[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOQ4uxj0jQz64KArFM3q85N7QKPgJ1RazmeW2NnY6GFDace4Qg@mail.gmail.com>
Date: Tue, 6 Feb 2024 17:11:28 +0200
From: Amir Goldstein <amir73il@...il.com>
To: Stefan Berger <stefanb@...ux.ibm.com>
Cc: linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-unionfs@...r.kernel.org, linux-kernel@...r.kernel.org,
paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com, zohar@...ux.ibm.com,
roberto.sassu@...wei.com, brauner@...nel.org, miklos@...redi.hu
Subject: Re: [PATCH v2 7/9] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED
On Mon, Feb 5, 2024 at 8:25 PM Stefan Berger <stefanb@...ux.ibm.com> wrote:
>
> Now that EVM supports RSA signatures for previously completely
> unsupported filesystems rename the flag SB_I_EVM_UNSUPPORTED to
> SB_I_EVM_HMAC_UNSUPPORTED to reflect that only HMAC is not supported.
>
> Suggested-by: Amir Goldstein <amir73il@...il.com>
> Suggested-by: Mimi Zohar <zohar@...ux.ibm.com>
> Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
Acked-by: Amir Goldstein <amir73il@...il.com>
> ---
> fs/overlayfs/super.c | 2 +-
> include/linux/fs.h | 2 +-
> security/integrity/evm/evm_main.c | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
> index 460126b7e1cd..db132d437e14 100644
> --- a/fs/overlayfs/super.c
> +++ b/fs/overlayfs/super.c
> @@ -1445,7 +1445,7 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
> * lead to unexpected results.
> */
> sb->s_iflags |= SB_I_NOUMASK;
> - sb->s_iflags |= SB_I_EVM_UNSUPPORTED;
> + sb->s_iflags |= SB_I_EVM_HMAC_UNSUPPORTED;
>
> err = -ENOMEM;
> root_dentry = ovl_get_root(sb, ctx->upper.dentry, oe);
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 1823a93202bd..37306a09b4dc 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1177,7 +1177,7 @@ extern int send_sigurg(struct fown_struct *fown);
> #define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */
> #define SB_I_IMA_UNVERIFIABLE_SIGNATURE 0x00000020
> #define SB_I_UNTRUSTED_MOUNTER 0x00000040
> -#define SB_I_EVM_UNSUPPORTED 0x00000080
> +#define SB_I_EVM_HMAC_UNSUPPORTED 0x00000080
>
> #define SB_I_SKIP_SYNC 0x00000100 /* Skip superblock at global sync */
> #define SB_I_PERSB_BDI 0x00000200 /* has a per-sb bdi */
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index c3bd88aba78c..ff659e622f4a 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -155,7 +155,7 @@ static int is_unsupported_fs(struct dentry *dentry)
> {
> struct inode *inode = d_backing_inode(dentry);
>
> - if (inode->i_sb->s_iflags & SB_I_EVM_UNSUPPORTED) {
> + if (inode->i_sb->s_iflags & SB_I_EVM_HMAC_UNSUPPORTED) {
> pr_info_once("%s not supported\n", inode->i_sb->s_type->name);
> return 1;
> }
> --
> 2.43.0
>
Powered by blists - more mailing lists