| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a7c5ac94b4c4d87b407353f74ff87bc0b13542a4.camel@linux.ibm.com>
Date: Thu, 13 Jan 2022 15:28:03 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Stefan Berger <stefanb@...ux.vnet.ibm.com>,
linux-integrity@...r.kernel.org
Cc: serge@...lyn.com, christian.brauner@...ntu.com,
containers@...ts.linux.dev, dmitry.kasatkin@...il.com,
ebiederm@...ssion.com, krzysztof.struczynski@...wei.com,
roberto.sassu@...wei.com, mpeters@...hat.com, lhinds@...hat.com,
lsturman@...hat.com, puiterwi@...hat.com, jejb@...ux.ibm.com,
jamjoom@...ibm.com, linux-kernel@...r.kernel.org,
paul@...l-moore.com, rgb@...hat.com,
linux-security-module@...r.kernel.org, jmorris@...ei.org,
Stefan Berger <stefanb@...ux.ibm.com>
Subject: Re: [PATCH v8 07/19] ima: Move dentry into ima_namespace and others
onto stack
Hi Stefan,
Nobody refers to the IMA securityfs files as dentries. The Subject
line is suppose to provide a hint about the patch. How about changing
the "Subject" line to "ima: Move IMA securityfs files into
ima_namespaces or onto stack".
On Tue, 2022-01-04 at 12:04 -0500, Stefan Berger wrote:
> From: Stefan Berger <stefanb@...ux.ibm.com>
>
> Move the policy file dentry into the ima_namespace for reuse by
> virtualized SecurityFS and for being able to remove it from
> the filesystem. Move the other dentries onto the stack.
Missing is an explanation why the other IMA securityfs files can be on
the stack. Maybe start out by saying that the ns_ima_init securityfs
files are never deleted. Then transition into the IMA namespaced
securityfs files and how they will be deleted.
>
> Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
> ---
> security/integrity/ima/ima.h | 2 ++
> security/integrity/ima/ima_fs.c | 32 ++++++++++++++++++--------------
> 2 files changed, 20 insertions(+), 14 deletions(-)
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index 82b3f6a98320..224b09617c52 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -140,6 +140,8 @@ struct ima_namespace {
> struct mutex ima_write_mutex;
> unsigned long ima_fs_flags;
> int valid_policy;
> +
> + struct dentry *policy_dentry;
None of the other securityfs files are renamed. Why is "ima_policy"
being renamed to "policy_dentry"? If there is a need, it should be
documented in the patch description.
thanks,
Mimi
> } __randomize_layout;
> extern struct ima_namespace init_ima_ns;
>
Powered by blists - more mailing lists