lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 6 Feb 2024 17:11:28 +0200
From: Amir Goldstein <amir73il@...il.com>
To: Stefan Berger <stefanb@...ux.ibm.com>
Cc: linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org, 
	linux-unionfs@...r.kernel.org, linux-kernel@...r.kernel.org, 
	paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com, zohar@...ux.ibm.com, 
	roberto.sassu@...wei.com, brauner@...nel.org, miklos@...redi.hu
Subject: Re: [PATCH v2 7/9] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED

On Mon, Feb 5, 2024 at 8:25 PM Stefan Berger <stefanb@...ux.ibm.com> wrote:
>
> Now that EVM supports RSA signatures for previously completely
> unsupported filesystems rename the flag SB_I_EVM_UNSUPPORTED to
> SB_I_EVM_HMAC_UNSUPPORTED to reflect that only HMAC is not supported.
>
> Suggested-by: Amir Goldstein <amir73il@...il.com>
> Suggested-by: Mimi Zohar <zohar@...ux.ibm.com>
> Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>

Acked-by: Amir Goldstein <amir73il@...il.com>

> ---
>  fs/overlayfs/super.c              | 2 +-
>  include/linux/fs.h                | 2 +-
>  security/integrity/evm/evm_main.c | 2 +-
>  3 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
> index 460126b7e1cd..db132d437e14 100644
> --- a/fs/overlayfs/super.c
> +++ b/fs/overlayfs/super.c
> @@ -1445,7 +1445,7 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
>          * lead to unexpected results.
>          */
>         sb->s_iflags |= SB_I_NOUMASK;
> -       sb->s_iflags |= SB_I_EVM_UNSUPPORTED;
> +       sb->s_iflags |= SB_I_EVM_HMAC_UNSUPPORTED;
>
>         err = -ENOMEM;
>         root_dentry = ovl_get_root(sb, ctx->upper.dentry, oe);
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 1823a93202bd..37306a09b4dc 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1177,7 +1177,7 @@ extern int send_sigurg(struct fown_struct *fown);
>  #define SB_I_USERNS_VISIBLE            0x00000010 /* fstype already mounted */
>  #define SB_I_IMA_UNVERIFIABLE_SIGNATURE        0x00000020
>  #define SB_I_UNTRUSTED_MOUNTER         0x00000040
> -#define SB_I_EVM_UNSUPPORTED           0x00000080
> +#define SB_I_EVM_HMAC_UNSUPPORTED      0x00000080
>
>  #define SB_I_SKIP_SYNC 0x00000100      /* Skip superblock at global sync */
>  #define SB_I_PERSB_BDI 0x00000200      /* has a per-sb bdi */
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index c3bd88aba78c..ff659e622f4a 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -155,7 +155,7 @@ static int is_unsupported_fs(struct dentry *dentry)
>  {
>         struct inode *inode = d_backing_inode(dentry);
>
> -       if (inode->i_sb->s_iflags & SB_I_EVM_UNSUPPORTED) {
> +       if (inode->i_sb->s_iflags & SB_I_EVM_HMAC_UNSUPPORTED) {
>                 pr_info_once("%s not supported\n", inode->i_sb->s_type->name);
>                 return 1;
>         }
> --
> 2.43.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ