| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <61a268d1-2832-5ea7-d37f-b491800b2813@linux.ibm.com>
Date: Fri, 3 Dec 2021 10:07:44 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: linux-integrity@...r.kernel.org
Cc: zohar@...ux.ibm.com, serge@...lyn.com,
christian.brauner@...ntu.com, containers@...ts.linux.dev,
dmitry.kasatkin@...il.com, ebiederm@...ssion.com,
krzysztof.struczynski@...wei.com, roberto.sassu@...wei.com,
mpeters@...hat.com, lhinds@...hat.com, lsturman@...hat.com,
puiterwi@...hat.com, jejb@...ux.ibm.com, jamjoom@...ibm.com,
linux-kernel@...r.kernel.org, paul@...l-moore.com, rgb@...hat.com,
linux-security-module@...r.kernel.org, jmorris@...ei.org
Subject: Re: [RFC v2 19/19] ima: Setup securityfs for IMA namespace
On 12/2/21 21:31, Stefan Berger wrote:
> extern struct ima_namespace init_ima_ns;
> diff --git a/security/inode.c b/security/inode.c
> index 2738a7b31469..6223f1d838f6 100644
> --- a/security/inode.c
> +++ b/security/inode.c
> @@ -22,6 +22,7 @@
> #include <linux/lsm_hooks.h>
> #include <linux/magic.h>
> #include <linux/user_namespace.h>
> +#include <linux/ima.h>
>
> static struct vfsmount *securityfs_mount;
> static int securityfs_mount_count;
> @@ -63,6 +64,13 @@ static const struct fs_context_operations securityfs_context_ops = {
>
> static int securityfs_init_fs_context(struct fs_context *fc)
> {
> + int rc;
> +
> + if (fc->user_ns->ima_ns->late_fs_init) {
> + rc = fc->user_ns->ima_ns->late_fs_init(fc->user_ns);
> + if (rc)
> + return rc;
> + }
> fc->ops = &securityfs_context_ops;
> return 0;
> }
Kernel test robot made me change it to this here:
static int securityfs_init_fs_context(struct fs_context *fc)
{
fc->ops = &securityfs_context_ops;
return ima_ns_late_fs_init(fc->user_ns);
}
With this here when CONFIG_IMA_NS is defined:
static inline int ima_ns_late_fs_init(struct user_namespace *user_ns)
{
struct ima_namespace *ns = user_ns->ima_ns;
if (ns->late_fs_init)
return ns->late_fs_init(ns);
return 0;
}
Stefan
Powered by blists - more mailing lists