lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Apr 2022 21:19:51 -0400 From: Paul Moore <paul@...l-moore.com> To: Mickaël Salaün <mic@...ikod.net> Cc: James Morris <jmorris@...ei.org>, "Serge E . Hallyn" <serge@...lyn.com>, Al Viro <viro@...iv.linux.org.uk>, Jann Horn <jannh@...gle.com>, John Johansen <john.johansen@...onical.com>, Kees Cook <keescook@...omium.org>, Konstantin Meskhidze <konstantin.meskhidze@...wei.com>, Shuah Khan <shuah@...nel.org>, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Kentaro Takeda <takedakn@...data.co.jp>, Mickaël Salaün <mic@...ux.microsoft.com> Subject: Re: [PATCH v2 06/12] LSM: Remove double path_rename hook calls for RENAME_EXCHANGE On Tue, Mar 29, 2022 at 8:51 AM Mickaël Salaün <mic@...ikod.net> wrote: > > From: Mickaël Salaün <mic@...ux.microsoft.com> > > In order to be able to identify a file exchange with renameat2(2) and > RENAME_EXCHANGE, which will be useful for Landlock [1], propagate the > rename flags to LSMs. This may also improve performance because of the > switch from two set of LSM hook calls to only one, and because LSMs > using this hook may optimize the double check (e.g. only one lock, > reduce the number of path walks). > > AppArmor, Landlock and Tomoyo are updated to leverage this change. This > should not change the current behavior (same check order), except > (different level of) speed boosts. > > [1] https://lore.kernel.org/r/20220221212522.320243-1-mic@digikod.net > > Cc: James Morris <jmorris@...ei.org> > Cc: Kentaro Takeda <takedakn@...data.co.jp> > Cc: Paul Moore <paul@...l-moore.com> > Cc: Serge E. Hallyn <serge@...lyn.com> > Acked-by: John Johansen <john.johansen@...onical.com> > Acked-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> > Signed-off-by: Mickaël Salaün <mic@...ux.microsoft.com> > Link: https://lore.kernel.org/r/20220329125117.1393824-7-mic@digikod.net > --- > > Changes since v1: > * Import patch from > https://lore.kernel.org/r/20220222175332.384545-1-mic@digikod.net > * Add Acked-by: Tetsuo Handa. > * Add Acked-by: John Johansen. > --- > include/linux/lsm_hook_defs.h | 2 +- > include/linux/lsm_hooks.h | 1 + > security/apparmor/lsm.c | 30 +++++++++++++++++++++++++----- > security/landlock/fs.c | 12 ++++++++++-- > security/security.c | 9 +-------- > security/tomoyo/tomoyo.c | 11 ++++++++++- > 6 files changed, 48 insertions(+), 17 deletions(-) Seems like a nice improvement to me, and while I'm not an AppArmor, Tomoyo, or Landlock expert the changes looked pretty straightforward. Reviewed-by: Paul Moore <paul@...l-moore.com> -- paul-moore.com
Powered by blists - more mailing lists