| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ddff6449a57ef38e503fcaef759fa37ed391d134.camel@linux.ibm.com>
Date: Tue, 19 Dec 2023 14:09:58 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: linux-unionfs@...r.kernel.org
Cc: linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
Amir
Goldstein <amir73il@...il.com>,
Christian Brauner <brauner@...nel.org>,
Seth Forshee <sforshee@...nel.org>,
Roberto Sassu
<roberto.sassu@...weicloud.com>
Subject: Re: [PATCH v2 2/3] evm: add support to disable EVM on unsupported
filesystems
On Tue, 2023-12-19 at 12:52 -0500, Mimi Zohar wrote:
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 98b7a7a8c42e..db9350a734ef 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1164,6 +1164,7 @@ extern int send_sigurg(struct fown_struct *fown);
> #define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */
> #define SB_I_IMA_UNVERIFIABLE_SIGNATURE 0x00000020
> #define SB_I_UNTRUSTED_MOUNTER 0x00000040
> +#define SB_I_EVM_UNSUPPORTED 0x00000050
This needs to be fixed.
Mimi
>
> #define SB_I_SKIP_SYNC 0x00000100 /* Skip superblock at global sync */
> #define SB_I_PERSB_BDI 0x00000200 /* has a per-sb bdi */
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
Powered by blists - more mailing lists