| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Feb 2013 13:20:17 -0800
From: Randy Dunlap <rdunlap@...radead.org>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>
CC: David Rientjes <rientjes@...gle.com>,
James Morris <jmorris@...ei.org>,
linux-security-module <linux-security-module@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
linux-next <linux-next@...r.kernel.org>,
Dmitry Kasatkin <dmitry.kasatkin@...el.com>
Subject: Re: [PATCH] ima: fix part_pack_uuid() build error
On 02/22/13 11:46, Mimi Zohar wrote:
> Fix a build error when CONFIG_BLOCK is not enabled by defining
> a wrapper called ima_part_pack_uuid(). The wrapper returns
> -EINVAL, when CONFIG_BLOCK is not defined.
Some function wrapper for the case of BLOCK not enabled should be handled
where the function is defined, not where it is called.
That's how it is usually done in Linux.
> security/integrity/ima/ima_policy.c:538:4: error: implicit declaration
> of function 'part_pack_uuid' [-Werror=implicit-function-declaration]
>
> Changelog v0:
> - fix UUID scripts/Lindent msgs
>
> Reported-by: Randy Dunlap <rdunlap@...radead.org>
> Reported-by: David Rientjes <rientjes@...gle.com>
> Signed-off-by: Mimi Zohar <zohar@...ux.vnet.ibm.com>
> ---
> security/integrity/ima/ima.h | 13 +++++++++++++
> security/integrity/ima/ima_policy.c | 11 ++++++-----
> 2 files changed, 19 insertions(+), 5 deletions(-)
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index a41c9c1..902c356 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -21,6 +21,7 @@
> #include <linux/crypto.h>
> #include <linux/security.h>
> #include <linux/hash.h>
> +#include <linux/genhd.h>
> #include <linux/tpm.h>
> #include <linux/audit.h>
>
> @@ -199,4 +200,16 @@ static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,
> return -EINVAL;
> }
> #endif /* CONFIG_IMA_LSM_RULES */
> +
> +/* UUID policy option requires CONFIG_BLOCK */
> +#ifdef CONFIG_BLOCK
> +static inline int ima_part_pack_uuid(const u8 *uuid_str, u8 *to) {
> + part_pack_uuid(uuid_str, to);
> + return 0;
> +}
> +#else
> +static inline int ima_part_pack_uuid(const u8 *uuid_str, u8 *to) {
> + return -EINVAL;
> +}
> +#endif
> #endif
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index b27535a..41b7f48 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -176,7 +176,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
> && rule->fsmagic != inode->i_sb->s_magic)
> return false;
> if ((rule->flags & IMA_FSUUID) &&
> - memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
> + memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
> return false;
> if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
> return false;
> @@ -530,14 +530,15 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> ima_log_string(ab, "fsuuid", args[0].from);
>
> if (memchr_inv(entry->fsuuid, 0x00,
> - sizeof(entry->fsuuid))) {
> + sizeof(entry->fsuuid))) {
> result = -EINVAL;
> break;
> }
>
> - part_pack_uuid(args[0].from, entry->fsuuid);
> - entry->flags |= IMA_FSUUID;
> - result = 0;
> + result = ima_part_pack_uuid(args[0].from,
> + entry->fsuuid);
> + if (!result)
> + entry->flags |= IMA_FSUUID;
> break;
> case Opt_uid:
> ima_log_string(ab, "uid", args[0].from);
>
--
~Randy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists