* [GIT PULL] linux-integrity patches for 4.16-security-next-general
@ 2018-01-05 13:43 ` Mimi Zohar
0 siblings, 0 replies; 10+ messages in thread
From: Mimi Zohar @ 2018-01-05 13:43 UTC (permalink / raw)
To: linux-security-module
Hi James,
This pull request contains a mixture of bug fixes, code cleanup, and
new functionality. Of note is the integrity cache locking fix, file
change detection, and support for a new EVM portable and immutable
signature type.
The re-introduction of the integrity cache lock (iint) fixes the
problem of attempting to take the i_rwsem shared a second time, when it
was previously taken exclusively. Defining atomic flags resolves the
original iint/i_rwsem circular locking - accessing the file data vs.
modifying the file metadata. Although it fixes the O_DIRECT problem as
well, a subsequent patch is needed to remove the explicit O_DIRECT
prevention.
For performance reasons, detecting when a file has changed and needs to
be re-measured, re-appraised, and/or re-audited, was limited to after
the last writer has closed, and only if the file data has changed.
Detecting file change is based on i_version. For filesystems that do
not support i_version, remote filesystems, or userspace filesystems,
the file was measured, appraised and/or audited once and never
re-evaluated. Now local filesystems, which do not support i_version or
are not mounted with the i_version option, assume the file has changed
and are required to re-evaluate the file. This change does not address
detecting file change on remote or userspace filesystems.
Unlike file data signatures, which can be included and distributed in
software packages (eg. rpm, deb), the existing EVM signature, which
protects the file metadata, could not be included in software packages,
as it includes file system specific information (eg. i_ino, possibly
the UUID). This pull request defines a new EVM portable and immutable
file metadata signature format, which can be included in software
packages.
thanks,
Mimi
---
The following changes since commit d21bd6898336a7892914d308d5e0868f0b863571:
Sync to v4.15-rc3 for security subsystem developers to work against. (2017-12-11 17:01:08 +1100)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
for you to fetch changes up to a2a2c3c8580a9158bca61221648fd6d5c98c443a:
ima: Use i_version only when filesystem supports it (2017-12-18 09:43:49 -0500)
----------------------------------------------------------------
Bruno E. O. Meneguele (1):
ima: log message to module appraisal error
Dmitry Kasatkin (1):
ima: re-introduce own integrity cache lock
Jeff Layton (1):
integrity: remove unneeded initializations in integrity_iint_cache entries
Joe Perches (1):
ima: Fix line continuation format
Matthew Garrett (2):
EVM: Allow userland to permit modification of EVM-protected metadata
EVM: Add support for portable signature format
Mimi Zohar (2):
ima: relax requiring a file signature for new files with zero length
ima: support new "hash" and "dont_hash" policy actions
Roberto Sassu (1):
ima: pass filename to ima_rdwr_violation_check()
Sascha Hauer (1):
ima: Use i_version only when filesystem supports it
Documentation/ABI/testing/evm | 54 +++++++++++++-------
Documentation/ABI/testing/ima_policy | 3 +-
include/linux/integrity.h | 1 +
security/integrity/evm/evm.h | 9 ++--
security/integrity/evm/evm_crypto.c | 75 +++++++++++++++++++++++----
security/integrity/evm/evm_main.c | 67 +++++++++++++++++-------
security/integrity/evm/evm_secfs.c | 20 ++++++--
security/integrity/iint.c | 4 +-
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_appraise.c | 46 +++++++++--------
security/integrity/ima/ima_main.c | 95 +++++++++++++++++++++++++----------
security/integrity/ima/ima_policy.c | 30 ++++++++++-
security/integrity/ima/ima_template.c | 11 ++--
security/integrity/integrity.h | 41 +++++++++------
14 files changed, 333 insertions(+), 125 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* [GIT PULL] linux-integrity patches for 4.16-security-next-general
@ 2018-01-05 13:43 ` Mimi Zohar
0 siblings, 0 replies; 10+ messages in thread
From: Mimi Zohar @ 2018-01-05 13:43 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module, linux-integrity
Hi James,
This pull request contains a mixture of bug fixes, code cleanup, and
new functionality. Of note is the integrity cache locking fix, file
change detection, and support for a new EVM portable and immutable
signature type.
The re-introduction of the integrity cache lock (iint) fixes the
problem of attempting to take the i_rwsem shared a second time, when it
was previously taken exclusively. Defining atomic flags resolves the
original iint/i_rwsem circular locking - accessing the file data vs.
modifying the file metadata. Although it fixes the O_DIRECT problem as
well, a subsequent patch is needed to remove the explicit O_DIRECT
prevention.
For performance reasons, detecting when a file has changed and needs to
be re-measured, re-appraised, and/or re-audited, was limited to after
the last writer has closed, and only if the file data has changed.
Detecting file change is based on i_version. For filesystems that do
not support i_version, remote filesystems, or userspace filesystems,
the file was measured, appraised and/or audited once and never
re-evaluated. Now local filesystems, which do not support i_version or
are not mounted with the i_version option, assume the file has changed
and are required to re-evaluate the file. This change does not address
detecting file change on remote or userspace filesystems.
Unlike file data signatures, which can be included and distributed in
software packages (eg. rpm, deb), the existing EVM signature, which
protects the file metadata, could not be included in software packages,
as it includes file system specific information (eg. i_ino, possibly
the UUID). This pull request defines a new EVM portable and immutable
file metadata signature format, which can be included in software
packages.
thanks,
Mimi
---
The following changes since commit d21bd6898336a7892914d308d5e0868f0b863571:
Sync to v4.15-rc3 for security subsystem developers to work against. (2017-12-11 17:01:08 +1100)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
for you to fetch changes up to a2a2c3c8580a9158bca61221648fd6d5c98c443a:
ima: Use i_version only when filesystem supports it (2017-12-18 09:43:49 -0500)
----------------------------------------------------------------
Bruno E. O. Meneguele (1):
ima: log message to module appraisal error
Dmitry Kasatkin (1):
ima: re-introduce own integrity cache lock
Jeff Layton (1):
integrity: remove unneeded initializations in integrity_iint_cache entries
Joe Perches (1):
ima: Fix line continuation format
Matthew Garrett (2):
EVM: Allow userland to permit modification of EVM-protected metadata
EVM: Add support for portable signature format
Mimi Zohar (2):
ima: relax requiring a file signature for new files with zero length
ima: support new "hash" and "dont_hash" policy actions
Roberto Sassu (1):
ima: pass filename to ima_rdwr_violation_check()
Sascha Hauer (1):
ima: Use i_version only when filesystem supports it
Documentation/ABI/testing/evm | 54 +++++++++++++-------
Documentation/ABI/testing/ima_policy | 3 +-
include/linux/integrity.h | 1 +
security/integrity/evm/evm.h | 9 ++--
security/integrity/evm/evm_crypto.c | 75 +++++++++++++++++++++++----
security/integrity/evm/evm_main.c | 67 +++++++++++++++++-------
security/integrity/evm/evm_secfs.c | 20 ++++++--
security/integrity/iint.c | 4 +-
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_appraise.c | 46 +++++++++--------
security/integrity/ima/ima_main.c | 95 +++++++++++++++++++++++++----------
security/integrity/ima/ima_policy.c | 30 ++++++++++-
security/integrity/ima/ima_template.c | 11 ++--
security/integrity/integrity.h | 41 +++++++++------
14 files changed, 333 insertions(+), 125 deletions(-)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [GIT PULL] linux-integrity patches for 4.16-security-next-general
2018-01-05 13:43 ` Mimi Zohar
@ 2018-01-05 14:55 ` Roberto Sassu
-1 siblings, 0 replies; 10+ messages in thread
From: Roberto Sassu @ 2018-01-05 14:55 UTC (permalink / raw)
To: linux-security-module
On 1/5/2018 2:43 PM, Mimi Zohar wrote:
> Hi James,
>
> Mimi Zohar (2):
> ima: relax requiring a file signature for new files with zero length
> ima: support new "hash" and "dont_hash" policy actions
Hi Mimi
I think there is an issue in the patch above.
+ /* HASH just sets the digital signature flag, nothing else */
+ if ((action & IMA_HASH) && !(iint->flags & IMA_DIGSIG)) {
IMA_DIGSIG now is an atomic flag.
Roberto
--
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Qiuen PENG, Shengli WANG
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] linux-integrity patches for 4.16-security-next-general
@ 2018-01-05 14:55 ` Roberto Sassu
0 siblings, 0 replies; 10+ messages in thread
From: Roberto Sassu @ 2018-01-05 14:55 UTC (permalink / raw)
To: Mimi Zohar, James Morris; +Cc: linux-security-module, linux-integrity
On 1/5/2018 2:43 PM, Mimi Zohar wrote:
> Hi James,
>
> Mimi Zohar (2):
> ima: relax requiring a file signature for new files with zero length
> ima: support new "hash" and "dont_hash" policy actions
Hi Mimi
I think there is an issue in the patch above.
+ /* HASH just sets the digital signature flag, nothing else */
+ if ((action & IMA_HASH) && !(iint->flags & IMA_DIGSIG)) {
IMA_DIGSIG now is an atomic flag.
Roberto
--
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Qiuen PENG, Shengli WANG
^ permalink raw reply [flat|nested] 10+ messages in thread
* [GIT PULL] linux-integrity patches for 4.16-security-next-general
2018-01-05 14:55 ` Roberto Sassu
@ 2018-01-05 14:59 ` Mimi Zohar
-1 siblings, 0 replies; 10+ messages in thread
From: Mimi Zohar @ 2018-01-05 14:59 UTC (permalink / raw)
To: linux-security-module
Hi Roberto,
On Fri, 2018-01-05 at 15:55 +0100, Roberto Sassu wrote:
> On 1/5/2018 2:43 PM, Mimi Zohar wrote:
> > Hi James,
> >
> > Mimi Zohar (2):
> > ima: relax requiring a file signature for new files with zero length
> > ima: support new "hash" and "dont_hash" policy actions
> Hi Mimi
>
> I think there is an issue in the patch above.
>
> + /* HASH just sets the digital signature flag, nothing else */
> + if ((action & IMA_HASH) && !(iint->flags & IMA_DIGSIG)) {
>
> IMA_DIGSIG now is an atomic flag.
Yes, this caused me grief, but is fixed in next-integrity branch.
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] linux-integrity patches for 4.16-security-next-general
@ 2018-01-05 14:59 ` Mimi Zohar
0 siblings, 0 replies; 10+ messages in thread
From: Mimi Zohar @ 2018-01-05 14:59 UTC (permalink / raw)
To: Roberto Sassu, James Morris; +Cc: linux-security-module, linux-integrity
Hi Roberto,
On Fri, 2018-01-05 at 15:55 +0100, Roberto Sassu wrote:
> On 1/5/2018 2:43 PM, Mimi Zohar wrote:
> > Hi James,
> >
> > Mimi Zohar (2):
> > ima: relax requiring a file signature for new files with zero length
> > ima: support new "hash" and "dont_hash" policy actions
> Hi Mimi
>
> I think there is an issue in the patch above.
>
> + /* HASH just sets the digital signature flag, nothing else */
> + if ((action & IMA_HASH) && !(iint->flags & IMA_DIGSIG)) {
>
> IMA_DIGSIG now is an atomic flag.
Yes, this caused me grief, but is fixed in next-integrity branch.
Mimi
^ permalink raw reply [flat|nested] 10+ messages in thread
* [GIT PULL] linux-integrity patches for 4.16-security-next-general
2018-01-05 14:59 ` Mimi Zohar
@ 2018-01-05 15:04 ` Roberto Sassu
-1 siblings, 0 replies; 10+ messages in thread
From: Roberto Sassu @ 2018-01-05 15:04 UTC (permalink / raw)
To: linux-security-module
On 1/5/2018 3:59 PM, Mimi Zohar wrote:
> Hi Roberto,
>
> On Fri, 2018-01-05 at 15:55 +0100, Roberto Sassu wrote:
>> On 1/5/2018 2:43 PM, Mimi Zohar wrote:
>>> Hi James,
>>>
>>> Mimi Zohar (2):
>>> ima: relax requiring a file signature for new files with zero length
>>> ima: support new "hash" and "dont_hash" policy actions
>> Hi Mimi
>>
>> I think there is an issue in the patch above.
>>
>> + /* HASH just sets the digital signature flag, nothing else */
>> + if ((action & IMA_HASH) && !(iint->flags & IMA_DIGSIG)) {
>>
>> IMA_DIGSIG now is an atomic flag.
>
> Yes, this caused me grief, but is fixed in next-integrity branch.
Ok, I didn't update.
Roberto
--
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Qiuen PENG, Shengli WANG
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] linux-integrity patches for 4.16-security-next-general
@ 2018-01-05 15:04 ` Roberto Sassu
0 siblings, 0 replies; 10+ messages in thread
From: Roberto Sassu @ 2018-01-05 15:04 UTC (permalink / raw)
To: Mimi Zohar, James Morris; +Cc: linux-security-module, linux-integrity
On 1/5/2018 3:59 PM, Mimi Zohar wrote:
> Hi Roberto,
>
> On Fri, 2018-01-05 at 15:55 +0100, Roberto Sassu wrote:
>> On 1/5/2018 2:43 PM, Mimi Zohar wrote:
>>> Hi James,
>>>
>>> Mimi Zohar (2):
>>> ima: relax requiring a file signature for new files with zero length
>>> ima: support new "hash" and "dont_hash" policy actions
>> Hi Mimi
>>
>> I think there is an issue in the patch above.
>>
>> + /* HASH just sets the digital signature flag, nothing else */
>> + if ((action & IMA_HASH) && !(iint->flags & IMA_DIGSIG)) {
>>
>> IMA_DIGSIG now is an atomic flag.
>
> Yes, this caused me grief, but is fixed in next-integrity branch.
Ok, I didn't update.
Roberto
--
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Qiuen PENG, Shengli WANG
^ permalink raw reply [flat|nested] 10+ messages in thread
* [GIT PULL] linux-integrity patches for 4.16-security-next-general
2018-01-05 13:43 ` Mimi Zohar
@ 2018-01-08 0:04 ` James Morris
-1 siblings, 0 replies; 10+ messages in thread
From: James Morris @ 2018-01-08 0:04 UTC (permalink / raw)
To: linux-security-module
On Fri, 5 Jan 2018, Mimi Zohar wrote:
> The following changes since commit d21bd6898336a7892914d308d5e0868f0b863571:
>
> Sync to v4.15-rc3 for security subsystem developers to work against. (2017-12-11 17:01:08 +1100)
>
> are available in the git repository at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
>
> for you to fetch changes up to a2a2c3c8580a9158bca61221648fd6d5c98c443a:
>
> ima: Use i_version only when filesystem supports it (2017-12-18 09:43:49 -0500)
>
Thanks, merged into:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-testing
next-integrity
- James
--
James Morris
<james.l.morris@oracle.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [GIT PULL] linux-integrity patches for 4.16-security-next-general
@ 2018-01-08 0:04 ` James Morris
0 siblings, 0 replies; 10+ messages in thread
From: James Morris @ 2018-01-08 0:04 UTC (permalink / raw)
To: Mimi Zohar; +Cc: James Morris, linux-security-module, linux-integrity
On Fri, 5 Jan 2018, Mimi Zohar wrote:
> The following changes since commit d21bd6898336a7892914d308d5e0868f0b863571:
>
> Sync to v4.15-rc3 for security subsystem developers to work against. (2017-12-11 17:01:08 +1100)
>
> are available in the git repository at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
>
> for you to fetch changes up to a2a2c3c8580a9158bca61221648fd6d5c98c443a:
>
> ima: Use i_version only when filesystem supports it (2017-12-18 09:43:49 -0500)
>
Thanks, merged into:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-testing
next-integrity
- James
--
James Morris
<james.l.morris@oracle.com>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2018-01-08 0:05 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-05 13:43 [GIT PULL] linux-integrity patches for 4.16-security-next-general Mimi Zohar
2018-01-05 13:43 ` Mimi Zohar
2018-01-05 14:55 ` Roberto Sassu
2018-01-05 14:55 ` Roberto Sassu
2018-01-05 14:59 ` Mimi Zohar
2018-01-05 14:59 ` Mimi Zohar
2018-01-05 15:04 ` Roberto Sassu
2018-01-05 15:04 ` Roberto Sassu
2018-01-08 0:04 ` James Morris
2018-01-08 0:04 ` James Morris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.