Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp266615lqg; Fri, 1 Mar 2024 04:54:39 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUKZl5ZxEVmdnpPTEmBpPruk0ZObFFj5HJSHlI16rDvhbZeJ1jIf7NqkOxs+S5qePoxy06Tz4cfGTsbP9Y8PevD5krv5p0oBEVtygnQig== X-Google-Smtp-Source: AGHT+IHgMy0MCm27CwUogXeBw9vprPs+mmJ1qH3dFV08t44MLi6OMjkUFIHxAovHMs+8dpIywKfk X-Received: by 2002:ac8:5b8e:0:b0:42e:80ba:691b with SMTP id a14-20020ac85b8e000000b0042e80ba691bmr1599608qta.64.1709297679505; Fri, 01 Mar 2024 04:54:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709297679; cv=pass; d=google.com; s=arc-20160816; b=OW6zBywc4W0kpYq6r+P+v2DhuENtgY9yVgscbX+iLcOLzQ1P8VCcXXYTPkRB31BW/Y I6aSpYcd+mk7Y5NscXiLh02vAHWpbwn9yj/v4NypfWQY8l6Fe2csQ2GBAHT4VBcCHuow eytXTeLCKFArSRq2KUonBbAez+a3R5+2EDPcDo+gl1D/jHWXwO1e1PlM8Hpt3KhRcthp CYjMhyBwiValV6R+vPUCWP9vbmftZyB3AImpEVHrV+EWnqP2I6hGkT3vgRhanFSAagWh vflNDxqaIDAH5HauNt2kP16HaCrfQ1sbxb4j7TtADqw3BodWrVBaJu+QIZzJF3oqtKd+ k+Hw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=saDk+2vIqXUlLPQSDIEybhHq/ziFPSR4yONGv/WqRgE=; fh=+9iVf4/eN0Sv+Vnz0xEW2LVZosRvbbIyzfRHipoussU=; b=1G1ugSVL/fAKaB4dhmPpSW80lgzFdnACMQRstWa0byfc60ZHeAFdVNtFTSVgb28YQJ H7Li5E++6C7WcqBJq3y6Dmx6hmssZIVIsk/vGfWZezH+/FePcqQeCRmLsuMJlyG/Vzni usSEFjEuUPoZXDSyCKnbQTrbuxAf3IalpL2/aiw/Vtjv6mnwVy3mjkj8PCI1yp1KSUHP KvwuKeDKS9fVw2at466cTWMzy9XCaW+6B0xkrRA6/F8PRsxFmKyCtQrKRvU7vUyycGXi x4zO0NwcIzJX5hx7dRMfAA/8a7AtBHiFJCVkO6TjP5E2xMJmie457IB1LjaRkkvzFEap khBA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=QOegZl9p; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-88422-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-88422-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id l10-20020a05620a210a00b007873ffe82cbsi3467391qkl.748.2024.03.01.04.54.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Mar 2024 04:54:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-88422-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=QOegZl9p; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-88422-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-88422-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 289581C2166F for ; Fri, 1 Mar 2024 12:54:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 57B116CDA2; Fri, 1 Mar 2024 12:54:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QOegZl9p" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62D3E40BE4; Fri, 1 Mar 2024 12:54:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709297662; cv=none; b=gKQNM4fzlemsDZqxHGnIZDbGpd2btv2u3LGJ1siSrvyIdwpj3tGDuJVGRmrpVA9aSUPc3aQiF9Qr8WZTdYWnL6F0ZDD4JZm4vbZ0hgil2AL+LzHXJdK+vUxMXwIto4T83+AN/rQ+C1xDRzu3ieLRw/zIuKnhhPRRylmMOrRvdmo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709297662; c=relaxed/simple; bh=t89dHoO9bnrvVzN2QBdLQzcy9IB8Yy8zK1DVwzYtJLU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=kTR9+GXbZjEElDJq7r0SwUuP/RwctYAFTzysvMFkxUNMUsYdW6mZlZ/G03VUNbBbq7vik6FusQDn57kZRSwp/m2EcFDnmu0gKKNctrHmhfFkcpEVFaipGwQlXIXJYiRNVSZNWrIrlxSaSP5VM6O88dqQ8PHV5hXUHgl7FORpnMQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QOegZl9p; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id C649FC433C7; Fri, 1 Mar 2024 12:54:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1709297661; bh=t89dHoO9bnrvVzN2QBdLQzcy9IB8Yy8zK1DVwzYtJLU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=QOegZl9pozxzAbNhZv0jA1i+vi3ItTby1MFSlr85hLGQhHFfLDxrb01Ceft8ywLFL LZ3cQODIhl86m39/bVdMjbCEGtXEN/QMGOahwbFOylrsu1CQrG61u7Mp9u04yFsgOw W57pcEh7jkhTp99h8FyYr8ewF5aOeSMjxSVk28NEaFvIINTfHFRoVVsdhKWyvoqgmO co4E/QYluflcEX5cUQnbbEfUG7q0AkEwjGZrlg6hmhebo54BNR3f+fBHClu3SVGAL/ t6dpupiMJRB0ZDmFBluzhc/umtXAqkNtVyElMzMTlFv7n3rkzHzHcEfhi1TB5X/T0+ 7toYd61I6SV/w== Date: Fri, 1 Mar 2024 13:54:13 +0100 From: Christian Brauner To: Roberto Sassu Cc: "Seth Forshee (DigitalOcean)" , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org Subject: Re: [PATCH v2 14/25] evm: add support for fscaps security hooks Message-ID: <20240301-zucht-umfeld-9a923a7d070a@brauner> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> <20240221-idmap-fscap-refactor-v2-14-3039364623bd@kernel.org> <15a69385b49c4f8626f082bc9b957132388414fb.camel@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <15a69385b49c4f8626f082bc9b957132388414fb.camel@huaweicloud.com> On Fri, Mar 01, 2024 at 10:19:13AM +0100, Roberto Sassu wrote: > On Wed, 2024-02-21 at 15:24 -0600, Seth Forshee (DigitalOcean) wrote: > > Support the new fscaps security hooks by converting the vfs_caps to raw > > xattr data and then handling them the same as other xattrs. > > Hi Seth > > I started looking at this patch set. > > The first question I have is if you are also going to update libcap > (and also tar, I guess), since both deal with the raw xattr. > > From IMA/EVM perspective (Mimi will add on that), I guess it is > important that files with a signature/HMAC continue to be accessible > after applying this patch set. > > Looking at the code, it seems the case (if I understood correctly, > vfs_getxattr_alloc() is still allowed). > > To be sure that everything works, it would be really nice if you could > also extend our test suite: > > https://github.com/mimizohar/ima-evm-utils/blob/next-testing/tests/portable_signatures.test > > and > > https://github.com/mimizohar/ima-evm-utils/blob/next-testing/tests/evm_hmac.test > > > The first test we would need to extend is check_cp_preserve_xattrs, > which basically does a cp -a. We would need to set fscaps in the > origin, copy to the destination, and see if the latter is accessible. > > I would also extend: > > check_tar_extract_xattrs_different_owner > check_tar_extract_xattrs_same_owner > check_metadata_change > check_evm_revalidate > check_evm_portable_sig_ima_appraisal > check_evm_portable_sig_ima_measurement_list > > It should not be too complicated. The purpose would be to exercise your > code below. > > > Regarding the second test, we would need to extend just check_evm_hmac. > > > Just realized, before extending the tests, it would be necessary to > modify also evmctl.c, to retrieve fscaps through the new interfaces, > and to let users provide custom fscaps the HMAC or portable signature > is calculated on. While request for tests are obviously fine they should be added by the respective experts for IMA/EVM in this case. I don't think it's appropriate to expect Seth to do that especially because you seem to imply that you currently don't have any tests for fscaps at all. We're always happy to test things and if that'd be adding new IMA/EVM specific features than it would be something to discuss but really we're refactoring so the fact that you don't have tests we can run is not the fault of this patchset and IMA/EVM is just a small portion of it.