| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d4273866-607e-37be-076b-a920bbf08bf9@digikod.net>
Date: Wed, 13 Oct 2021 17:26:32 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: Mimi Zohar <zohar@...ux.ibm.com>
Cc: Al Viro <viro@...iv.linux.org.uk>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH 2/2] fs: extend the trusted_for syscall to call IMA
Nice!
On 13/10/2021 13:01, Mimi Zohar wrote:
> Extend the trusted_for syscall to call the newly defined
> ima_trusted_for hook.
>
> Signed-off-by: Mimi Zohar <zohar@...ux.ibm.com>
> ---
> fs/open.c | 3 +++
> include/linux/ima.h | 9 +++++++++
> 2 files changed, 12 insertions(+)
>
> diff --git a/fs/open.c b/fs/open.c
> index c79c138a638c..4d54e2a727e1 100644
> --- a/fs/open.c
> +++ b/fs/open.c
> @@ -585,6 +585,9 @@ SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage,
> err = inode_permission(file_mnt_user_ns(f.file), inode,
> mask | MAY_ACCESS);
>
> + if (!err)
> + err = ima_trusted_for(f.file, usage);
Could you please implement a new LSM hook instead? Other LSMs may want
to use this information as well.
Powered by blists - more mailing lists