From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aib29ajc250.phx1.oracleemaildelivery.com (aib29ajc250.phx1.oracleemaildelivery.com [192.29.103.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2D482C761AF for ; Mon, 27 Mar 2023 07:36:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oss-phx-1109; d=oss.oracle.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=MIUNOQnblSR9I2CHRbJi2fHJ+Bp5aQKERTx7j9uCEqo=; b=qjvECULWcb0F+IY6U/fGncL8vCW3AEzNu83U5YmPSRAWvZVxwWYgBDEgIQbF3RusY4K/ISkp9bve NVmN589CFtfKQNNhrYcvYrayHvFfqqv4zvsO1z23Kob1Q+7VMjBOHXggWYtYqv0yTrGDzZ4tanv4 vcHKiSZ0UZ94tTIC7bDhjJVAP6uhXkceGj9psuu4u2RJnpbinm+yRD+NgsmbwuWSOoxu7Le30rEq Y8P/idh4UflMuaqGTLy62QeGqwrd4Z3WHVkQx7miKDV8LnJ5Pv5h//HLKkDLr/Anii77zSsDshdR sVPUHNW82YkYLMW5f8qY9NoqF3dr8VMqtTqncQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-phx-20191217; d=phx1.rp.oracleemaildelivery.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=MIUNOQnblSR9I2CHRbJi2fHJ+Bp5aQKERTx7j9uCEqo=; b=TSw+Wikrbk2u/3hCpWXUvVQ+2eYa3EnofvF/i3kBQrr+CpIVtv0ZIpDpH7tLh9ywxotDr7GdFwSD TqGBrwtP3e/VVHNqKun9hpF8KHIOZuLU62GnYY88BjM4xUSya1I/w1+oSoobnH06QPsty8QQZ+4Q jpxSALP/uGiB+bjgGkyEWDN0pZXCZHC8Ux46upUJF0SjfSMeSpI0rABmN9llYdLQ7uiB3vh0vfc3 wGLOBMXMfONFat1LZDqytqc9QeeAYp1032wfOhycQxfGBmlxXqmKFUvlkVzr33s5e4dRaIIyiLOv LogCTOAB0Z4TxUjUXJpnULorKGwvGKtgHEQCLw== Received: by omta-ad2-fd3-201-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com (Oracle Communications Messaging Server 8.1.0.1.20230317 64bit (built Mar 17 2023)) with ESMTPS id <0RS600LEW552VI30@omta-ad2-fd3-201-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com> for ocfs2-devel@archiver.kernel.org; Mon, 27 Mar 2023 07:36:38 +0000 (GMT) Message-id: <59def311993b839bb4fa623daa973a3bebb52359.camel@huaweicloud.com> To: Paul Moore Date: Mon, 27 Mar 2023 09:35:47 +0200 In-reply-to: References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> <20230314081720.4158676-5-roberto.sassu@huaweicloud.com> <939e6c88662ad90b963993c4cc1b702083e74a7a.camel@huaweicloud.com> User-Agent: Evolution 3.36.5-0ubuntu1 MIME-version: 1.0 X-Source-IP: 14.137.139.23 X-Proofpoint-Virus-Version: vendor=nai engine=6500 definitions=10661 signatures=596816 X-Proofpoint-Spam-Details: rule=tap_notspam policy=tap score=0 suspectscore=0 clxscore=36 malwarescore=0 mlxscore=0 mlxlogscore=715 adultscore=0 spamscore=0 impostorscore=0 bulkscore=0 lowpriorityscore=0 phishscore=0 priorityscore=120 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2303270061 Cc: nicolas.bouchinet@clip-os.org, linux-kernel@vger.kernel.org, keescook@chromium.org, selinux@vger.kernel.org, dmitry.kasatkin@gmail.com, Roberto Sassu , jmorris@namei.org, zohar@linux.ibm.com, reiserfs-devel@vger.kernel.org, linux-security-module@vger.kernel.org, casey@schaufler-ca.com, eparis@parisplace.org, linux-integrity@vger.kernel.org, stephen.smalley.work@gmail.com, ocfs2-devel@oss.oracle.com, serge@hallyn.com Subject: Re: [Ocfs2-devel] [PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Roberto Sassu via Ocfs2-devel Reply-to: Roberto Sassu Content-type: text/plain; charset="utf-8" Content-transfer-encoding: base64 Errors-to: ocfs2-devel-bounces@oss.oracle.com X-CM-TRANSID: LxC2BwAHjQhWRyFku1LSAQ--.62049S2 X-Coremail-Antispam: 1UD129KBjvJXoW3GFyrKF13Kw1kur1Utr4UXFb_yoWDJF4kpF WUt3Wj9r4kJFy7GrySqa18u3WS9rWfKrW7WrnxGry7AFyqyr1xtFyFyr15uFykZr4kGF1q qr42yrsxu3s8AaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUk0b4IE77IF4wAFF20E14v26ryj6rWUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Jr0_JF4l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv67AKxVWUJVW8JwA2z4x0Y4vEx4A2jsIEc7CjxV AFwI0_Gr0_Gr1UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40E x7xfMcIj6xIIjxv20xvE14v26r106r15McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x 0Yz7v_Jr0_Gr1lF7xvr2IY64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2Ij 64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x 8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMIIF0xvE 2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42 xK8VAvwI8IcIk0rVWrJr0_WFyUJwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv 6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjxUo0eHDUUUU X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgAJBF1jj4cvOgABst X-CFilter-Loop: Reflected X-ServerName: frasgout11.his.huawei.com X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 ip4:45.249.212.51 ip4:45.249.212.56 ip4:185.176.79.53 ip4:14.137.139.23 ip4:14.137.139.154 ip4:14.137.139.46 ip4:124.71.93.99 ip4:124.71.93.112 ip4:124.71.94.104 include:spf.saas.huaweicloud.com -all X-Spam: Clean X-Proofpoint-GUID: fXJTEryArC3CWFPqHfqtD2iZd8yYxHqW X-Proofpoint-ORIG-GUID: fXJTEryArC3CWFPqHfqtD2iZd8yYxHqW Reporting-Meta: AAElpN4iYxbDBF3ER8MCqDXwxnWn78vPq/hWbYDnpSDTkSBePA9HgsaZiDexpCbV ZwgJCLBUSecJ/IklTSK3wYwpr0AsegXJYxHcyLU3i4iUz+W2ddsYjOJvGYD7Rt5x kBeWqzQ/HqJU/6J71rpSx6ebaAr3/JpBDePvTX6S4cOpQJu6SiSGaoVBJJQyzYlf dxc3AmZ/SFiCTghCRdK7aPpqQD3/c8rvAk8oKiW7PAgKFS9pliYPYs9d4WDq3kQO +5lfZbzeqpHePiLD7u2uGCfJjman/3ynlnwso8GjeH53ieyv91p4lDs/anZl5jGV ppNnXzTmSPkirGeePw4Yu3BaafONbAt7vPaSHZgyfFOkXqDNjbzx0D0RGvD8d4PY /U59B9H9Rfh4Db2UOSP5zAY/lgpIImifiR8bnpypWeiASgEJGLbsUvB/jY9LnhvP QQDIUqiwZruqT3hErdKlTMmCBqYOUz1i/HPiBVLlf9vXw19upwS8xteCjQ+iuPv7 GoG9zTyh8kCYWfJfjdUzivV6OTvUgUQ+SXCTwc+G3poREA== T24gRnJpLCAyMDIzLTAzLTI0IGF0IDE3OjE5IC0wNDAwLCBQYXVsIE1vb3JlIHdyb3RlOgo+IE9u IEZyaSwgTWFyIDI0LCAyMDIzIGF0IDY6MTjigK9BTSBSb2JlcnRvIFNhc3N1Cj4gPHJvYmVydG8u c2Fzc3VAaHVhd2VpY2xvdWQuY29tPiB3cm90ZToKPiA+IE9uIFRodSwgMjAyMy0wMy0yMyBhdCAy MDowOSAtMDQwMCwgUGF1bCBNb29yZSB3cm90ZToKPiA+ID4gT24gVHVlLCBNYXIgMTQsIDIwMjMg YXQgNDoxOeKAr0FNIFJvYmVydG8gU2Fzc3UKPiA+ID4gPHJvYmVydG8uc2Fzc3VAaHVhd2VpY2xv dWQuY29tPiB3cm90ZToKPiA+ID4gPiBGcm9tOiBSb2JlcnRvIFNhc3N1IDxyb2JlcnRvLnNhc3N1 QGh1YXdlaS5jb20+Cj4gPiA+ID4gCj4gPiA+ID4gQ3VycmVudGx5LCBzZWN1cml0eV9pbm9kZV9p bml0X3NlY3VyaXR5KCkgc3VwcG9ydHMgb25seSBvbmUgTFNNIHByb3ZpZGluZwo+ID4gPiA+IGFu IHhhdHRyIGFuZCBFVk0gY2FsY3VsYXRpbmcgdGhlIEhNQUMgb24gdGhhdCB4YXR0ciwgcGx1cyBv dGhlciBpbm9kZQo+ID4gPiA+IG1ldGFkYXRhLgo+ID4gPiA+IAo+ID4gPiA+IEFsbG93IGFsbCBM U01zIHRvIHByb3ZpZGUgb25lIG9yIG11bHRpcGxlIHhhdHRycywgYnkgZXh0ZW5kaW5nIHRoZSBz ZWN1cml0eQo+ID4gPiA+IGJsb2IgcmVzZXJ2YXRpb24gbWVjaGFuaXNtLiBJbnRyb2R1Y2UgdGhl IG5ldyBsYnNfeGF0dHIgZmllbGQgb2YgdGhlCj4gPiA+ID4gbHNtX2Jsb2Jfc2l6ZXMgc3RydWN0 dXJlLCBzbyB0aGF0IGVhY2ggTFNNIGNhbiBzcGVjaWZ5IGhvdyBtYW55IHhhdHRycyBpdAo+ID4g PiA+IG5lZWRzLCBhbmQgdGhlIExTTSBpbmZyYXN0cnVjdHVyZSBrbm93cyBob3cgbWFueSB4YXR0 ciBzbG90cyBpdCBzaG91bGQKPiA+ID4gPiBhbGxvY2F0ZS4KPiA+ID4gPiAKPiA+ID4gPiBEeW5h bWljYWxseSBhbGxvY2F0ZSB0aGUgeGF0dHJzIGFycmF5IHRvIGJlIHBvcHVsYXRlZCBieSBMU01z IHdpdGggdGhlCj4gPiA+ID4gaW5vZGVfaW5pdF9zZWN1cml0eSBob29rLCBhbmQgcGFzcyBpdCB0 byB0aGUgbGF0dGVyIGluc3RlYWQgb2YgdGhlCj4gPiA+ID4gbmFtZS92YWx1ZS9sZW4gdHJpcGxl LiBVcGRhdGUgdGhlIGRvY3VtZW50YXRpb24gYWNjb3JkaW5nbHksIGFuZCBmaXggdGhlCj4gPiA+ ID4gZGVzY3JpcHRpb24gb2YgdGhlIHhhdHRyIG5hbWUsIGFzIGl0IGlzIG5vdCBhbGxvY2F0ZWQg YW55bW9yZS4KPiA+ID4gPiAKPiA+ID4gPiBTaW5jZSB0aGUgTFNNIGluZnJhc3RydWN0dXJlLCBh dCBpbml0aWFsaXphdGlvbiB0aW1lLCB1cGRhdGVzIHRoZSBudW1iZXIgb2YKPiA+ID4gPiB0aGUg cmVxdWVzdGVkIHhhdHRycyBwcm92aWRlZCBieSBlYWNoIExTTSB3aXRoIGEgY29ycmVzcG9uZGlu ZyBvZmZzZXQgaW4KPiA+ID4gPiB0aGUgc2VjdXJpdHkgYmxvYiAoaW4gdGhpcyBjYXNlIHRoZSB4 YXR0ciBhcnJheSksIGl0IG1ha2VzIHN0cmFpZ2h0Zm9yd2FyZAo+ID4gPiA+IGZvciBhbiBMU00g dG8gYWNjZXNzIHRoZSByaWdodCBwb3NpdGlvbiBpbiB0aGUgeGF0dHIgYXJyYXkuCj4gPiA+ID4g Cj4gPiA+ID4gVGhlcmUgaXMgc3RpbGwgdGhlIGlzc3VlIHRoYXQgYW4gTFNNIG1pZ2h0IG5vdCBm aWxsIHRoZSB4YXR0ciwgZXZlbiBpZiBpdAo+ID4gPiA+IHJlcXVlc3RzIGl0IChsZWdpdGltYXRl IGNhc2UsIGZvciBleGFtcGxlIGl0IG1pZ2h0IGhhdmUgYmVlbiBsb2FkZWQgYnV0IG5vdAo+ID4g PiA+IGluaXRpYWxpemVkIHdpdGggYSBwb2xpY3kpLiBTaW5jZSB1c2VycyBvZiB0aGUgeGF0dHIg YXJyYXkgKGUuZy4gdGhlCj4gPiA+ID4gaW5pdHhhdHRycygpIGNhbGxiYWNrcykgZGV0ZWN0IHRo ZSBlbmQgb2YgdGhlIHhhdHRyIGFycmF5IGJ5IGNoZWNraW5nIGlmCj4gPiA+ID4gdGhlIHhhdHRy IG5hbWUgaXMgTlVMTCwgbm90IGZpbGxpbmcgYW4geGF0dHIgd291bGQgY2F1c2UgdGhvc2UgdXNl cnMgdG8KPiA+ID4gPiBzdG9wIHNjYW5uaW5nIHhhdHRycyBwcmVtYXR1cmVseS4KPiA+ID4gPiAK PiA+ID4gPiBTb2x2ZSB0aGF0IGlzc3VlIGJ5IGludHJvZHVjaW5nIHNlY3VyaXR5X2NoZWNrX2Nv bXBhY3RfZmlsbGVkX3hhdHRycygpLAo+ID4gPiA+IHdoaWNoIGRvZXMgYSBiYXNpYyBjaGVjayBv ZiB0aGUgeGF0dHIgYXJyYXkgKGlmIHRoZSB4YXR0ciBuYW1lIGlzIGZpbGxlZCwKPiA+ID4gPiB0 aGUgeGF0dHIgdmFsdWUgc2hvdWxkIGJlIHRvbywgYW5kIHZpY2V2ZXJzYSksIGFuZCBjb21wYWN0 cyB0aGUgeGF0dHIgYXJyYXkKPiA+ID4gPiBieSByZW1vdmluZyB0aGUgaG9sZXMuCj4gPiA+ID4g Cj4gPiA+ID4gQW4gYWx0ZXJuYXRpdmUgc29sdXRpb24gd291bGQgYmUgdG8gbGV0IHVzZXJzIG9m IHRoZSB4YXR0ciBhcnJheSBrbm93IHRoZQo+ID4gPiA+IG51bWJlciBvZiBlbGVtZW50cyBvZiB0 aGF0IGFycmF5LCBzbyB0aGF0IHRoZXkgZG9uJ3QgaGF2ZSB0byBjaGVjayB0aGUKPiA+ID4gPiB0 ZXJtaW5hdGlvbi4gSG93ZXZlciwgdGhpcyBzZWVtcyBtb3JlIGludmFzaXZlLCBjb21wYXJlZCB0 byBhIHNpbXBsZSBtb3ZlCj4gPiA+ID4gb2YgZmV3IGFycmF5IGVsZW1lbnRzLgo+ID4gPiA+IAo+ ID4gPiA+IHNlY3VyaXR5X2NoZWNrX2NvbXBhY3RfZmlsbGVkX3hhdHRycygpIGFsc28gZGV0ZXJt aW5lcyBob3cgbWFueSB4YXR0cnMgaW4KPiA+ID4gPiB0aGUgeGF0dHIgYXJyYXkgaGF2ZSBiZWVu IGZpbGxlZC4gSWYgdGhlcmUgaXMgbm9uZSwgc2tpcAo+ID4gPiA+IGV2bV9pbm9kZV9pbml0X3Nl Y3VyaXR5KCkgYW5kIGluaXR4YXR0cnMoKS4gU2tpcHBpbmcgdGhlIGZvcm1lciBhbHNvIGF2b2lk cwo+ID4gPiA+IEVWTSB0byBjcmFzaCB0aGUga2VybmVsLCBhcyBpdCBpcyBleHBlY3RpbmcgYSBm aWxsZWQgeGF0dHIuCj4gPiA+ID4gCj4gPiA+ID4gRmluYWxseSwgYWRhcHQgYm90aCBTRUxpbnV4 IGFuZCBTbWFjayB0byB1c2UgdGhlIG5ldyBkZWZpbml0aW9uIG9mIHRoZQo+ID4gPiA+IGlub2Rl X2luaXRfc2VjdXJpdHkgaG9vaywgYW5kIHRvIGNvcnJlY3RseSBmaWxsIHRoZSBkZXNpZ25hdGVk IHNsb3RzIGluIHRoZQo+ID4gPiA+IHhhdHRyIGFycmF5LiBGb3IgU21hY2ssIHJlc2VydmUgc3Bh Y2UgZm9yIHRoZSBvdGhlciBkZWZpbmVkIHhhdHRycyBhbHRob3VnaAo+ID4gPiA+IHRoZXkgYXJl IG5vdCBzZXQgeWV0IGluIHNtYWNrX2lub2RlX2luaXRfc2VjdXJpdHkoKS4KPiA+ID4gPiAKPiA+ ID4gPiBSZXBvcnRlZC1ieTogTmljb2xhcyBCb3VjaGluZXQgPG5pY29sYXMuYm91Y2hpbmV0QGNs aXAtb3Mub3JnPiAoRVZNIGNyYXNoKQo+ID4gPiA+IExpbms6IGh0dHBzOi8vbG9yZS5rZXJuZWwu b3JnL2xpbnV4LWludGVncml0eS9ZMUZUU0lvKzF4KzRYMExTQGFyY2hsaW51eC8KPiA+ID4gPiBT aWduZWQtb2ZmLWJ5OiBSb2JlcnRvIFNhc3N1IDxyb2JlcnRvLnNhc3N1QGh1YXdlaS5jb20+Cj4g PiA+ID4gUmV2aWV3ZWQtYnk6IENhc2V5IFNjaGF1ZmxlciA8Y2FzZXlAc2NoYXVmbGVyLWNhLmNv bT4KPiA+ID4gPiBSZXZpZXdlZC1ieTogTWltaSBab2hhciA8em9oYXJAbGludXguaWJtLmNvbT4K PiA+ID4gPiAtLS0KPiA+ID4gPiAgaW5jbHVkZS9saW51eC9sc21faG9va19kZWZzLmggfCAgIDMg Ky0KPiA+ID4gPiAgaW5jbHVkZS9saW51eC9sc21faG9va3MuaCAgICAgfCAgIDEgKwo+ID4gPiA+ ICBzZWN1cml0eS9zZWN1cml0eS5jICAgICAgICAgICB8IDExOSArKysrKysrKysrKysrKysrKysr KysrKysrKysrKy0tLS0tCj4gPiA+ID4gIHNlY3VyaXR5L3NlbGludXgvaG9va3MuYyAgICAgIHwg IDE5ICsrKystLQo+ID4gPiA+ICBzZWN1cml0eS9zbWFjay9zbWFja19sc20uYyAgICB8ICAzMyAr KysrKystLS0tCj4gPiA+ID4gIDUgZmlsZXMgY2hhbmdlZCwgMTM3IGluc2VydGlvbnMoKyksIDM4 IGRlbGV0aW9ucygtKQo+IAo+IC4uLgo+IAo+ID4gPiA+IEBAIC0xNjA0LDMzICsxNjU0LDY2IEBA IGludCBzZWN1cml0eV9pbm9kZV9pbml0X3NlY3VyaXR5KHN0cnVjdCBpbm9kZSAqaW5vZGUsIHN0 cnVjdCBpbm9kZSAqZGlyLAo+ID4gPiA+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGNvbnN0IHN0cnVjdCBxc3RyICpxc3RyLAo+ID4gPiA+ICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIGNvbnN0IGluaXR4YXR0cnMgaW5pdHhhdHRycywgdm9pZCAqZnNfZGF0YSkKPiA+ ID4gPiAgewo+ID4gPiA+IC0gICAgICAgc3RydWN0IHhhdHRyIG5ld194YXR0cnNbTUFYX0xTTV9F Vk1fWEFUVFIgKyAxXTsKPiA+ID4gPiAtICAgICAgIHN0cnVjdCB4YXR0ciAqbHNtX3hhdHRyLCAq ZXZtX3hhdHRyLCAqeGF0dHI7Cj4gPiA+ID4gLSAgICAgICBpbnQgcmV0Owo+ID4gPiA+ICsgICAg ICAgc3RydWN0IHNlY3VyaXR5X2hvb2tfbGlzdCAqUDsKPiA+ID4gPiArICAgICAgIHN0cnVjdCB4 YXR0ciAqbmV3X3hhdHRyczsKPiA+ID4gPiArICAgICAgIHN0cnVjdCB4YXR0ciAqeGF0dHI7Cj4g PiA+ID4gKyAgICAgICBpbnQgcmV0ID0gLUVPUE5PVFNVUFAsIG51bV9maWxsZWRfeGF0dHJzID0g MDsKPiA+ID4gPiAKPiA+ID4gPiAgICAgICAgIGlmICh1bmxpa2VseShJU19QUklWQVRFKGlub2Rl KSkpCj4gPiA+ID4gICAgICAgICAgICAgICAgIHJldHVybiAwOwo+ID4gPiA+IAo+ID4gPiA+ICsg ICAgICAgaWYgKCFibG9iX3NpemVzLmxic194YXR0cikKPiA+ID4gPiArICAgICAgICAgICAgICAg cmV0dXJuIDA7Cj4gPiA+ID4gKwo+ID4gPiA+ICAgICAgICAgaWYgKCFpbml0eGF0dHJzKQo+ID4g PiA+ICAgICAgICAgICAgICAgICByZXR1cm4gY2FsbF9pbnRfaG9vayhpbm9kZV9pbml0X3NlY3Vy aXR5LCAtRU9QTk9UU1VQUCwgaW5vZGUsCj4gPiA+ID4gLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGRpciwgcXN0ciwgTlVMTCwgTlVMTCwgTlVMTCk7Cj4gPiA+ID4gLSAgICAg ICBtZW1zZXQobmV3X3hhdHRycywgMCwgc2l6ZW9mKG5ld194YXR0cnMpKTsKPiA+ID4gPiAtICAg ICAgIGxzbV94YXR0ciA9IG5ld194YXR0cnM7Cj4gPiA+ID4gLSAgICAgICByZXQgPSBjYWxsX2lu dF9ob29rKGlub2RlX2luaXRfc2VjdXJpdHksIC1FT1BOT1RTVVBQLCBpbm9kZSwgZGlyLCBxc3Ry LAo+ID4gPiA+IC0gICAgICAgICAgICAgICAgICAgICAgICAgICAmbHNtX3hhdHRyLT5uYW1lLAo+ ID4gPiA+IC0gICAgICAgICAgICAgICAgICAgICAgICAgICAmbHNtX3hhdHRyLT52YWx1ZSwKPiA+ ID4gPiAtICAgICAgICAgICAgICAgICAgICAgICAgICAgJmxzbV94YXR0ci0+dmFsdWVfbGVuKTsK PiA+ID4gPiAtICAgICAgIGlmIChyZXQpCj4gPiA+ID4gKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgZGlyLCBxc3RyLCBOVUxMKTsKPiA+ID4gPiArICAgICAgIC8qIEFsbG9jYXRl ICsxIGZvciBFVk0gYW5kICsxIGFzIHRlcm1pbmF0b3IuICovCj4gPiA+ID4gKyAgICAgICBuZXdf eGF0dHJzID0ga2NhbGxvYyhibG9iX3NpemVzLmxic194YXR0ciArIDIsIHNpemVvZigqbmV3X3hh dHRycyksCj4gPiA+ID4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgICBHRlBfTk9GUyk7Cj4g PiA+ID4gKyAgICAgICBpZiAoIW5ld194YXR0cnMpCj4gPiA+ID4gKyAgICAgICAgICAgICAgIHJl dHVybiAtRU5PTUVNOwo+ID4gPiA+ICsKPiA+ID4gPiArICAgICAgIGhsaXN0X2Zvcl9lYWNoX2Vu dHJ5KFAsICZzZWN1cml0eV9ob29rX2hlYWRzLmlub2RlX2luaXRfc2VjdXJpdHksCj4gPiA+ID4g KyAgICAgICAgICAgICAgICAgICAgICAgICAgICBsaXN0KSB7Cj4gPiA+ID4gKyAgICAgICAgICAg ICAgIHJldCA9IFAtPmhvb2suaW5vZGVfaW5pdF9zZWN1cml0eShpbm9kZSwgZGlyLCBxc3RyLCBu ZXdfeGF0dHJzKTsKPiA+ID4gPiArICAgICAgICAgICAgICAgaWYgKHJldCAmJiByZXQgIT0gLUVP UE5PVFNVUFApCj4gPiA+ID4gKyAgICAgICAgICAgICAgICAgICAgICAgZ290byBvdXQ7Cj4gPiA+ ID4gKyAgICAgICAgICAgICAgIC8qCj4gPiA+ID4gKyAgICAgICAgICAgICAgICAqIEFzIGRvY3Vt ZW50ZWQgaW4gbHNtX2hvb2tzLmgsIC1FT1BOT1RTVVBQIGluIHRoaXMgY29udGV4dAo+ID4gPiA+ ICsgICAgICAgICAgICAgICAgKiBtZWFucyB0aGF0IHRoZSBMU00gaXMgbm90IHdpbGxpbmcgdG8g cHJvdmlkZSBhbiB4YXR0ciwgbm90Cj4gPiA+ID4gKyAgICAgICAgICAgICAgICAqIHRoYXQgaXQg d2FudHMgdG8gc2lnbmFsIGFuIGVycm9yLiBUaHVzLCBjb250aW51ZSB0byBpbnZva2UKPiA+ID4g PiArICAgICAgICAgICAgICAgICogdGhlIHJlbWFpbmluZyBMU01zLgo+ID4gPiA+ICsgICAgICAg ICAgICAgICAgKi8KPiA+ID4gPiArICAgICAgICAgICAgICAgaWYgKHJldCA9PSAtRU9QTk9UU1VQ UCkKPiA+ID4gPiArICAgICAgICAgICAgICAgICAgICAgICBjb250aW51ZTsKPiA+ID4gPiArICAg ICAgICAgICAgICAgLyoKPiA+ID4gPiArICAgICAgICAgICAgICAgICogQXMgdGhlIG51bWJlciBv ZiB4YXR0cnMgcmVzZXJ2ZWQgYnkgTFNNcyBpcyBub3QgZGlyZWN0bHkKPiA+ID4gPiArICAgICAg ICAgICAgICAgICogYXZhaWxhYmxlLCBkaXJlY3RseSB1c2UgdGhlIHRvdGFsIG51bWJlciBibG9i X3NpemVzLmxic194YXR0cgo+ID4gPiA+ICsgICAgICAgICAgICAgICAgKiB0byBrZWVwIHRoZSBj b2RlIHNpbXBsZSwgd2hpbGUgYmVpbmcgbm90IHRoZSBtb3N0IGVmZmljaWVudAo+ID4gPiA+ICsg ICAgICAgICAgICAgICAgKiB3YXkuCj4gPiA+ID4gKyAgICAgICAgICAgICAgICAqLwo+ID4gPiAK PiA+ID4gSXMgdGhlcmUgYSBnb29kIHJlYXNvbiB3aHkgdGhlIExTTSBjYW4ndCByZXR1cm4gdGhl IG51bWJlciBvZiB4YXR0cnMKPiA+ID4gaXQgaXMgYWRkaW5nIHRvIHRoZSB4YXR0ciBhcnJheT8g IEl0IHNlZW1zIGxpa2UgaXQgc2hvdWxkIGJlIGZhaXJseQo+ID4gPiB0cml2aWFsIGZvciB0aGUg aW5kaXZpZHVhbCBMU01zIHRvIGRldGVybWluZSBhbmQgaXQgY291bGQgc2F2ZSBhIGxvdAo+ID4g PiBvZiB3b3JrLiAgSG93ZXZlciwgZ2l2ZW4gd2UncmUgYXQgdjggb24gdGhpcyBwYXRjaHNldCBJ J20gc3VyZSBJJ20KPiA+ID4gbWlzc2luZyBzb21ldGhpbmcgb2J2aW91cywgY2FuIHlvdSBoZWxw IG1lIHVuZGVyc3RhbmQgd2h5IHRoZSBpZGVhCj4gPiA+IGFib3ZlIGlzIGNyYXp5IHN0dXBpZD8g OykKPiA+IAo+ID4gT2ssIEkgbG9va2VkIGJhY2sgYXQgd2hhdCBJIGRpZCBmb3IgdjMuCj4gPiAK PiA+IE1vdmluZyBmcm9tIHYzIHRvIHY0LCBJIGRlY2lkZWQgdG8gcHV0IGxlc3MgYnVyZGVuIG9u IExTTXMsIGFuZCB0byBtYWtlCj4gPiBhbGwgdGhlIHByb2Nlc3NpbmcgZnJvbSB0aGUgTFNNIGlu ZnJhc3RydWN0dXJlIHNpZGUuCj4gCj4gQXMgYSBnZW5lcmFsIHJ1bGUgSSB0aGluayBpdCdzIGEg Z29vZCBnb2FsIHRvIGtlZXAgdGhlIExTTSBsYXllciBhcwo+IHNtYWxsIGFzIHBvc3NpYmxlOyBJ IGJlbGlldmUgaXQgYWxsb3dzIHVzIHRvIGJlIG1vcmUgZmxleGlibGUgd2l0aCB0aGUKPiBMU01z IGFuZCBpdCBrZWVwcyB0aGUgTFNNIGFzIHNpbXBsZSBhcyBwb3NzaWJsZS4gIEkgbWVhbiBsZXNz IGNvZGUsCj4gbGVzcyBidWdzLCBhbWlyaXRlPyAuLi4gOykKPiAKPiA+IHYzIGhhZCBzb21lIHNh ZmVndWFyZHMgdG8gcHJldmVudCBzb21lIHByb2dyYW1taW5nIG1pc3Rha2VzIGJ5IExTTXMsCj4g PiB3aGljaCBtYXliZSBtYWRlIHRoZSBjb2RlIGxlc3MgdW5kZXJzdGFuZGFibGUuCj4gPiAKPiA+ IEhvd2V2ZXIsIGlmIHdlIHNheSB3ZSBrZWVwIHRoaW5ncyBhcyBzaW1wbGUgYXMgcG9zc2libGUg YW5kIGFzc3VtZSB0aGF0Cj4gPiBMU01zIGltcGxlbWVudCB0aGlzIGNvcnJlY3RseSwgd2UgY2Fu IGp1c3QgcGFzcyBudW1fZmlsbGVkX3hhdHRycyB0bwo+ID4gdGhlbSBhbmQgdGhleSBzaW1wbHkg aW5jcmVtZW50IGl0Lgo+ID4gCj4gPiBUaGUgRVZNIGJ1ZyBzaG91bGQgbm90IGFyaXNlIChhY2Nl c3NpbmcgeGF0dHItPm5hbWUgPSBOVUxMKSwgZXZlbiBpZgo+ID4gQlBGIExTTSBhbG9uZSByZXR1 cm5zIHplcm8sIGR1ZSB0byB0aGUgY2hlY2sgb2YgbnVtX2ZpbGxlZF94YXR0cnMKPiA+IGJlZm9y ZSBjYWxsaW5nIGV2bV9pbm9kZV9pbml0X3NlY3VyaXR5KCkuCj4gPiAKPiA+IFBhdGNoIDYgKGF0 IHRoZSBlbmQpIHdpbGwgcHJldmVudCB0aGUgYnVnIGZyb20gYXJpc2luZyB3aGVuIEVWTSBpcwo+ ID4gbW92ZWQgdG8gdGhlIExTTSBpbmZyYXN0cnVjdHVyZSAobm8gbnVtX2ZpbGxlZF94YXR0cnMg Y2hlY2sgYW55bW9yZSkuCj4gPiBUaGVyZSBpcyBhIGxvb3AgdGhhdCBzdG9wcyBpZiB4YXR0ci0+ bmFtZSBpcyBOVUxMLCBzbwo+ID4gZXZtX3Byb3RlY3RlZF94YXR0cigpIHdpbGwgbm90IGJlIGNh bGxlZC4KPiA+IAo+ID4gT3IsIGxpa2UgeW91IHN1Z2dlc3RlZCwgd2UganVzdCByZXR1cm4gYSBw b3NpdGl2ZSB2YWx1ZSBmcm9tIExTTXMgYW5kCj4gPiB3ZSBrZWVwIG51bV9maWxsZWRfeGF0dHJz IGluIHNlY3VyaXR5X2lub2RlX2luaXRfc2VjdXJpdHkoKS4KPiAKPiBJIGxpa2UgdGhlIGlkZWEg b2YgaW5kaXZpZHVhbCBMU01zIHNpbXBseSByZXBvcnRpbmcgdGhlIG51bWJlciBvZgo+IHhhdHRy cyB0aGV5J3ZlIGdlbmVyYXRlZCBpbnN0ZWFkIG9mIGluY3JlbWVudGluZyB0aGUgbnVtX2ZpbGxl ZF94YXR0cnMKPiB2YXJpYWJsZS4KPiAKPiBJdCBzZWVtcyBsaWtlIHJldHVybmluZyB0aGUgeGF0 dHIgY291bnQgYXMgYSBwb3NpdGl2ZSByZXR1cm4gdmFsdWUKPiBzaG91bGQgd29yayBqdXN0IGZp bmUsIGxlYXZpbmcgbmVnYXRpdmUgdmFsdWVzIGZvciBlcnJvcnMsIGJ1dCBpZiB5b3UKPiBydW4g aW50byBwcm9ibGVtcyB5b3UgY2FuIGFsd2F5cyBwYXNzIHRoZSB2YWx1ZSBiYWNrIGluIGEgbmV3 Cj4gcGFyYW1ldGVyIHBvaW50ZXIgaWYgbmVlZGVkLgo+IAo+ID4gPiA+IEBAIC0yODY4LDExICsy ODcwLDExIEBAIHN0YXRpYyBpbnQgc2VsaW51eF9kZW50cnlfY3JlYXRlX2ZpbGVzX2FzKHN0cnVj dCBkZW50cnkgKmRlbnRyeSwgaW50IG1vZGUsCj4gPiA+ID4gCj4gPiA+ID4gIHN0YXRpYyBpbnQg c2VsaW51eF9pbm9kZV9pbml0X3NlY3VyaXR5KHN0cnVjdCBpbm9kZSAqaW5vZGUsIHN0cnVjdCBp bm9kZSAqZGlyLAo+ID4gPiA+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGNvbnN0IHN0cnVjdCBxc3RyICpxc3RyLAo+ID4gPiA+IC0gICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGNvbnN0IGNoYXIgKipuYW1lLAo+ID4gPiA+IC0gICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHZvaWQgKip2YWx1ZSwgc2l6ZV90ICpsZW4pCj4gPiA+ ID4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3RydWN0IHhhdHRyICp4 YXR0cnMpCj4gPiA+ID4gIHsKPiA+ID4gPiAgICAgICAgIGNvbnN0IHN0cnVjdCB0YXNrX3NlY3Vy aXR5X3N0cnVjdCAqdHNlYyA9IHNlbGludXhfY3JlZChjdXJyZW50X2NyZWQoKSk7Cj4gPiA+ID4g ICAgICAgICBzdHJ1Y3Qgc3VwZXJibG9ja19zZWN1cml0eV9zdHJ1Y3QgKnNic2VjOwo+ID4gPiA+ ICsgICAgICAgc3RydWN0IHhhdHRyICp4YXR0ciA9IE5VTEw7Cj4gPiA+ID4gICAgICAgICB1MzIg bmV3c2lkLCBjbGVuOwo+ID4gPiA+ICAgICAgICAgaW50IHJjOwo+ID4gPiA+ICAgICAgICAgY2hh ciAqY29udGV4dDsKPiA+ID4gPiBAQCAtMjg5OSwxNiArMjkwMSwxOCBAQCBzdGF0aWMgaW50IHNl bGludXhfaW5vZGVfaW5pdF9zZWN1cml0eShzdHJ1Y3QgaW5vZGUgKmlub2RlLCBzdHJ1Y3QgaW5v ZGUgKmRpciwKPiA+ID4gPiAgICAgICAgICAgICAhKHNic2VjLT5mbGFncyAmIFNCTEFCRUxfTU5U KSkKPiA+ID4gPiAgICAgICAgICAgICAgICAgcmV0dXJuIC1FT1BOT1RTVVBQOwo+ID4gPiA+IAo+ ID4gPiA+IC0gICAgICAgaWYgKG5hbWUpCj4gPiA+ID4gLSAgICAgICAgICAgICAgICpuYW1lID0g WEFUVFJfU0VMSU5VWF9TVUZGSVg7Cj4gPiA+ID4gKyAgICAgICBpZiAoeGF0dHJzKQo+ID4gPiA+ ICsgICAgICAgICAgICAgICB4YXR0ciA9IHhhdHRycyArIHNlbGludXhfYmxvYl9zaXplcy5sYnNf eGF0dHI7Cj4gPiA+IAo+ID4gPiBQbGVhc2UgYWJzdHJhY3QgdGhhdCBhd2F5IHRvIGFuIGlubGlu ZSBmdW5jdGlvbiBzaW1pbGFyIHRvCj4gPiA+IHNlbGludXhfY3JlZCgpLCBzZWxpbnV4X2ZpbGUo KSwgc2VsaW51eF9pbm9kZSgpLCBldGMuCj4gPiAKPiA+IE9rLgo+ID4gCj4gPiA+ID4gKyAgICAg ICBpZiAoeGF0dHIpIHsKPiA+ID4gPiArICAgICAgICAgICAgICAgeGF0dHItPm5hbWUgPSBYQVRU Ul9TRUxJTlVYX1NVRkZJWDsKPiA+ID4gCj4gPiA+IEknbSBndWVzc2luZyB0aGUgeGF0dHItPm5h bWUgYXNzaWdubWVudCBpcyBhbHdheXMgZG9uZSwgcmVnYXJkbGVzcyBvZgo+ID4gPiBpZiBzZWN1 cml0eV9zaWRfdG9fY29udGV4dF9mb3JjZSgpIGlzIHN1Y2Nlc3NmdWwsIGR1ZSB0byB0aGUgLUVJ TlZBTAo+ID4gPiBjaGVjayBpbiBzZWN1cml0eV9jaGVja19jb21wYWN0X2ZpbGxlZF94YXR0cnMo KT8gIElmIHllcywgaXQgd291bGQgYmUKPiA+ID4gZ29vZCB0byBtYWtlIG5vdGUgb2YgdGhhdCBo ZXJlIGluIHRoZSBjb2RlLiAgSWYgbm90LCBpdCB3b3VsZCBiZSBuaWNlCj4gPiA+IHRvIG1vdmUg dGhpcyBkb3duIHRoZSBmdW5jdGlvbiB0byBnbyB3aXRoIHRoZSBvdGhlciB4YXR0ci0+WFhYCj4g PiA+IGFzc2lnbm1lbnRzLCB1bmxlc3MgdGhlcmUgaXMgYW5vdGhlciByZWFzb24gZm9yIGl0cyBw bGFjZW1lbnQgdGhhdCBJJ20KPiA+ID4gbWlzc2luZy4KPiA+IAo+ID4gVWhtLCBpZiBhbiBMU00g cmV0dXJucyBhbiBlcnJvciwgc2VjdXJpdHlfaW5vZGVfaW5pdF9zZWN1cml0eSgpIHN0b3BzCj4g PiBhbmQgZG9lcyB0aGUgY2xlYW51cC4gSXQgc2hvdWxkIG5vdCBtYXR0ZXIgaWYgeGF0dHItPm5h bWUgd2FzIHNldC4KPiAKPiBPa2F5LCBJIHRob3VnaHQgSSBtaWdodCBiZSBtaXNzaW5nIHNvbWV0 aGluZyBkdXJpbmcgdGhlIHJldmlldy4gIFNpbmNlCj4gdGhlcmUgaXMgbm8gc3BlY2lhbCByZWFz b24gZm9yIHB1dHRpbmcgdGhlIHhhdHRyLT5uYW1lIGFzc2lnbm1lbnQgdXAKPiB0aGVyZSwgcGxl YXNlIG1vdmUgaXQgZG93biBiZWxvdyB3aXRoIHRoZSBvdGhlciB4YXR0ci0+WFhYCj4gYXNzaWdu bWVudHMuCgpPaywgd2lsbCBkby4KClRoYW5rcwoKUm9iZXJ0bwoKCl9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCk9jZnMyLWRldmVsIG1haWxpbmcgbGlzdApP Y2ZzMi1kZXZlbEBvc3Mub3JhY2xlLmNvbQpodHRwczovL29zcy5vcmFjbGUuY29tL21haWxtYW4v bGlzdGluZm8vb2NmczItZGV2ZWw= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1181C7619A for ; Mon, 27 Mar 2023 07:37:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232633AbjC0HhR (ORCPT ); Mon, 27 Mar 2023 03:37:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41452 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232456AbjC0HhI (ORCPT ); Mon, 27 Mar 2023 03:37:08 -0400 Received: from frasgout11.his.huawei.com (frasgout11.his.huawei.com [14.137.139.23]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A3A30559A; Mon, 27 Mar 2023 00:36:40 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.18.147.228]) by frasgout11.his.huawei.com (SkyGuard) with ESMTP id 4PlPXS5Ndjz9v7Vl; Mon, 27 Mar 2023 15:27:20 +0800 (CST) Received: from roberto-ThinkStation-P620 (unknown [10.204.63.22]) by APP1 (Coremail) with SMTP id LxC2BwAHjQhWRyFku1LSAQ--.62049S2; Mon, 27 Mar 2023 08:36:01 +0100 (CET) Message-ID: <59def311993b839bb4fa623daa973a3bebb52359.camel@huaweicloud.com> Subject: Re: [PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook From: Roberto Sassu To: Paul Moore Cc: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com, ocfs2-devel@oss.oracle.com, reiserfs-devel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org, keescook@chromium.org, nicolas.bouchinet@clip-os.org, Roberto Sassu Date: Mon, 27 Mar 2023 09:35:47 +0200 In-Reply-To: References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> <20230314081720.4158676-5-roberto.sassu@huaweicloud.com> <939e6c88662ad90b963993c4cc1b702083e74a7a.camel@huaweicloud.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5-0ubuntu1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: LxC2BwAHjQhWRyFku1LSAQ--.62049S2 X-Coremail-Antispam: 1UD129KBjvJXoW3GFyrKF13Kw1kur1Utr4UXFb_yoWDJF4kpF WUt3Wj9r4kJFy7GrySqa18u3WS9rWfKrW7WrnxGry7AFyqyr1xtFyFyr15uFykZr4kGF1q qr42yrsxu3s8AaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUk0b4IE77IF4wAFF20E14v26ryj6rWUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Jr0_JF4l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv67AKxVWUJVW8JwA2z4x0Y4vEx4A2jsIEc7CjxV AFwI0_Gr0_Gr1UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40E x7xfMcIj6xIIjxv20xvE14v26r106r15McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x 0Yz7v_Jr0_Gr1lF7xvr2IY64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2Ij 64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x 8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMIIF0xvE 2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42 xK8VAvwI8IcIk0rVWrJr0_WFyUJwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv 6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjxUo0eHDUUUU X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgAJBF1jj4cvOgABst X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2023-03-24 at 17:19 -0400, Paul Moore wrote: > On Fri, Mar 24, 2023 at 6:18 AM Roberto Sassu > wrote: > > On Thu, 2023-03-23 at 20:09 -0400, Paul Moore wrote: > > > On Tue, Mar 14, 2023 at 4:19 AM Roberto Sassu > > > wrote: > > > > From: Roberto Sassu > > > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > > metadata. > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > > blob reservation mechanism. Introduce the new lbs_xattr field of the > > > > lsm_blob_sizes structure, so that each LSM can specify how many xattrs it > > > > needs, and the LSM infrastructure knows how many xattr slots it should > > > > allocate. > > > > > > > > Dynamically allocate the xattrs array to be populated by LSMs with the > > > > inode_init_security hook, and pass it to the latter instead of the > > > > name/value/len triple. Update the documentation accordingly, and fix the > > > > description of the xattr name, as it is not allocated anymore. > > > > > > > > Since the LSM infrastructure, at initialization time, updates the number of > > > > the requested xattrs provided by each LSM with a corresponding offset in > > > > the security blob (in this case the xattr array), it makes straightforward > > > > for an LSM to access the right position in the xattr array. > > > > > > > > There is still the issue that an LSM might not fill the xattr, even if it > > > > requests it (legitimate case, for example it might have been loaded but not > > > > initialized with a policy). Since users of the xattr array (e.g. the > > > > initxattrs() callbacks) detect the end of the xattr array by checking if > > > > the xattr name is NULL, not filling an xattr would cause those users to > > > > stop scanning xattrs prematurely. > > > > > > > > Solve that issue by introducing security_check_compact_filled_xattrs(), > > > > which does a basic check of the xattr array (if the xattr name is filled, > > > > the xattr value should be too, and viceversa), and compacts the xattr array > > > > by removing the holes. > > > > > > > > An alternative solution would be to let users of the xattr array know the > > > > number of elements of that array, so that they don't have to check the > > > > termination. However, this seems more invasive, compared to a simple move > > > > of few array elements. > > > > > > > > security_check_compact_filled_xattrs() also determines how many xattrs in > > > > the xattr array have been filled. If there is none, skip > > > > evm_inode_init_security() and initxattrs(). Skipping the former also avoids > > > > EVM to crash the kernel, as it is expecting a filled xattr. > > > > > > > > Finally, adapt both SELinux and Smack to use the new definition of the > > > > inode_init_security hook, and to correctly fill the designated slots in the > > > > xattr array. For Smack, reserve space for the other defined xattrs although > > > > they are not set yet in smack_inode_init_security(). > > > > > > > > Reported-by: Nicolas Bouchinet (EVM crash) > > > > Link: https://lore.kernel.org/linux-integrity/Y1FTSIo+1x+4X0LS@archlinux/ > > > > Signed-off-by: Roberto Sassu > > > > Reviewed-by: Casey Schaufler > > > > Reviewed-by: Mimi Zohar > > > > --- > > > > include/linux/lsm_hook_defs.h | 3 +- > > > > include/linux/lsm_hooks.h | 1 + > > > > security/security.c | 119 +++++++++++++++++++++++++++++----- > > > > security/selinux/hooks.c | 19 ++++-- > > > > security/smack/smack_lsm.c | 33 ++++++---- > > > > 5 files changed, 137 insertions(+), 38 deletions(-) > > ... > > > > > @@ -1604,33 +1654,66 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, > > > > const struct qstr *qstr, > > > > const initxattrs initxattrs, void *fs_data) > > > > { > > > > - struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1]; > > > > - struct xattr *lsm_xattr, *evm_xattr, *xattr; > > > > - int ret; > > > > + struct security_hook_list *P; > > > > + struct xattr *new_xattrs; > > > > + struct xattr *xattr; > > > > + int ret = -EOPNOTSUPP, num_filled_xattrs = 0; > > > > > > > > if (unlikely(IS_PRIVATE(inode))) > > > > return 0; > > > > > > > > + if (!blob_sizes.lbs_xattr) > > > > + return 0; > > > > + > > > > if (!initxattrs) > > > > return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, > > > > - dir, qstr, NULL, NULL, NULL); > > > > - memset(new_xattrs, 0, sizeof(new_xattrs)); > > > > - lsm_xattr = new_xattrs; > > > > - ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, > > > > - &lsm_xattr->name, > > > > - &lsm_xattr->value, > > > > - &lsm_xattr->value_len); > > > > - if (ret) > > > > + dir, qstr, NULL); > > > > + /* Allocate +1 for EVM and +1 as terminator. */ > > > > + new_xattrs = kcalloc(blob_sizes.lbs_xattr + 2, sizeof(*new_xattrs), > > > > + GFP_NOFS); > > > > + if (!new_xattrs) > > > > + return -ENOMEM; > > > > + > > > > + hlist_for_each_entry(P, &security_hook_heads.inode_init_security, > > > > + list) { > > > > + ret = P->hook.inode_init_security(inode, dir, qstr, new_xattrs); > > > > + if (ret && ret != -EOPNOTSUPP) > > > > + goto out; > > > > + /* > > > > + * As documented in lsm_hooks.h, -EOPNOTSUPP in this context > > > > + * means that the LSM is not willing to provide an xattr, not > > > > + * that it wants to signal an error. Thus, continue to invoke > > > > + * the remaining LSMs. > > > > + */ > > > > + if (ret == -EOPNOTSUPP) > > > > + continue; > > > > + /* > > > > + * As the number of xattrs reserved by LSMs is not directly > > > > + * available, directly use the total number blob_sizes.lbs_xattr > > > > + * to keep the code simple, while being not the most efficient > > > > + * way. > > > > + */ > > > > > > Is there a good reason why the LSM can't return the number of xattrs > > > it is adding to the xattr array? It seems like it should be fairly > > > trivial for the individual LSMs to determine and it could save a lot > > > of work. However, given we're at v8 on this patchset I'm sure I'm > > > missing something obvious, can you help me understand why the idea > > > above is crazy stupid? ;) > > > > Ok, I looked back at what I did for v3. > > > > Moving from v3 to v4, I decided to put less burden on LSMs, and to make > > all the processing from the LSM infrastructure side. > > As a general rule I think it's a good goal to keep the LSM layer as > small as possible; I believe it allows us to be more flexible with the > LSMs and it keeps the LSM as simple as possible. I mean less code, > less bugs, amirite? ... ;) > > > v3 had some safeguards to prevent some programming mistakes by LSMs, > > which maybe made the code less understandable. > > > > However, if we say we keep things as simple as possible and assume that > > LSMs implement this correctly, we can just pass num_filled_xattrs to > > them and they simply increment it. > > > > The EVM bug should not arise (accessing xattr->name = NULL), even if > > BPF LSM alone returns zero, due to the check of num_filled_xattrs > > before calling evm_inode_init_security(). > > > > Patch 6 (at the end) will prevent the bug from arising when EVM is > > moved to the LSM infrastructure (no num_filled_xattrs check anymore). > > There is a loop that stops if xattr->name is NULL, so > > evm_protected_xattr() will not be called. > > > > Or, like you suggested, we just return a positive value from LSMs and > > we keep num_filled_xattrs in security_inode_init_security(). > > I like the idea of individual LSMs simply reporting the number of > xattrs they've generated instead of incrementing the num_filled_xattrs > variable. > > It seems like returning the xattr count as a positive return value > should work just fine, leaving negative values for errors, but if you > run into problems you can always pass the value back in a new > parameter pointer if needed. > > > > > @@ -2868,11 +2870,11 @@ static int selinux_dentry_create_files_as(struct dentry *dentry, int mode, > > > > > > > > static int selinux_inode_init_security(struct inode *inode, struct inode *dir, > > > > const struct qstr *qstr, > > > > - const char **name, > > > > - void **value, size_t *len) > > > > + struct xattr *xattrs) > > > > { > > > > const struct task_security_struct *tsec = selinux_cred(current_cred()); > > > > struct superblock_security_struct *sbsec; > > > > + struct xattr *xattr = NULL; > > > > u32 newsid, clen; > > > > int rc; > > > > char *context; > > > > @@ -2899,16 +2901,18 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, > > > > !(sbsec->flags & SBLABEL_MNT)) > > > > return -EOPNOTSUPP; > > > > > > > > - if (name) > > > > - *name = XATTR_SELINUX_SUFFIX; > > > > + if (xattrs) > > > > + xattr = xattrs + selinux_blob_sizes.lbs_xattr; > > > > > > Please abstract that away to an inline function similar to > > > selinux_cred(), selinux_file(), selinux_inode(), etc. > > > > Ok. > > > > > > + if (xattr) { > > > > + xattr->name = XATTR_SELINUX_SUFFIX; > > > > > > I'm guessing the xattr->name assignment is always done, regardless of > > > if security_sid_to_context_force() is successful, due to the -EINVAL > > > check in security_check_compact_filled_xattrs()? If yes, it would be > > > good to make note of that here in the code. If not, it would be nice > > > to move this down the function to go with the other xattr->XXX > > > assignments, unless there is another reason for its placement that I'm > > > missing. > > > > Uhm, if an LSM returns an error, security_inode_init_security() stops > > and does the cleanup. It should not matter if xattr->name was set. > > Okay, I thought I might be missing something during the review. Since > there is no special reason for putting the xattr->name assignment up > there, please move it down below with the other xattr->XXX > assignments. Ok, will do. Thanks Roberto