| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Feb 2024 11:30:57 +0100
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: viro@...iv.linux.org.uk,
brauner@...nel.org,
jack@...e.cz,
chuck.lever@...cle.com,
jlayton@...nel.org,
neilb@...e.de,
kolga@...app.com,
Dai.Ngo@...cle.com,
tom@...pey.com,
paul@...l-moore.com,
jmorris@...ei.org,
serge@...lyn.com,
zohar@...ux.ibm.com,
dmitry.kasatkin@...il.com,
eric.snowberg@...cle.com,
dhowells@...hat.com,
jarkko@...nel.org,
stephen.smalley.work@...il.com,
omosnace@...hat.com,
casey@...aufler-ca.com,
shuah@...nel.org,
mic@...ikod.net
Cc: linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org,
linux-nfs@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-integrity@...r.kernel.org,
keyrings@...r.kernel.org,
selinux@...r.kernel.org,
linux-kselftest@...r.kernel.org,
Roberto Sassu <roberto.sassu@...wei.com>,
Stefan Berger <stefanb@...ux.ibm.com>
Subject: [PATCH v10 09/25] security: Align inode_setattr hook definition with EVM
From: Roberto Sassu <roberto.sassu@...wei.com>
Add the idmap parameter to the definition, so that evm_inode_setattr() can
be registered as this hook implementation.
Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>
Acked-by: Casey Schaufler <casey@...aufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@...ux.ibm.com>
Acked-by: Paul Moore <paul@...l-moore.com>
---
include/linux/lsm_hook_defs.h | 3 ++-
security/security.c | 2 +-
security/selinux/hooks.c | 3 ++-
security/smack/smack_lsm.c | 4 +++-
4 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 76458b6d53da..b00b16d58413 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -135,7 +135,8 @@ LSM_HOOK(int, 0, inode_readlink, struct dentry *dentry)
LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode,
bool rcu)
LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask)
-LSM_HOOK(int, 0, inode_setattr, struct dentry *dentry, struct iattr *attr)
+LSM_HOOK(int, 0, inode_setattr, struct mnt_idmap *idmap, struct dentry *dentry,
+ struct iattr *attr)
LSM_HOOK(int, 0, inode_getattr, const struct path *path)
LSM_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap,
struct dentry *dentry, const char *name, const void *value,
diff --git a/security/security.c b/security/security.c
index 7c240d768a76..671472b34bbf 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2216,7 +2216,7 @@ int security_inode_setattr(struct mnt_idmap *idmap,
if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
return 0;
- ret = call_int_hook(inode_setattr, 0, dentry, attr);
+ ret = call_int_hook(inode_setattr, 0, idmap, dentry, attr);
if (ret)
return ret;
return evm_inode_setattr(idmap, dentry, attr);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a6bf90ace84c..cedb4cbf072e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3136,7 +3136,8 @@ static int selinux_inode_permission(struct inode *inode, int mask)
return rc;
}
-static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
+static int selinux_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+ struct iattr *iattr)
{
const struct cred *cred = current_cred();
struct inode *inode = d_backing_inode(dentry);
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0fdbf04cc258..1b6abfdf7173 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1233,12 +1233,14 @@ static int smack_inode_permission(struct inode *inode, int mask)
/**
* smack_inode_setattr - Smack check for setting attributes
+ * @idmap: idmap of the mount
* @dentry: the object
* @iattr: for the force flag
*
* Returns 0 if access is permitted, an error code otherwise
*/
-static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
+static int smack_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+ struct iattr *iattr)
{
struct smk_audit_info ad;
int rc;
--
2.34.1
Powered by blists - more mailing lists