From: Christian Brauner <brauner@kernel.org>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: linux-integrity@vger.kernel.org, zohar@linux.ibm.com,
serge@hallyn.com, christian.brauner@ubuntu.com,
containers@lists.linux.dev, dmitry.kasatkin@gmail.com,
ebiederm@xmission.com, krzysztof.struczynski@huawei.com,
roberto.sassu@huawei.com, mpeters@redhat.com, lhinds@redhat.com,
lsturman@redhat.com, puiterwi@redhat.com, jejb@linux.ibm.com,
jamjoom@us.ibm.com, linux-kernel@vger.kernel.org,
paul@paul-moore.com, rgb@redhat.com,
linux-security-module@vger.kernel.org, jmorris@namei.org,
Stefan Berger <stefanb@linux.ibm.com>
Subject: Re: [PATCH v8 19/19] ima: Enable IMA namespaces
Date: Fri, 14 Jan 2022 15:45:15 +0100 [thread overview]
Message-ID: <20220114144515.vbler7ae3jqebhec@wittgenstein> (raw)
In-Reply-To: <20220104170416.1923685-20-stefanb@linux.vnet.ibm.com>
On Tue, Jan 04, 2022 at 12:04:16PM -0500, Stefan Berger wrote:
> From: Stefan Berger <stefanb@linux.ibm.com>
>
> Introduce the IMA_NS in Kconfig for IMA namespace enablement.
>
> Enable the lazy initialization of an IMA namespace when a user mounts
> SecurityFS. Now a user_namespace will get a pointer to an ima_namespace
> and therefore add an implementation of get_current_ns() that returns this
> pointer.
>
> get_current_ns() may now return a NULL pointer for as long as the IMA
> namespace hasn't been created, yet. Therefore, return early from those
> functions that may now get a NULL pointer from this call. The NULL
> pointer can typically be treated similar to not having an IMA policy set
> and simply return early from a function.
>
> Implement ima_ns_from_file() for SecurityFS-related files where we can
> now get the IMA namespace via the user namespace pointer associated
> with the superblock of the SecurityFS filesystem instance. Since
> the functions using ima_ns_from_file() will only be called after an
> ima_namesapce has been allocated they will never get a NULL pointer
> for the ima_namespace.
>
> Switch access to userns->ima_ns to use acquire/release semantics to ensure
> that a newly created ima_namespace structure is fully visible upon access.
>
> Replace usage of current_user_ns() with ima_ns_from_user_ns() that
> implements a method to derive the user_namespace from the given
> ima_namespace. It leads to the same result.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> include/linux/ima.h | 9 ++++++-
> init/Kconfig | 13 ++++++++++
> kernel/user_namespace.c | 2 ++
> security/integrity/ima/ima.h | 35 ++++++++++++++++++++++-----
> security/integrity/ima/ima_fs.c | 37 ++++++++++++++++++++++-------
> security/integrity/ima/ima_main.c | 29 ++++++++++++++++------
> security/integrity/ima/ima_ns.c | 3 ++-
> security/integrity/ima/ima_policy.c | 13 +++++-----
> 8 files changed, 112 insertions(+), 29 deletions(-)
>
> diff --git a/include/linux/ima.h b/include/linux/ima.h
> index 5354e83d1694..7b9713b290ae 100644
> --- a/include/linux/ima.h
> +++ b/include/linux/ima.h
> @@ -11,6 +11,7 @@
> #include <linux/fs.h>
> #include <linux/security.h>
> #include <linux/kexec.h>
> +#include <linux/user_namespace.h>
> #include <crypto/hash_info.h>
> struct linux_binprm;
>
> @@ -71,7 +72,13 @@ static inline const char * const *arch_get_ima_policy(void)
> static inline struct user_namespace
> *ima_ns_to_user_ns(struct ima_namespace *ns)
> {
> - return current_user_ns();
> + struct user_namespace *user_ns;
> +
> + user_ns = current_user_ns();
> +#ifdef CONFIG_IMA_NS
> + WARN_ON(user_ns->ima_ns != ns);
> +#endif
> + return user_ns;
> }
>
> #else
> diff --git a/init/Kconfig b/init/Kconfig
> index 4b7bac10c72d..e27155e0ddba 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -1247,6 +1247,19 @@ config NET_NS
> Allow user space to create what appear to be multiple instances
> of the network stack.
>
> +config IMA_NS
> + bool "IMA namespace"
> + depends on USER_NS
> + depends on IMA
> + default n
> + help
> + Allow the creation of an IMA namespace for each user namespace.
> + Namespaced IMA enables having IMA features work separately
> + in each IMA namespace.
> + Currently, only the audit status flags are stored in the namespace,
> + which allows the same file to be audited each time it is accessed
> + in a new namespace.
> +
> endif # NAMESPACES
>
> config CHECKPOINT_RESTORE
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index 6b2e3ca7ee99..653f8fa83b69 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -20,6 +20,7 @@
> #include <linux/fs_struct.h>
> #include <linux/bsearch.h>
> #include <linux/sort.h>
> +#include <linux/ima.h>
>
> static struct kmem_cache *user_ns_cachep __read_mostly;
> static DEFINE_MUTEX(userns_state_mutex);
> @@ -196,6 +197,7 @@ static void free_user_ns(struct work_struct *work)
> kfree(ns->projid_map.forward);
> kfree(ns->projid_map.reverse);
> }
> + free_ima_ns(ns);
> retire_userns_sysctls(ns);
> key_free_user_ns(ns);
> ns_free_inum(&ns->ns);
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index 344c8c4bd030..d993655ec796 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -509,21 +509,20 @@ struct user_namespace *ima_user_ns_from_file(const struct file *filp)
> return file_inode(filp)->i_sb->s_user_ns;
> }
>
> +#ifdef CONFIG_IMA_NS
> +
> static inline struct ima_namespace
> *ima_ns_from_user_ns(struct user_namespace *user_ns)
> {
> - if (user_ns == &init_user_ns)
> - return &init_ima_ns;
> - return NULL;
> + /* Pairs with smp_store_releases() in create_ima_ns(). */
> + return smp_load_acquire(&user_ns->ima_ns);
> }
>
> static inline struct ima_namespace *get_current_ns(void)
> {
> - return &init_ima_ns;
> + return ima_ns_from_user_ns(current_user_ns());
> }
>
> -#ifdef CONFIG_IMA_NS
> -
> struct ima_namespace *create_ima_ns(struct user_namespace *user_ns);
>
> struct ns_status *ima_get_ns_status(struct ima_namespace *ns,
> @@ -532,6 +531,11 @@ struct ns_status *ima_get_ns_status(struct ima_namespace *ns,
>
> void ima_free_ns_status_tree(struct ima_namespace *ns);
>
> +static inline struct ima_namespace *ima_ns_from_file(const struct file *filp)
> +{
> + return ima_user_ns_from_file(filp)->ima_ns;
> +}
> +
> #define IMA_NS_STATUS_ACTIONS IMA_AUDIT
> #define IMA_NS_STATUS_FLAGS IMA_AUDITED
>
> @@ -542,6 +546,20 @@ unsigned long set_iint_flags(struct integrity_iint_cache *iint,
>
> #else
>
> +static inline struct ima_namespace
> +*ima_ns_from_user_ns(struct user_namespace *user_ns)
> +{
> + if (user_ns == &init_user_ns)
> + return &init_ima_ns;
> + return NULL;
> +}
> +
> +
> +static inline struct ima_namespace *get_current_ns(void)
> +{
> + return &init_ima_ns;
> +}
> +
> static inline struct ima_namespace *
> create_ima_ns(struct user_namespace *user_ns)
> {
> @@ -572,6 +590,11 @@ static inline unsigned long set_iint_flags(struct integrity_iint_cache *iint,
> return flags;
> }
>
> +static inline struct ima_namespace *ima_ns_from_file(const struct file *filp)
> +{
> + return &init_ima_ns;
> +}
> +
> #endif /* CONFIG_IMA_NS */
>
> #endif /* __LINUX_IMA_H */
> diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
> index 468508f6a7e8..ee3af81d1c3e 100644
> --- a/security/integrity/ima/ima_fs.c
> +++ b/security/integrity/ima/ima_fs.c
> @@ -49,7 +49,7 @@ static ssize_t ima_show_htable_violations(struct file *filp,
> char __user *buf,
> size_t count, loff_t *ppos)
> {
> - struct ima_namespace *ns = &init_ima_ns;
> + struct ima_namespace *ns = ima_ns_from_file(filp);
>
> return ima_show_htable_value(buf, count, ppos,
> &ns->ima_htable.violations);
> @@ -64,7 +64,7 @@ static ssize_t ima_show_measurements_count(struct file *filp,
> char __user *buf,
> size_t count, loff_t *ppos)
> {
> - struct ima_namespace *ns = &init_ima_ns;
> + struct ima_namespace *ns = ima_ns_from_file(filp);
>
> return ima_show_htable_value(buf, count, ppos, &ns->ima_htable.len);
> }
> @@ -77,7 +77,7 @@ static const struct file_operations ima_measurements_count_ops = {
> /* returns pointer to hlist_node */
> static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
> {
> - struct ima_namespace *ns = &init_ima_ns;
> + struct ima_namespace *ns = ima_ns_from_file(m->file);
> loff_t l = *pos;
> struct ima_queue_entry *qe;
>
> @@ -95,7 +95,7 @@ static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
>
> static void *ima_measurements_next(struct seq_file *m, void *v, loff_t *pos)
> {
> - struct ima_namespace *ns = &init_ima_ns;
> + struct ima_namespace *ns = ima_ns_from_file(m->file);
> struct ima_queue_entry *qe = v;
>
> /* lock protects when reading beyond last element
> @@ -317,7 +317,7 @@ static ssize_t ima_read_policy(struct ima_namespace *ns, char *path)
> static ssize_t ima_write_policy(struct file *file, const char __user *buf,
> size_t datalen, loff_t *ppos)
> {
> - struct ima_namespace *ns = &init_ima_ns;
> + struct ima_namespace *ns = ima_ns_from_file(file);
> char *data;
> ssize_t result;
>
> @@ -379,7 +379,7 @@ static const struct seq_operations ima_policy_seqops = {
> static int ima_open_policy(struct inode *inode, struct file *filp)
> {
> struct user_namespace *user_ns = ima_user_ns_from_file(filp);
> - struct ima_namespace *ns = &init_ima_ns;
> + struct ima_namespace *ns = ima_ns_from_file(filp);
>
> if (!(filp->f_flags & O_WRONLY)) {
> #ifndef CONFIG_IMA_READ_POLICY
> @@ -406,7 +406,7 @@ static int ima_open_policy(struct inode *inode, struct file *filp)
> */
> static int ima_release_policy(struct inode *inode, struct file *file)
> {
> - struct ima_namespace *ns = &init_ima_ns;
> + struct ima_namespace *ns = ima_ns_from_file(file);
> const char *cause = ns->valid_policy ? "completed" : "failed";
>
> if ((file->f_flags & O_ACCMODE) == O_RDONLY)
> @@ -459,12 +459,29 @@ int ima_fs_ns_init(struct user_namespace *user_ns, struct dentry *root)
> struct dentry *ascii_runtime_measurements = NULL;
> struct dentry *runtime_measurements_count = NULL;
> struct dentry *violations = NULL;
> + bool created_ns = false;
> +
> + /*
> + * While multiple superblocks can exist they are keyed by userns in
> + * s_fs_info for securityfs. The first time a userns mounts a
> + * securityfs instance we lazily allocate the ima_namespace for the
> + * userns since that's the only way a userns can meaningfully use ima.
> + * The vfs ensures we're the only one to call fill_super() and hence
> + * ima_fs_ns_init(), so we don't need any memory barriers here, i.e.
> + * user_ns->ima_ns can't change while we're in here.
> + */
> + if (!ns) {
> + ns = create_ima_ns(user_ns);
> + if (IS_ERR(ns))
> + return PTR_ERR(ns);
> + created_ns = true;
> + }
>
> /* FIXME: update when evm and integrity are namespaced */
> if (user_ns != &init_user_ns) {
> int_dir = securityfs_create_dir("integrity", root);
> if (IS_ERR(int_dir))
> - return PTR_ERR(int_dir);
> + goto free_ns;
> } else
> int_dir = integrity_dir;
>
> @@ -526,6 +543,10 @@ int ima_fs_ns_init(struct user_namespace *user_ns, struct dentry *root)
> if (user_ns != &init_user_ns)
> securityfs_remove(int_dir);
>
> +free_ns:
> + if (created_ns)
> + free_ima_ns(user_ns);
> +
> return -1;
> }
>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index bc3ab08f39c6..fc878577cdd7 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -483,7 +483,7 @@ int ima_file_mmap(struct file *file, unsigned long prot)
> struct ima_namespace *ns = get_current_ns();
> u32 secid;
>
> - if (file && (prot & PROT_EXEC)) {
> + if (ns && file && (prot & PROT_EXEC)) {
> security_task_getsecid_subj(current, &secid);
> return process_measurement(ns, file, current_cred(), secid,
> NULL, 0, MAY_EXEC, MMAP_CHECK);
> @@ -519,7 +519,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
> int pcr;
>
> /* Is mprotect making an mmap'ed file executable? */
> - if (!(ns->ima_policy_flag & IMA_APPRAISE) || !vma->vm_file ||
> + if (!ns || !(ns->ima_policy_flag & IMA_APPRAISE) || !vma->vm_file ||
> !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC))
> return 0;
>
> @@ -565,6 +565,9 @@ int ima_bprm_check(struct linux_binprm *bprm)
> int ret;
> u32 secid;
>
> + if (!ns)
> + return 0;
> +
> security_task_getsecid_subj(current, &secid);
> ret = process_measurement(ns, bprm->file, current_cred(), secid, NULL,
> 0, MAY_EXEC, BPRM_CHECK);
> @@ -591,6 +594,9 @@ int ima_file_check(struct file *file, int mask)
> struct ima_namespace *ns = get_current_ns();
> u32 secid;
>
> + if (!ns)
> + return 0;
> +
> security_task_getsecid_subj(current, &secid);
> return process_measurement(ns, file, current_cred(), secid, NULL, 0,
> mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
> @@ -656,7 +662,7 @@ int ima_file_hash(struct file *file, char *buf, size_t buf_size)
> {
> struct ima_namespace *ns = get_current_ns();
>
> - if (!file)
> + if (!ns || !file)
> return -EINVAL;
>
> return __ima_inode_hash(ns, file_inode(file), buf, buf_size);
> @@ -685,7 +691,7 @@ int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size)
> {
> struct ima_namespace *ns = get_current_ns();
>
> - if (!inode)
> + if (!ns || !inode)
> return -EINVAL;
>
> return __ima_inode_hash(ns, inode, buf, buf_size);
> @@ -708,7 +714,7 @@ void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
> struct integrity_iint_cache *iint;
> int must_appraise;
>
> - if (!ns->ima_policy_flag || !S_ISREG(inode->i_mode))
> + if (!ns || !ns->ima_policy_flag || !S_ISREG(inode->i_mode))
> return;
>
> must_appraise = ima_must_appraise(ns, mnt_userns, inode, MAY_ACCESS,
> @@ -742,7 +748,7 @@ void ima_post_path_mknod(struct user_namespace *mnt_userns,
> struct inode *inode = dentry->d_inode;
> int must_appraise;
>
> - if (!ns->ima_policy_flag || !S_ISREG(inode->i_mode))
> + if (!ns || !ns->ima_policy_flag || !S_ISREG(inode->i_mode))
> return;
>
> must_appraise = ima_must_appraise(ns, mnt_userns, inode, MAY_ACCESS,
> @@ -778,6 +784,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
> enum ima_hooks func;
> u32 secid;
>
> + if (!ns)
> + return 0;
> +
> /*
> * Do devices using pre-allocated memory run the risk of the
> * firmware being accessible to the device prior to the completion
> @@ -829,6 +838,9 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
> enum ima_hooks func;
> u32 secid;
>
> + if (!ns)
> + return 0;
> +
> /* permit signed certs */
> if (!file && read_id == READING_X509_CERTIFICATE)
> return 0;
> @@ -1071,7 +1083,7 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
> struct ima_namespace *ns = get_current_ns();
> struct fd f;
>
> - if (!buf || !size)
> + if (!ns || !buf || !size)
> return;
>
> f = fdget(kernel_fd);
> @@ -1111,6 +1123,9 @@ int ima_measure_critical_data(const char *event_label,
> {
> struct ima_namespace *ns = get_current_ns();
>
> + if (!ns)
> + return -EINVAL;
> +
> if (!event_name || !event_label || !buf || !buf_len)
> return -ENOPARAM;
>
> diff --git a/security/integrity/ima/ima_ns.c b/security/integrity/ima/ima_ns.c
> index 205dd06ac41e..9a5105d0ea89 100644
> --- a/security/integrity/ima/ima_ns.c
> +++ b/security/integrity/ima/ima_ns.c
> @@ -26,7 +26,8 @@ struct ima_namespace *create_ima_ns(struct user_namespace *user_ns)
> if (err)
> goto fail_free;
>
> - user_ns->ima_ns = ns;
> + /* Pairs with smp_load_acquire() in ima_ns_from_user_ns(). */
> + smp_store_release(&user_ns->ima_ns, ns);
>
> return ns;
>
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index b7dbc687b6ff..5a9b511ebbae 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -1333,6 +1333,7 @@ static unsigned int ima_parse_appraise_algos(char *arg)
> static int ima_parse_rule(struct ima_namespace *ns,
> char *rule, struct ima_rule_entry *entry)
> {
> + struct user_namespace *user_ns = ima_ns_to_user_ns(ns);
So I think ima_policy_write() and therefore ima_parse_rule() can
legitimately be reached at least from an ancestor userns but also from a
completely unrelated userns via securityfs. Sorry, I didn't see this
earlier. Think of the following two scenarios:
* userns1: unshare -U --map-root --mount
-----------------------------------------
mount -t securityfs securityfs /userns1_securityfs
fd_in_userns1 = open("/userns1_securityfs/ima_file, O_RDWR);
/* I _think_ that sending of fds here should work but I haven't
* bothered to recheck the scm code as I need to do some driving in a
* little bit so I'm running out of time...
*/
send_fd_scm_rights(fd_in_userns1, task_in_userns2);
* userns2: unshare -U --map-root --mount
-----------------------------------------
fd_from_userns1 = receive_fd_scm_rights();
write_policy(fd_from_userns1, "my fancy policy");
It also means that if you inherit an fd from a more privileged imans
instance you can write to it:
* initial_userns:
------------------
mount -t securityfs securityfs /initial_securityfs
fd_in_initial_securityfs = open("/initial_securityfs/ima_file, O_RDWR);
pid = fork():
if (pid == 0) {
unshare(CLONE_NEWUSER);
/* write idmapping for yourself */
write_policy(fd_in_initial_securityfs, "my fancy policy");
}
would allow an unprivileged caller to alter the host's ima policy (as
you can see the example requires cooperation).
In both cases the write can legitimately reach ima_policy_write() and
trigger ima_parse_rule() from another user namespace.
There are multiple ways to go here, I think.
It's important to figure out whether - coming back to an earlier review
of mine - you're ok with everyone with access to an opened policy fd
being able to write an ima policy for the namespace in questions as long
as _the opener of the policy file_ was privileged enough.
If that's the case then you can just remove the WARN_ON()/add a
non-WARN_ON() helper in there.
From my ima-naive perspective this seems fine and preferable as this
means clean permission checking once at open time.
A good question to answer in order to solve this is whether or not a
given operation is allowed is dependent on what is written, i.e. on the
content of the rule, I guess. I don't think there is.
next prev parent reply other threads:[~2022-01-14 14:45 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-04 17:03 [PATCH v8 00/19] ima: Namespace IMA with audit support in IMA-ns Stefan Berger
2022-01-04 17:03 ` [PATCH v8 01/19] securityfs: Extend securityfs with namespacing support Stefan Berger
2022-01-05 3:58 ` Al Viro
2022-01-05 10:18 ` Christian Brauner
2022-01-11 12:16 ` Mimi Zohar
2022-01-11 14:12 ` Christian Brauner
2022-01-04 17:03 ` [PATCH v8 02/19] ima: Define ima_namespace structure and implement basic functions Stefan Berger
2022-01-04 17:04 ` [PATCH v8 03/19] ima: Move policy related variables into ima_namespace Stefan Berger
2022-01-13 20:26 ` Mimi Zohar
2022-01-14 10:48 ` Christian Brauner
2022-01-19 13:32 ` Stefan Berger
2022-01-04 17:04 ` [PATCH v8 04/19] ima: Move ima_htable " Stefan Berger
2022-01-04 17:04 ` [PATCH v8 05/19] ima: Move measurement list related variables " Stefan Berger
2022-01-13 20:27 ` Mimi Zohar
2022-01-19 12:23 ` Stefan Berger
2022-01-04 17:04 ` [PATCH v8 06/19] ima: Move some IMA policy and filesystem " Stefan Berger
2022-01-04 17:04 ` [PATCH v8 07/19] ima: Move dentry into ima_namespace and others onto stack Stefan Berger
2022-01-13 20:28 ` Mimi Zohar
2022-01-18 20:12 ` Stefan Berger
2022-01-18 20:42 ` Mimi Zohar
2022-01-18 20:54 ` Stefan Berger
2022-01-04 17:04 ` [PATCH v8 08/19] ima: Use mac_admin_ns_capable() to check corresponding capability Stefan Berger
2022-01-05 20:55 ` kernel test robot
2022-01-05 20:55 ` kernel test robot
2022-01-13 20:28 ` Mimi Zohar
2022-01-04 17:04 ` [PATCH v8 09/19] ima: Only accept AUDIT rules for non-init_ima_ns namespaces for now Stefan Berger
2022-01-04 17:04 ` [PATCH v8 10/19] ima: Implement hierarchical processing of file accesses Stefan Berger
2022-01-14 11:21 ` Christian Brauner
2022-01-18 18:25 ` Stefan Berger
2022-01-04 17:04 ` [PATCH v8 11/19] ima: Implement ima_free_policy_rules() for freeing of an ima_namespace Stefan Berger
2022-01-04 17:04 ` [PATCH v8 12/19] userns: Add pointer to ima_namespace to user_namespace Stefan Berger
2022-01-04 17:04 ` [PATCH v8 13/19] ima: Add functions for creation and freeing of an ima_namespace Stefan Berger
2022-01-14 11:43 ` Christian Brauner
2022-01-04 17:04 ` [PATCH v8 14/19] integrity/ima: Define ns_status for storing namespaced iint data Stefan Berger
2022-01-04 17:04 ` [PATCH v8 15/19] ima: Namespace audit status flags Stefan Berger
2022-01-04 17:04 ` [PATCH v8 16/19] ima: Enable re-auditing of modified files Stefan Berger
2022-01-05 15:21 ` Stefan Berger
2022-01-04 17:04 ` [PATCH v8 17/19] ima: Setup securityfs for IMA namespace Stefan Berger
2022-01-04 17:04 ` [PATCH v8 18/19] ima: Show owning user namespace's uid and gid when displaying policy Stefan Berger
2022-01-14 13:45 ` Christian Brauner
2022-01-18 16:31 ` Stefan Berger
2022-01-19 9:23 ` Christian Brauner
2022-01-04 17:04 ` [PATCH v8 19/19] ima: Enable IMA namespaces Stefan Berger
2022-01-14 12:05 ` Christian Brauner
2022-01-18 17:53 ` Stefan Berger
2022-01-14 14:45 ` Christian Brauner [this message]
2022-01-18 18:09 ` Stefan Berger
2022-01-19 9:46 ` Christian Brauner
2022-01-19 12:45 ` Stefan Berger
2022-01-19 13:03 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220114144515.vbler7ae3jqebhec@wittgenstein \
--to=brauner@kernel.org \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux.dev \
--cc=dmitry.kasatkin@gmail.com \
--cc=ebiederm@xmission.com \
--cc=jamjoom@us.ibm.com \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=krzysztof.struczynski@huawei.com \
--cc=lhinds@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lsturman@redhat.com \
--cc=mpeters@redhat.com \
--cc=paul@paul-moore.com \
--cc=puiterwi@redhat.com \
--cc=rgb@redhat.com \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=stefanb@linux.ibm.com \
--cc=stefanb@linux.vnet.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.