056:6454 with SMTP id a12-20020a92c54c000000b0035f70566454mr13650061ilj.49.1702997370582; Tue, 19 Dec 2023 06:49:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702997370; cv=none; d=google.com; s=arc-20160816; b=vLPa5QTWhyprkYhBjfb3BwZEZxyVJlZ0/NtywulUA/L8E3FzWAkyyDWhqBTGmzFxVN S8IDdO3hhNp4uyE2L4ONzj1qy0Oc5LDy/Luc0akD2PrYaK+QaJj+HH930GMO7jVsLP9x 7slp5tzPwOH99mLCaMjeqDv/ldvpwOcysPimc8x/9n4PHCzyy1u99+Pu6r8Qd0DFAa7p 4KolrxvIDzQPdoiJsALSLQ34uHTQrNFupNTjOt2RSRRs6eGr2F1i2xxliabLpe8EjAaC BbJrs5X/Po0KKGY/vSQpvSPc+iYemLkkujOr61nn6CwSiODZiINONQeqso9KPNNPGPIm dnVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=3nir7D1z6Ri01c3KJKDkvEWuMnaSsoeNEUkYwm+l97o=; fh=fioFFrOr8k8BMdWogXP6MmFikFx0yiYO3esCoLCnqTk=; b=xKBMqqbvpSokc8AeMb91t9abzo4w6Ymsj15W0Vwu8OslVLGlIR44pKM/SQ/roOtyoy kCAsbcJwcxQDBSibe6ik5ZSz14J8/PamwiU1INlKLaZeomYDg4JMDzTAvSP3G2ZFpBTi 8YyIi5dil9kGow5C8z5VskiOKAKGja4u2j0Kle5h1COySeuJ7UDVVCxxKYuA9CNaa/g0 w9lnOlwmPLmP80Kuph+qBuxKOt1plynS9RKoU0DDnUQOdUjADozgwdwWUUiEOTfB11mx Iv4k+9kXtsPXJcDnDvdWFEHqs0s2FnoTpBEsHGuFqWtqwfowoVNmebVtk76bz1j6NhXH i4gg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kUpyot3a; spf=pass (google.com: domain of linux-kernel+bounces-5403-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-5403-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id r71-20020a632b4a000000b005898d997f52si7871522pgr.66.2023.12.19.06.49.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Dec 2023 06:49:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-5403-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kUpyot3a; spf=pass (google.com: domain of linux-kernel+bounces-5403-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-5403-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id D8E6828E439 for ; Tue, 19 Dec 2023 14:42:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 657971C68F; Tue, 19 Dec 2023 14:42:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="kUpyot3a" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-qt1-f179.google.com (mail-qt1-f179.google.com [209.85.160.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 325A31BDF4; Tue, 19 Dec 2023 14:41:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-qt1-f179.google.com with SMTP id d75a77b69052e-4258b8632f4so42043681cf.2; Tue, 19 Dec 2023 06:41:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702996918; x=1703601718; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=3nir7D1z6Ri01c3KJKDkvEWuMnaSsoeNEUkYwm+l97o=; b=kUpyot3ao3xU5XDPGTnknquZzPZu58i4hBgA5YEVsmRQVSrGXKiOEQ2T3tUoz5lnwJ /DhOksoVy4Pq1nKZ+vwoYQ32X4g5Nj24tbCYmgrir+MEp7lQI1tsjAwpXol+zgUl5k5b TqZ8oulNQu3TylXk2eaQAnSMJt6FX4eC5YxJEbyyvy49v0OwlbancbruaoWwdbe29Lmy McXXgb8Yn80s9GEb0poeZYQD+fyGfx8WceGIq3cxA7Bt2bVPcAh5911cwLPwC9olZVzR p6IjqW6NmHgf4Z1eipHk5AqTMIa4q997+EwCfnUzdrPENWDY0Pq06c/SDE4z3QZQk7de urkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702996918; x=1703601718; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3nir7D1z6Ri01c3KJKDkvEWuMnaSsoeNEUkYwm+l97o=; b=H2tdOVzDzs6YLBu7cNfFFwduSrIILHwt5pfvWNvUX0r2PlwbcfC/CF+ZpIm5bsHXY+ DHxXwK4148zN4TjerYMKQmwerYGzLN2DSYjBb5ik5/PEFYuEwyDb2eyG1/7f3yXcV8KQ ctDsSlDAzDDhmZLBRqJNmr1zSvPcdptPS6q99HDSFflHTdvYEH/LYQii/2xscRvMPB57 r0QMrwG6rzqJelT84AAjUkuHk8gisK4mnYyHJ3STPfpUAdIF9ybvrMui6hsYfYCuAoHq sNg4tb15pha8rR0b19Ub2mzGIMr2MbLaaYFamPVEueQBSVQsm+sIzo30fbhRearjifU5 Q6NQ== X-Gm-Message-State: AOJu0YxBve2WLvsNzM8hp2dwUDVHZmPIqMjxqmLGCuSAKmthgp2QaQu8 vPX+TnvL249HY140+P3bMeWFP1INGCj/mpF3/x3R1bPDgKY= X-Received: by 2002:a05:6214:4b94:b0:67a:8e94:2bb2 with SMTP id qf20-20020a0562144b9400b0067a8e942bb2mr21009192qvb.21.1702996918026; Tue, 19 Dec 2023 06:41:58 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231219134901.96300-1-zohar@linux.ibm.com> <20231219134901.96300-2-zohar@linux.ibm.com> In-Reply-To: <20231219134901.96300-2-zohar@linux.ibm.com> From: Amir Goldstein Date: Tue, 19 Dec 2023 16:41:46 +0200 Message-ID: Subject: Re: [PATCH 1/2] evm: don't copy up 'security.evm' xattr To: Mimi Zohar Cc: linux-unionfs@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, Christian Brauner , Seth Forshee , Roberto Sassu Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Dec 19, 2023 at 3:49=E2=80=AFPM Mimi Zohar wr= ote: > > The security.evm HMAC and the original file signatures contain > filesystem specific data. As a result, the HMAC and signature > are not the same on the stacked and backing filesystems. > > Don't copy up 'security.evm'. > > Signed-off-by: Mimi Zohar > --- > include/linux/evm.h | 6 ++++++ > security/integrity/evm/evm_main.c | 7 +++++++ > security/security.c | 4 ++++ > 3 files changed, 17 insertions(+) > > diff --git a/include/linux/evm.h b/include/linux/evm.h > index 01fc495a83e2..36ec884320d9 100644 > --- a/include/linux/evm.h > +++ b/include/linux/evm.h > @@ -31,6 +31,7 @@ extern void evm_inode_post_setxattr(struct dentry *dent= ry, > const char *xattr_name, > const void *xattr_value, > size_t xattr_value_len); > +extern int evm_inode_copy_up_xattr(const char *name); > extern int evm_inode_removexattr(struct mnt_idmap *idmap, > struct dentry *dentry, const char *xattr= _name); > extern void evm_inode_post_removexattr(struct dentry *dentry, > @@ -117,6 +118,11 @@ static inline void evm_inode_post_setxattr(struct de= ntry *dentry, > return; > } > > +static inline int evm_inode_copy_up_xattr(const char *name) > +{ > + return 0; > +} > + > static inline int evm_inode_removexattr(struct mnt_idmap *idmap, > struct dentry *dentry, > const char *xattr_name) > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/e= vm_main.c > index 894570fe39bc..02adba635b02 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -863,6 +863,13 @@ void evm_inode_post_setattr(struct dentry *dentry, i= nt ia_valid) > evm_update_evmxattr(dentry, NULL, NULL, 0); > } > > +int evm_inode_copy_up_xattr(const char *name) > +{ > + if (strcmp(name, XATTR_NAME_EVM) =3D=3D 0) > + return 1; /* Discard */ > + return -EOPNOTSUPP; > +} > + > /* > * evm_inode_init_security - initializes security.evm HMAC value > */ > diff --git a/security/security.c b/security/security.c > index dcb3e7014f9b..a02e78c45007 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -2539,6 +2539,10 @@ int security_inode_copy_up_xattr(const char *name) > return rc; > } > > + rc =3D evm_inode_copy_up_xattr(name); > + if (rc !=3D LSM_RET_DEFAULT(inode_copy_up_xattr)) > + return rc; > + > return LSM_RET_DEFAULT(inode_copy_up_xattr); The rest of the hooks call evm last, e.g.: return evm_inode_setattr(idmap, dentry, attr); return evm_inode_remove_acl(idmap, dentry, acl_name); evm_inode_post_setxattr(dentry, name, value, size); return evm_inode_removexattr(idmap, dentry, name); best keep a consistent LSM order. Other than that, feel free to add: Reviewed-by: Amir Goldstein Thanks, Amir.