lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140426135616.GE18016@ZenIV.linux.org.uk>
Date:	Sat, 26 Apr 2014 14:56:16 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Dmitry Kasatkin <dmitry.kasatkin@...il.com>
Cc:	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Oleg Nesterov <oleg@...hat.com>,
	Dmitry Kasatkin <d.kasatkin@...sung.com>,
	linux-security-module <linux-security-module@...r.kernel.org>,
	John Johansen <john.johansen@...onical.com>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	James Morris <jmorris@...ei.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	kernel-team <kernel-team@...ts.ubuntu.com>
Subject: Re: Kernel panic at Ubuntu: IMA + Apparmor

On Sat, Apr 26, 2014 at 11:58:45AM +0300, Dmitry Kasatkin wrote:

> Conflict with Apparmor means with Ubuntu.
> 
> But answering to your early question..
> IMA does not want permission denied when measuring and re-measuring files.
> may_open() is doing that job before.
> 
> We need quickly introduce kernel_read without LSM checks...

*snarl*

What we need quickly is to introduce you to a textbook or two.  As the
matter of fact, in this case even wikipedia might suffice...

Please, figure out what "mandatory locking" is about, what kind of
exclusion does it provide and how much is it (un)related to LSM.

It has nothing to do with permission being denied; the normal behaviour is
to *block* until the lock has been removed.  Or failure with -EAGAIN if
the file had been opened with O_NDELAY.

The effects apply only to read/write and their ilk; they have nothing
to do with e.g. O_RDWR open().  And having a file already opened r/w
by somebody does not prevent another process from opening it and acquiring
an exclusive lock on some range.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ