| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Apr 2012 06:00:44 -0700 From: Subodh Nijsure <subodh.nijsure@...il.com> To: Stephen Smalley <sds@...ho.nsa.gov> Cc: linux-mtd@...ts.infradead.org, Artem Bityutskiy <dedekind1@...il.com>, casey@...hufler-ca.com, Adrian Hunter <adrian.hunter@...el.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Subodh Nijsure <snijsure@...d-net.com> Subject: Re: [PATCH v2] Add security.* XATTR support for the UBIFS On Tue, Apr 10, 2012 at 5:46 AM, Stephen Smalley <sds@...ho.nsa.gov> wrote: > On Mon, 2012-04-09 at 16:51 -0700, subodh.nijsure@...il.com wrote: >> From: Subodh Nijsure <snijsure@...d-net.com> >> >> Also fix couple of bugs in UBIFS extended attribute length calculation. >> >> Changes Since V1: >> Instead of just handling security.selinux extended attribute handle >> all security.* attributes. >> >> TESTING: Tested on MX28 based platforms using Micron MT29F2G08ABAEAH4 NAND >> With these change we are able to label UBIFS filesystem with >> security.selinux and run system with selinux enabled. >> This change also allows one to set other security.* extended >> attributesr, such as security.smack security.evm, security.ima >> Ran integck test on UBI filesystem. >> >> Signed-off-by: Subodh Nijsure <snijsure@...d-net.com> >> --- >> fs/ubifs/dir.c | 4 ++ >> fs/ubifs/file.c | 6 ++ >> fs/ubifs/journal.c | 12 +++- >> fs/ubifs/super.c | 3 + >> fs/ubifs/ubifs.h | 9 +++ >> fs/ubifs/xattr.c | 147 ++++++++++++++++++++++++++++++++++++++++++++++++---- >> 6 files changed, 167 insertions(+), 14 deletions(-) >> >> diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c >> index ec9f187..f4e06c4 100644 >> --- a/fs/ubifs/dir.c >> +++ b/fs/ubifs/dir.c >> @@ -293,6 +293,7 @@ static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode, >> ubifs_release_budget(c, &req); >> insert_inode_hash(inode); >> d_instantiate(dentry, inode); >> + ubifs_init_security(dir, inode, &dentry->d_name); >> return 0; >> >> out_cancel: > > The ubifs_init_security() should occur before d_instantiate() so that > the inode is not accessible to other threads before its security > attributes have been set. And if it fails, you would ideally drop the > inode altogether and return an error to the creating process. > I will look into moving ubifs_init_security() before d_instantiate(). Last time I had tried I had run into some issues and had to keep creating inode and then creating xattr as two seperate items. I will look through the UBIFS code that actually creates xattr ubi nodes. Also I will wait for couple of days to send v3 patch with to see if mtd folks have other comments this patch. Regards, -Subodh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists