lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 22 Nov 2012 14:49:42 +0200
From:	Dmitry Kasatkin <dmitry.kasatkin@...el.com>
To:	viro@...iv.linux.org.uk, fsdevel@...r.kernel.org,
	linux-security-module@...r.kernel.org, zohar@...ux.vnet.ibm.com,
	linux-kernel@...r.kernel.org
Subject: [PATCH 1/2] vfs: new super block feature flags attribute

This patch introduces new super block attribute flag s_feature_flags
and SF_IMA_DISABLED flag. This flag will be used by Integrity Measurement
Architecture (IMA). Name suggested by Bruce Fields.

Certain file system types and partitions will never be measured or
appraised by IMA depending on the policy. For example, pseudo file
systems are never measured and appraised. In current implementation
policy will be checked again and again. It happens thousands times
per second. That is absolute waste of CPU and may be battery resources.

IMA will set the SF_IMA_DISABLED flag when file system will not be measured
and appraised and test this flag during subsequent calls to skip policy search.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@...el.com>
---
 include/linux/fs.h |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/linux/fs.h b/include/linux/fs.h
index b33cfc9..0bef2b2 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1321,6 +1321,8 @@ struct super_block {
 
 	/* Being remounted read-only */
 	int s_readonly_remount;
+
+	unsigned long s_feature_flags;
 };
 
 /* superblock cache pruning functions */
@@ -1746,6 +1748,8 @@ struct super_operations {
 
 #define I_DIRTY (I_DIRTY_SYNC | I_DIRTY_DATASYNC | I_DIRTY_PAGES)
 
+#define SF_IMA_DISABLED		0x0001
+
 extern void __mark_inode_dirty(struct inode *, int);
 static inline void mark_inode_dirty(struct inode *inode)
 {
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ