Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp1653671rdb; Wed, 31 Jan 2024 05:25:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IEjomq6tRHFBw1K256lUfaecHNfs+ZxlA7VM7xUsXGUPTYQfbDsL7Y0TO6WGOnJNXnO3LIx X-Received: by 2002:a50:ef15:0:b0:55f:6a87:8033 with SMTP id m21-20020a50ef15000000b0055f6a878033mr1056220eds.31.1706707553577; Wed, 31 Jan 2024 05:25:53 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706707553; cv=pass; d=google.com; s=arc-20160816; b=DajuQuk1+sQU0h30uINkTLsEmiTSUv95MwUsCvL6xt/A7QrUUSPvzZkLtVQtqcsllj Hxx0z8SG5lKesaL9rag4GU06KaJfEXiLSUsP2+Q+lU7dhKGVOb2VgHBDQmP7Q6YVCD3O fbOL05K/lgTrOLkvgn95yK7fOTe8t/5g9JzFaEeyutJzf9ABA+0AtxJGL6k3FRJMye6+ /f1Ks6XHTm6Pn7v0Z9/rp00XMUGC1vipIYC67OQZnSsNP4FFzIFSfF27n/6zV7hTI5ug z634nn9Nj0CF//bof08oRUBt5qnaiYBFNg9ou4vOUVbmwAUfb+qKsDWXWeKqlo1tBGFq BKig== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=9Uf6+XRPgpi5oQnuc4d38dfYrYU0Kc9cu3ZpAUB+/+o=; fh=UwuGw5NlE6KhayUG388A2LhDDwGLl91hZkH+WFlU0SA=; b=MEWp5vrH5NhsGaBhrxwDyEnNYHuuag6o4oP3I7spdyBAx3qvQO00m/2oiV1QrXWsJp TZ8ICPEYF4GN/IW218qikq95+SXi9/n4N2dCveR+XUaQrAGsMSEboIozP76kSamB5ins d1qtg9LCRIJgcgkfy3q/CG4d1iqgbwnKnq+i7GpWoCSUf/Hfv89QCNZMkD+zFtJKPjQR kRPCEcbvNcc2GzuPmXlP4EKgGIYg7ncZWcbYIZPjTxDrZ4EOEidqsIRn9AH1wY4R38h4 DFUYeRvYRZ7AB6A7YS7JMlsmqQdZSimLV0xMHEPygvxauObcC1HRYV+8YfaIFbNHVHI0 OmUQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=H76iJFDD; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-46491-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-46491-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com X-Forwarded-Encrypted: i=1; AJvYcCVz7VENEVaCmx/m6ebjYsCjs1hXgZ2W8UEZcqzX/oEK6a07LuKH9AK597fi0hMSQzUoWDeGR53aESRQ7pSQnq+3tU3ebjd2lZ/tfyE/gQ== Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id e20-20020a50d4d4000000b0055f692fb949si880322edj.514.2024.01.31.05.25.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jan 2024 05:25:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-46491-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=H76iJFDD; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-46491-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-46491-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 56EFE1F2B7F9 for ; Wed, 31 Jan 2024 13:25:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0B35E7BB0A; Wed, 31 Jan 2024 13:25:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="H76iJFDD" Received: from mail-qv1-f45.google.com (mail-qv1-f45.google.com [209.85.219.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7CE274E24; Wed, 31 Jan 2024 13:25:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.45 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706707543; cv=none; b=HStpRzfRuNazWISZ0pKJpvo9Om4CkngKEEvilF/J7SIb/FkgWva+pajhRAfhjkhFDd0KQ/7mgGP+/K6VE9SuxXX0zxI9h8N0pG9Su0oKm6msM0b2V+zC3cc4y+JOJEOpqJre6KnC5k9xjPH8hYfW0oe1rnxSRwNk/XXYVVpTY7c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706707543; c=relaxed/simple; bh=mrnPuo7MULhNnO7ai8Laqwn0SsYOAxZu1J39la8H5/A=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=WdTiZ0dwUz8C0BuqBy06uUTOo8zCTndlbsJeDLtzQRlOiHSi7A9nVoErynp6j5pcNEw1lZIjS2XS3qNmjiu8HUe19Dt+ZVFaMtt+e4O0ltvUyGLuimAQVTNBa2Dw3caRJk9UWaP+MKCvljZCLWd603pVE8CJjHmn0ztebKb/5ps= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=H76iJFDD; arc=none smtp.client-ip=209.85.219.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-qv1-f45.google.com with SMTP id 6a1803df08f44-686a92a8661so35717726d6.0; Wed, 31 Jan 2024 05:25:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706707541; x=1707312341; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=9Uf6+XRPgpi5oQnuc4d38dfYrYU0Kc9cu3ZpAUB+/+o=; b=H76iJFDDCyVEp6Lv5YPurKwteJX+MndVctXj5cTkMldIKXDjQmvsWMJi2m4AU+9MjK S512jeYsvs+d8KG1nRDrU162RK6cSU/FY6ixcvj+e3xXIYPHJQXVBilj6Ps00cCHbvm9 5RCm6v/CSIC1n0HFgJFVTdk/djopkaYh9YZb6nPVV66WZ6H0VcQBE4CqeGgqUe3WUGpF Sz+eDCWmZk69Ppn/N0+Jau4i3sgCIecFsPdPzI9goZ4ZP10LfvyqOy3sqxAKYKNRfYx8 GrkkIVaIkCnAd7ADUQJJvKy4PvqZSj6SueZ6TIor7EwydrHJ8w+d8spJUPb3g5LceZZG xLyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706707541; x=1707312341; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9Uf6+XRPgpi5oQnuc4d38dfYrYU0Kc9cu3ZpAUB+/+o=; b=q3H9iwZlnqdem8EeAXY1QyqyF5ZFYG93W/ElUUk10cUdtnPS1D50nf4jq73yjYUA65 1bLK5hRi5d0A3Emq+vp/P2BIbaYdnU+fSCMgZFKYYModCrQ+IgNLmqb+TZdysdlt4f6O J9oX6cqUjZFpwudvft+R2vYXKL5iJf3LI2n3JQHhDxR7b2Ai+12plMFm/Wyn14RiuWE4 Mlq3ZEbqwlLTdB9OKvYe+rDKXhW6rvTcuQ37A7Rc8zkdLS96ufJV4dHcD9exzIENDPGh qvh5cKHNGccHJh/C4hkWrkEPMQSx2BjFSMYoRJX+dvQk5KoCdQZMJJm37z3r6fatrppn r3/Q== X-Gm-Message-State: AOJu0YzezZlh7LeJVJ7/nB4DBwy0RImJUiarEIGBETPIghfAh1IX3v4F BqkaWa5u62hYVVDDVGLWtLPv3tcUFLTB0MHLne1uUYE57g1cEEwBkkmWS6MgkwXOhKw3fsqho6F RrsrxOjBbb6qk/6jCc5G90+4NJcs6rmRw6OM= X-Received: by 2002:a05:6214:2425:b0:68c:645d:1a14 with SMTP id gy5-20020a056214242500b0068c645d1a14mr2069494qvb.15.1706707540694; Wed, 31 Jan 2024 05:25:40 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240130214620.3155380-1-stefanb@linux.ibm.com> <20240130214620.3155380-2-stefanb@linux.ibm.com> In-Reply-To: <20240130214620.3155380-2-stefanb@linux.ibm.com> From: Amir Goldstein Date: Wed, 31 Jan 2024 15:25:29 +0200 Message-ID: Subject: Re: [PATCH 1/5] security: allow finer granularity in permitting copy-up of security xattrs To: Stefan Berger Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, miklos@szeredi.hu, Christian Brauner Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Jan 30, 2024 at 11:46=E2=80=AFPM Stefan Berger wrote: > > Copying up xattrs is solely based on the security xattr name. For finer > granularity add a dentry parameter to the security_inode_copy_up_xattr > hook definition, allowing decisions to be based on the xattr content as > well. > > Signed-off-by: Stefan Berger > --- > fs/overlayfs/copy_up.c | 2 +- > include/linux/evm.h | 2 +- > include/linux/lsm_hook_defs.h | 3 ++- > include/linux/security.h | 4 ++-- > security/integrity/evm/evm_main.c | 2 +- > security/security.c | 7 ++++--- > security/selinux/hooks.c | 2 +- > security/smack/smack_lsm.c | 2 +- > 8 files changed, 13 insertions(+), 11 deletions(-) > > diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c > index b8e25ca51016..bd9ddcefb7a7 100644 > --- a/fs/overlayfs/copy_up.c > +++ b/fs/overlayfs/copy_up.c > @@ -114,7 +114,7 @@ int ovl_copy_xattr(struct super_block *sb, const stru= ct path *oldpath, struct de > if (ovl_is_private_xattr(sb, name)) > continue; > > - error =3D security_inode_copy_up_xattr(name); > + error =3D security_inode_copy_up_xattr(old, name); What do you think about: error =3D security_inode_copy_up_xattr(name, NULL, 0); and then later... error =3D security_inode_copy_up_xattr(name, value, si= ze); I am asking because overlayfs uses mnt_idmap(path->mnt) and you have used nop_mnt_idmap inside evm hook. this does not look right to me? Thanks, Amir.