* [PATCH 1/3] securityfs: Append line feed to /sys/kernel/security/lsm
2022-05-05 13:22 [PATCH 0/3] Append line feed to files in securityfs Wang Weiyang
@ 2022-05-05 13:22 ` Wang Weiyang
2022-05-05 16:29 ` Casey Schaufler
2022-05-05 13:23 ` [PATCH 2/3] evm: Append line feed to /sys/kernel/security/evm Wang Weiyang
2022-05-05 13:23 ` [PATCH 3/3] ima: Append line feed to ima/binary_runtime_measurements Wang Weiyang
2 siblings, 1 reply; 7+ messages in thread
From: Wang Weiyang @ 2022-05-05 13:22 UTC (permalink / raw)
To: zohar, dmitry.kasatkin, jmorris, serge
Cc: linux-security-module, linux-kernel, linux-integrity, wangweiyang2
There is no LF in /sys/kerne/security/lsm output. It is a little weird,
so append LF to it.
Example:
/ # cat /sys/kernel/security/lsm
capability,selinux/ #
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
---
security/inode.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/security/inode.c b/security/inode.c
index 6c326939750d..bfd5550fa129 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -318,8 +318,20 @@ static struct dentry *lsm_dentry;
static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
loff_t *ppos)
{
- return simple_read_from_buffer(buf, count, ppos, lsm_names,
- strlen(lsm_names));
+ char *tmp;
+ ssize_t len = strlen(lsm_names);
+ ssize_t rc;
+
+ tmp = kmalloc(len + 2, GFP_KERNEL);
+ if (!tmp)
+ return -ENOMEM;
+
+ scnprintf(tmp, len + 2, "%s\n", lsm_names);
+ rc = simple_read_from_buffer(buf, count, ppos, tmp, strlen(tmp));
+
+ kfree(tmp);
+
+ return rc;
}
static const struct file_operations lsm_ops = {
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/3] securityfs: Append line feed to /sys/kernel/security/lsm
2022-05-05 13:22 ` [PATCH 1/3] securityfs: Append line feed to /sys/kernel/security/lsm Wang Weiyang
@ 2022-05-05 16:29 ` Casey Schaufler
0 siblings, 0 replies; 7+ messages in thread
From: Casey Schaufler @ 2022-05-05 16:29 UTC (permalink / raw)
To: Wang Weiyang, zohar, dmitry.kasatkin, jmorris, serge
Cc: linux-security-module, linux-kernel, linux-integrity, Casey Schaufler
On 5/5/2022 6:22 AM, Wang Weiyang wrote:
> There is no LF in /sys/kerne/security/lsm output. It is a little weird,
> so append LF to it.
NAK: The existing behavior is consistent with long standing LSM convention.
>
> Example:
>
> / # cat /sys/kernel/security/lsm
> capability,selinux/ #
>
> Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
> ---
> security/inode.c | 16 ++++++++++++++--
> 1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/security/inode.c b/security/inode.c
> index 6c326939750d..bfd5550fa129 100644
> --- a/security/inode.c
> +++ b/security/inode.c
> @@ -318,8 +318,20 @@ static struct dentry *lsm_dentry;
> static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
> loff_t *ppos)
> {
> - return simple_read_from_buffer(buf, count, ppos, lsm_names,
> - strlen(lsm_names));
> + char *tmp;
> + ssize_t len = strlen(lsm_names);
> + ssize_t rc;
> +
> + tmp = kmalloc(len + 2, GFP_KERNEL);
> + if (!tmp)
> + return -ENOMEM;
> +
> + scnprintf(tmp, len + 2, "%s\n", lsm_names);
> + rc = simple_read_from_buffer(buf, count, ppos, tmp, strlen(tmp));
> +
> + kfree(tmp);
> +
> + return rc;
> }
>
> static const struct file_operations lsm_ops = {
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/3] evm: Append line feed to /sys/kernel/security/evm
2022-05-05 13:22 [PATCH 0/3] Append line feed to files in securityfs Wang Weiyang
2022-05-05 13:22 ` [PATCH 1/3] securityfs: Append line feed to /sys/kernel/security/lsm Wang Weiyang
@ 2022-05-05 13:23 ` Wang Weiyang
2022-05-05 13:23 ` [PATCH 3/3] ima: Append line feed to ima/binary_runtime_measurements Wang Weiyang
2 siblings, 0 replies; 7+ messages in thread
From: Wang Weiyang @ 2022-05-05 13:23 UTC (permalink / raw)
To: zohar, dmitry.kasatkin, jmorris, serge
Cc: linux-security-module, linux-kernel, linux-integrity, wangweiyang2
There is no LF in /sys/kerne/security/evm output. It is little weird,
so append LF to it.
Example:
/ # cat /sys/kernel/security/evm
0/ #
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
---
security/integrity/evm/evm_secfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index 8a9db7dfca7e..6a46b62aabd4 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -45,7 +45,7 @@ static ssize_t evm_read_key(struct file *filp, char __user *buf,
if (*ppos != 0)
return 0;
- sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE));
+ sprintf(temp, "%d\n", (evm_initialized & ~EVM_SETUP_COMPLETE));
rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
return rc;
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 3/3] ima: Append line feed to ima/binary_runtime_measurements
2022-05-05 13:22 [PATCH 0/3] Append line feed to files in securityfs Wang Weiyang
2022-05-05 13:22 ` [PATCH 1/3] securityfs: Append line feed to /sys/kernel/security/lsm Wang Weiyang
2022-05-05 13:23 ` [PATCH 2/3] evm: Append line feed to /sys/kernel/security/evm Wang Weiyang
@ 2022-05-05 13:23 ` Wang Weiyang
2022-05-06 11:16 ` Mimi Zohar
2 siblings, 1 reply; 7+ messages in thread
From: Wang Weiyang @ 2022-05-05 13:23 UTC (permalink / raw)
To: zohar, dmitry.kasatkin, jmorris, serge
Cc: linux-security-module, linux-kernel, linux-integrity, wangweiyang2
There is no LF in binary_runtime_measurements output. It is little weird,
so append LF to it.
Example:
/ # cat /sys/kernel/security/ima/binary_runtime_measurements
...imaboot_aggregate/ #
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
---
security/integrity/ima/ima_fs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index cd1683dad3bf..0a2f9cb25b20 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -183,6 +183,7 @@ int ima_measurements_show(struct seq_file *m, void *v)
show = IMA_SHOW_BINARY_OLD_STRING_FMT;
field->field_show(m, show, &e->template_data[i]);
}
+ seq_puts(m, "\n");
return 0;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 3/3] ima: Append line feed to ima/binary_runtime_measurements
2022-05-05 13:23 ` [PATCH 3/3] ima: Append line feed to ima/binary_runtime_measurements Wang Weiyang
@ 2022-05-06 11:16 ` Mimi Zohar
2022-05-06 12:31 ` wangweiyang
0 siblings, 1 reply; 7+ messages in thread
From: Mimi Zohar @ 2022-05-06 11:16 UTC (permalink / raw)
To: Wang Weiyang, dmitry.kasatkin, jmorris, serge
Cc: linux-security-module, linux-kernel, linux-integrity
On Thu, 2022-05-05 at 21:23 +0800, Wang Weiyang wrote:
> There is no LF in binary_runtime_measurements output. It is little weird,
> so append LF to it.
>
> Example:
>
> / # cat /sys/kernel/security/ima/binary_runtime_measurements
> ...imaboot_aggregate/ #
Why would you cat a binary file?!. Doesn't make sense.
Mimi
>
> Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 3/3] ima: Append line feed to ima/binary_runtime_measurements
2022-05-06 11:16 ` Mimi Zohar
@ 2022-05-06 12:31 ` wangweiyang
0 siblings, 0 replies; 7+ messages in thread
From: wangweiyang @ 2022-05-06 12:31 UTC (permalink / raw)
To: Mimi Zohar, dmitry.kasatkin, jmorris, serge
Cc: linux-security-module, linux-kernel, linux-integrity
Hi Mimi,
Sorry I didn't think thoroughly. Just ignore this patch.
Thanks.
在 2022/5/6 19:16, Mimi Zohar 写道:
> On Thu, 2022-05-05 at 21:23 +0800, Wang Weiyang wrote:
>> There is no LF in binary_runtime_measurements output. It is little weird,
>> so append LF to it.
>>
>> Example:
>>
>> / # cat /sys/kernel/security/ima/binary_runtime_measurements
>> ...imaboot_aggregate/ #
>
> Why would you cat a binary file?!. Doesn't make sense.
>
> Mimi
>
>>
>> Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
>
> .
>
^ permalink raw reply [flat|nested] 7+ messages in thread