Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp255737rdb; Thu, 1 Feb 2024 07:42:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IFWMapzqOhKU3oUL1ag/RaG0Z+CICKC8Vu3wfOu52Ut2SMdY4zw6uPMGRprh1dyKEXlL2jY X-Received: by 2002:a2e:8ed4:0:b0:2d0:7307:ca2a with SMTP id e20-20020a2e8ed4000000b002d07307ca2amr1906972ljl.35.1706802169547; Thu, 01 Feb 2024 07:42:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706802169; cv=pass; d=google.com; s=arc-20160816; b=ESfGYTlkWIhT2A8Xj6MYW/pLSOLo9dbM636l8h5NjHfs6ZMLh2yUpQV2H1pN11o2z+ l8+D0+qkeS9pdYJgw2BKS/9DlibMnRyp90AfIig8LWsG1P6cXvielRc8h7H3WRQvUGeG uwxurrIpnvL0hS1+F3OAxyb5Tbkzm4XJKUSnfHviV2FypL08QeGeY1qwpKKVOi/twh0H 771Jpy8ZtiUXf/lwGaChE54Pqe/UxmUwAdta3icinpeOWm+4bccwBJT6wT6iSv8dYczc 3Y7zn+i5+3lyRU41eT/wuylmYAgn8MrAEVIVCJgZn3YAmIi+W0GUF4mpyLWWe2qlFLWl uWNg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=Xp4rZMTnVnBxefF1gjpPyi1EmVRo9E8xKDqZHXLJzqY=; fh=SzoA5kFNzlUks7EJdRf4FfVAc+YpobNi2N8In3ZpnmU=; b=AZvsjiqqK3DHV/dVf4aKjuLCq5iMx/8LPR0SilAHPqGSkJttB9Acuy3eRa+m+fcCCA nDPQWMw5uR6nVQ7ATi9fufZmEECCK1RNa34MjhjH8SVLCzGsg+h04I3v7x9zMFhEhLLm tV9A1k1r/54C0nLE6DRT9s+h/V/RIlbLSfWez7h6Yo9SjpSgT8QMNh6Fwn2GDHikedhZ /1B3VRd4ZHEoFznwQUWi2EvBh9taWmm1S77BopeRd1o9vlx1DYbP+frvQntYLn0PjxMB ZC2gV5zH6ZFWAUKEYKT4wXp6SelX/S/U1yLC/1t+v4g9nLKimbMAcud/kRT4hiQ9FDSs 0hxA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=b+LHouYw; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-48424-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-48424-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com X-Forwarded-Encrypted: i=1; AJvYcCWPeDGgcg1yaprxbTI1QbCkBI9HyKF90ViLnhFHXmXDt8e56+32SkegM05jRR1X0kQLnx+ijxsBQd45Eo63U9CRJs0wdV+MVkx8AP77hA== Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id fk4-20020a056402398400b0055f986fe347si1380920edb.96.2024.02.01.07.42.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Feb 2024 07:42:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-48424-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=b+LHouYw; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-48424-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-48424-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 9A52E1F28AEE for ; Thu, 1 Feb 2024 15:41:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4332A626AB; Thu, 1 Feb 2024 15:41:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="b+LHouYw" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2C8F6215A; Thu, 1 Feb 2024 15:41:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706802103; cv=none; b=aCeA7ouYoBBvPIEl7BBMBVI4TPM9ibL8wX7uHJq7386ZRURiKE66qhXjY11M1m30TpN2zYlyiJdt7UoUxrZUpN9xOXFPVko7TRuysSu+C9/LAAUtCjj638QbgEcItefvVII4WyEHebek1bIfBmsU7OJl5ZHzk1HjBtGPWpqxt0g= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706802103; c=relaxed/simple; bh=MgEx7ikC/L4/Xtdmd2xJp/5oDdEwDQ4koi6z3CAZUC0=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=PDfhCp+71d/WsUff0fMo0tRIe3g6yuZWPeXRaDiHzQ25WXgoNjWPNNMRNkxAu1Zu6Rd37FGK80Q6Rut/Xi2+zh0m929f445AetBxjWD0HufMzFA/Ph4bD7GkprOfyMK/2t/0N22zj+yfYxMV0xisoHEuYrLFNaR+qhFrEpZkPqc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=b+LHouYw; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 411FSWak015663; Thu, 1 Feb 2024 15:41:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=Xp4rZMTnVnBxefF1gjpPyi1EmVRo9E8xKDqZHXLJzqY=; b=b+LHouYwHS0fb9Q7EGgDXLfIpOkgJExmtVSDjpPdoBu5mqRrA5T1NryEWAK83tW4m1cL 6Rctj3Y1jcuIlzPfYH3n/gMNjjgX+XeQYm+RvrHZOuTGR55Jw2q701K1Sr526hJWWIKB Hxrm1IgrUCMqOoXeFShNCwrSIJAP/iviO86P1Q3DCPfHLNDKwuoYLD8uH7qXmZhJbvAM +KL6yy1ntEycSPKk+0af4F9ybcSa9XghWsHMXOZCl3htOsirS3Ii04j+O70x6L3U0C6d Wtnaw7xYhV0EgiehsMa7fxZByajmQOUFfGaVFyv7nHaWuJ2yF5/9Mct+XYUSI8V4W0Hf mg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3w0dyq8hwm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Feb 2024 15:41:18 +0000 Received: from m0360072.ppops.net (m0360072.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 411FSdip016911; Thu, 1 Feb 2024 15:41:18 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3w0dyq8hw1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Feb 2024 15:41:18 +0000 Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 411DOgaN008242; Thu, 1 Feb 2024 15:41:17 GMT Received: from smtprelay02.wdc07v.mail.ibm.com ([172.16.1.69]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3vwdnmcwhu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Feb 2024 15:41:17 +0000 Received: from smtpav02.dal12v.mail.ibm.com (smtpav02.dal12v.mail.ibm.com [10.241.53.101]) by smtprelay02.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 411FfG0o15598114 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 1 Feb 2024 15:41:17 GMT Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A9D535805A; Thu, 1 Feb 2024 15:41:16 +0000 (GMT) Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0AAC158051; Thu, 1 Feb 2024 15:41:16 +0000 (GMT) Received: from [9.47.158.152] (unknown [9.47.158.152]) by smtpav02.dal12v.mail.ibm.com (Postfix) with ESMTP; Thu, 1 Feb 2024 15:41:15 +0000 (GMT) Message-ID: <093ffc74-c5f5-49e7-8be9-77158336c878@linux.ibm.com> Date: Thu, 1 Feb 2024 10:41:15 -0500 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 1/5] security: allow finer granularity in permitting copy-up of security xattrs Content-Language: en-US To: Amir Goldstein Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, miklos@szeredi.hu, Christian Brauner References: <20240130214620.3155380-1-stefanb@linux.ibm.com> <20240130214620.3155380-2-stefanb@linux.ibm.com> From: Stefan Berger In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: mCEDx2t6kjyYzg4wr37jSslbfkLndMPF X-Proofpoint-GUID: U6FrtjlUTDFwrRHkX7hlF_HbsAvcq00R X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-01_03,2024-01-31_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=582 priorityscore=1501 mlxscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1015 spamscore=0 adultscore=0 phishscore=0 malwarescore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2402010123 On 1/31/24 08:25, Amir Goldstein wrote: > On Tue, Jan 30, 2024 at 11:46 PM Stefan Berger wrote: >> >> Copying up xattrs is solely based on the security xattr name. For finer >> granularity add a dentry parameter to the security_inode_copy_up_xattr >> hook definition, allowing decisions to be based on the xattr content as >> well. >> >> Signed-off-by: Stefan Berger >> --- >> fs/overlayfs/copy_up.c | 2 +- >> include/linux/evm.h | 2 +- >> include/linux/lsm_hook_defs.h | 3 ++- >> include/linux/security.h | 4 ++-- >> security/integrity/evm/evm_main.c | 2 +- >> security/security.c | 7 ++++--- >> security/selinux/hooks.c | 2 +- >> security/smack/smack_lsm.c | 2 +- >> 8 files changed, 13 insertions(+), 11 deletions(-) >> >> diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c >> index b8e25ca51016..bd9ddcefb7a7 100644 >> --- a/fs/overlayfs/copy_up.c >> +++ b/fs/overlayfs/copy_up.c >> @@ -114,7 +114,7 @@ int ovl_copy_xattr(struct super_block *sb, const struct path *oldpath, struct de >> if (ovl_is_private_xattr(sb, name)) >> continue; >> >> - error = security_inode_copy_up_xattr(name); >> + error = security_inode_copy_up_xattr(old, name); > > What do you think about: > > error = security_inode_copy_up_xattr(name, NULL, 0); We need 'old'. > > and then later... > > error = security_inode_copy_up_xattr(name, value, size); Are these parameter used to first query for the necessary size of the buffer and then provide the buffer to fill it? Or should the function rather take an existing buffer and realloc it if necessary and place the value of the xattr into it? Unfortunately this function currently returns '1' for 'discard', so returning the size of the xattr value from it maybe not ideal but it would require maybe yet another parameter that indicates what the size of the xattr value is. Stefan > > I am asking because overlayfs uses mnt_idmap(path->mnt) and you > have used nop_mnt_idmap inside evm hook. > this does not look right to me? > > Thanks, > Amir.