Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Roberto Sassu <roberto.sassu@huawei.com>,
	"efremov@linux.com" <efremov@linux.com>,
	"linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>,
	Silviu Vlasceanu <Silviu.Vlasceanu@huawei.com>
Subject: Re: IMA/EVM interfaces
Date: Fri, 31 Jul 2020 14:45:30 -0400
Message-ID: <13c9396fe62c1bf40175897a59ab711f36d626fa.camel@linux.ibm.com> (raw)
In-Reply-To: <425db984e96241f0a28a0b650aaa0b1d@huawei.com>

On Thu, 2020-07-30 at 06:50 +0000, Roberto Sassu wrote:
> > From: Denis Efremov [mailto:efremov@linux.com]
> > Sent: Wednesday, July 29, 2020 11:59 PM
> > 
> > 
> > 
> > On 7/28/20 6:43 PM, Roberto Sassu wrote:
> > > > From: linux-integrity-owner@vger.kernel.org [mailto:linux-
> > > > integrity-
> > > > owner@vger.kernel.org] On Behalf Of Denis Efremov
> > > > Sent: Tuesday, July 28, 2020 12:32 PM
> > > > Hi,
> > > > 
> > > > I've started to add integrity interfaces descriptions to
> > > > syzkaller
> > > > (https://github.com/google/syzkaller/pull/1970).
> > > > 
> > > > I've got a question, if you don't mind:
> > > > 
> > > > If I write 2 to /sys/kernel/security/integrity/evm/evm before
> > > > loading
> > keys,
> > > > subsequent fs operations will fail with -ENOKEY.
> > > > 
> > > > $ echo 2 > /sys/kernel/security/integrity/evm/evm
> > > > $ touch test.txt
> 
> Looks good. Mimi, could you please take this patch, and if
> possible, the others in the patch set?

 Just needing to finish up the ima-evm-utils release and finish
reviewing Kees' " Introduce partial kernel_read_file() support" patchset.   Will circle back around to EVM shortly.

In the meantime, could you take a look at the syzbot "possible deadlock
in process_measurement" report.   According to Amir Goldstein, this
isn't a lock order inversion.  It just needs to be properly annotated.

thanks,

Mimi


      reply index

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-28 10:32 Denis Efremov
2020-07-28 15:43 ` Roberto Sassu
2020-07-29 21:59   ` Denis Efremov
2020-07-30  6:50     ` Roberto Sassu
2020-07-31 18:45       ` Mimi Zohar [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=13c9396fe62c1bf40175897a59ab711f36d626fa.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=Silviu.Vlasceanu@huawei.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=dvyukov@google.com \
    --cc=efremov@linux.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=roberto.sassu@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git