search for: initxattr

...> > > > There is still the issue that an LSM might not fill the xattr, even if it > > > > requests it (legitimate case, for example it might have been loaded but not > > > > initialized with a policy). Since users of the xattr array (e.g. the > > > > initxattrs() callbacks) detect the end of the xattr array by checking if > > > > the xattr name is NULL, not filling an xattr would cause those users to > > > > stop scanning xattrs prematurely. > > > > > > > > Solve that issue by introducing security_check_com...

...> There is still the issue that an LSM might not fill the xattr, even if it > > > > > requests it (legitimate case, for example it might have been loaded but not > > > > > initialized with a policy). Since users of the xattr array (e.g. the > > > > > initxattrs() callbacks) detect the end of the xattr array by checking if > > > > > the xattr name is NULL, not filling an xattr would cause those users to > > > > > stop scanning xattrs prematurely. > > > > > > > > > > Solve that issue by introduci...

...rray. > > > > > > There is still the issue that an LSM might not fill the xattr, even if it > > > requests it (legitimate case, for example it might have been loaded but not > > > initialized with a policy). Since users of the xattr array (e.g. the > > > initxattrs() callbacks) detect the end of the xattr array by checking if > > > the xattr name is NULL, not filling an xattr would cause those users to > > > stop scanning xattrs prematurely. > > > > > > Solve that issue by introducing security_check_compact_filled_xattrs()...

...he next slots depending on how many xattrs they requested. However, while this concept is intuitive, it needs extra care. While for security blobs (the main reason of the reservation mechanism) it is not relevant for an LSM if other LSMs filled their portion, it matters for xattrs, as both EVM and initxattrs() callbacks scan the entire array until a terminator (xattr with NULL name). If an LSM did not provide an xattr, which could happen if it is loaded but not initialized, consumers of the xattr array would stop prematurely. This patch set avoids this problem by compacting the xattr array each time...

...he next slots depending on how many xattrs they requested. However, while this concept is intuitive, it needs extra care. While for security blobs (the main reason of the reservation mechanism) it is not relevant for an LSM if other LSMs filled their portion, it matters for xattrs, as both EVM and initxattrs() callbacks scan the entire array until a terminator (xattr with NULL name). If an LSM did not provide an xattr, which could happen if it is loaded but not initialized, consumers of the xattr array would stop prematurely. This patch set avoids this problem by compacting the xattr array each time...

...rto Sassu wrote: > From: Roberto Sassu <roberto.sassu at huawei.com> > > Currently, evm_inode_init_security() processes a single LSM xattr from > the array passed by security_inode_init_security(), and calculates the > HMAC on it and other inode metadata. > > Given that initxattrs() callbacks, called by > security_inode_init_security(), expect that this array is terminated when > the xattr name is set to NULL, reuse the same assumption to scan all xattrs > and to calculate the HMAC on all of them. > > Signed-off-by: Roberto Sassu <roberto.sassu at huawei....

...eparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Commit 572302af1258 ("reiserfs: Add missing calls to reiserfs_security_free()") fixed possible memory leaks and another issue related to adding an xattr at inode creation time. Define the initxattrs callback reiserfs_initxattrs(), to populate the name/value/len triple in the reiserfs_security_handle() with the first xattr provided by LSMs. Make a copy of the xattr value, as security_inode_init_security() frees it. After the call to security_inode_init_security(), remove the check for returni...