search for: evm

...ecision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one or multiple xattrs to be set at inode creation time and, at the same time, gives to EVM the ability to access all those xattrs and calculate the HMAC on them. The first problem that this patch set addresses is to make the inode_init_security hook definition suitable to use with EVM which, unlike other LSMs, needs to have visibility of all xattrs and not only the one that the LSM infr...

...ecision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one or multiple xattrs to be set at inode creation time and, at the same time, gives to EVM the ability to access all those xattrs and calculate the HMAC on them. The first problem that this patch set addresses is to make the inode_init_security hook definition suitable to use with EVM which, unlike other LSMs, needs to have visibility of all xattrs and not only the one that the LSM infr...

The security.evm extended attribute is fully owned by the Linux kernel and cannot be directly written from userspace. Therefore, we can always skip it. --- xattrs.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/xattrs.c b/xattrs.c index b105392..3b72e61 100644 --- a/xattrs....

On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu at huawei.com> > > Currently, evm_inode_init_security() processes a single LSM xattr from > the array passed by security_inode_init_security(), and calculates the > HMAC on it and other inode metadata. > > Given that initxattrs() callbacks, called by > security_inode_init_security(), expect that this array is termin...

EVMS Enterprise Volume Management System sounds interesting, looks like it supported CentOS4, but not CentOS5. But maybe I'm not looking in the right places. -- Drew Einhorn -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/cent...

Hi all Sombedody can points me to a good tutorial about using high availabilty clusters with xen using heratbeat2, ocfs2 and evms under rhel/centos, debian or sles?? I am doing various searches without a result ... (google shows me a lot of references, mailing lists, etc but not a good doc) Many thanks. -- CL Martinez carlopmart {at} gmail {d0t} com _______________________________________________ Xen-users mailing...

The tools for raidN (mdadm and friends) don't seem to compile with klibc. Has anyone tackled that, lvm or evms yet in a klibc-based initramfs, or do you usually include uclibc or something when it comes time to get fancy (also, looking ahead to crypto-root and such) Tks, Jeff Bailey

Hi, A problem with EVMS and Xen: I have patched a 2.6 kernel with the evms patches and then with the Xen patched, compiled and installed it. (kernel is 2.6.11.9 - which is what this server has been running for the past few months w/o the evms patches) At first everything seems to work just fine, I am able to use evms t...

Stefan Berger wrote: > The security.evm extended attribute is fully owned by the Linux kernel > and cannot be directly written from userspace. Therefore, we can always > skip it. > --- (see below "...")... Please put this on a switch or option. The security.evm field seems only special on Mandatory Access sys...

After creating the initial LSM security extended attribute, call evm_inode_post_init_security() to create the ''security.evm'' extended attribute. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> --- fs/btrfs/xattr.c | 39 +++++++++++++++++++++++++++++---------- 1 files changed, 29 insertions(+), 10 deletions(-) diff --git a/fs/btrfs/xattr.c b...

After creating the initial LSM security extended attribute, call evm_inode_post_init_security() to create the ''security.evm'' extended attribute. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> --- fs/btrfs/xattr.c | 39 +++++++++++++++++++++++++++++---------- 1 files changed, 29 insertions(+), 10 deletions(-) diff --git a/fs/btrfs/xattr.c b...

...ndividual LSM decision. > > Several changes need to be made to the LSM infrastructure to be able to > support that. This patch set tackles one of them: gives to each LSM the > ability to specify one or multiple xattrs to be set at inode creation > time and, at the same time, gives to EVM the ability to access all those > xattrs and calculate the HMAC on them. Hi Roberto, The v7 draft of this patchset had some good discussion, and based on a quick read of the comments it looks like everyone was eventually satisfied that the v7 draft was good and no further changes were necessar...

On 01/06/2017 12:27 AM, L. A. Walsh wrote: > Stefan Berger wrote: >> The security.evm extended attribute is fully owned by the Linux kernel >> and cannot be directly written from userspace. Therefore, we can always >> skip it. > --- (see below "...")... > > Please put this on a switch or option. > > The security.evm field seems only special o...

...ple who were working on this. If anyone has succeeded can you please drop me a line with some notes on your boot process and the initrd creation process please? I seem to have the bits all working individually, but I can''t quite figure out how to get Xen kernel to boot up and start my EVMS stuff under Gentoo. At the moment I have been trying using the genkernel (gentoo script) created initramfs and initrd (had to patch it to get one). Both seem to cause a kernel panic during boot. I haven''t yet tried to use the Xen initrd, but I gather there are some issues using it...

I started with two 160GB drives in RAID1 using EVMS on Centos 4.4. Both drives have now been replaced with 320GB drives but naturally are only offering 160GB (they were replaced individually at different times and self-recovered as they were RAID1. I cannot work out how to increase the size of the array to use all the available space on the disk....

...t; > <roberto.sassu at huaweicloud.com> wrote: > > > > > From: Roberto Sassu <roberto.sassu at huawei.com> > > > > > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > > > metadata. > > > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > > > blob reservation mechanism. Introduce the new lbs_xattr fie...

...Roberto Sassu > > > <roberto.sassu at huaweicloud.com> wrote: > > > > From: Roberto Sassu <roberto.sassu at huawei.com> > > > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > > metadata. > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > > blob reservation mechanism. Introduce the new lbs_xattr field of the > > &...

...til this is fixed. It seems this happens during reboot only, and a second reboot mostly fixes it, at least with /usr/sbin/sshd, but not always. But even without sshd it's too bad to have a remote server! Had anyone of you this happening? About my config: Kernel: 2.4.19 with minimal patches (evms and vserver). Using EVMS. Glibc 2.3.1. Gentoo 1.4-rc2 distribution. Every help and experience would help! Thanks in advance, viktor at neotek dot hu

...Mar 14, 2023 at 4:19?AM Roberto Sassu > > <roberto.sassu at huaweicloud.com> wrote: > > > From: Roberto Sassu <roberto.sassu at huawei.com> > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > metadata. > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > blob reservation mechanism. Introduce the new lbs_xattr field of the > > > lsm_blob_sizes s...

Jim, Thank you very much for your suggestions. I managed to get the C55x code working on the simulator. I would like to port Speex both on a C5502 EVM and a C5509A EVM. As such, if you can provide me with the details of your port on the C5509A, it would be greatly appreciated. Furthermore, I am looking for some technical documentation on the CELP algorithms. I would like to better understand the math being implemented. Do you know where such...