search for: initxattr

Displaying 7 results from an estimated 7 matches for "initxattr".

Did you mean: init_attr
2023 Mar 24
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
...> > > > There is still the issue that an LSM might not fill the xattr, even if it > > > > requests it (legitimate case, for example it might have been loaded but not > > > > initialized with a policy). Since users of the xattr array (e.g. the > > > > initxattrs() callbacks) detect the end of the xattr array by checking if > > > > the xattr name is NULL, not filling an xattr would cause those users to > > > > stop scanning xattrs prematurely. > > > > > > > > Solve that issue by introducing security_check_com...
2023 Mar 27
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
...> There is still the issue that an LSM might not fill the xattr, even if it > > > > > requests it (legitimate case, for example it might have been loaded but not > > > > > initialized with a policy). Since users of the xattr array (e.g. the > > > > > initxattrs() callbacks) detect the end of the xattr array by checking if > > > > > the xattr name is NULL, not filling an xattr would cause those users to > > > > > stop scanning xattrs prematurely. > > > > > > > > > > Solve that issue by introduci...
2023 Mar 24
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
...rray. > > > > > > There is still the issue that an LSM might not fill the xattr, even if it > > > requests it (legitimate case, for example it might have been loaded but not > > > initialized with a policy). Since users of the xattr array (e.g. the > > > initxattrs() callbacks) detect the end of the xattr array by checking if > > > the xattr name is NULL, not filling an xattr would cause those users to > > > stop scanning xattrs prematurely. > > > > > > Solve that issue by introducing security_check_compact_filled_xattrs()...
2023 Mar 14
7
[PATCH v8 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes
...he next slots depending on how many xattrs they requested. However, while this concept is intuitive, it needs extra care. While for security blobs (the main reason of the reservation mechanism) it is not relevant for an LSM if other LSMs filled their portion, it matters for xattrs, as both EVM and initxattrs() callbacks scan the entire array until a terminator (xattr with NULL name). If an LSM did not provide an xattr, which could happen if it is loaded but not initialized, consumers of the xattr array would stop prematurely. This patch set avoids this problem by compacting the xattr array each time...
2022 Dec 01
8
[PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes
...he next slots depending on how many xattrs they requested. However, while this concept is intuitive, it needs extra care. While for security blobs (the main reason of the reservation mechanism) it is not relevant for an LSM if other LSMs filled their portion, it matters for xattrs, as both EVM and initxattrs() callbacks scan the entire array until a terminator (xattr with NULL name). If an LSM did not provide an xattr, which could happen if it is loaded but not initialized, consumers of the xattr array would stop prematurely. This patch set avoids this problem by compacting the xattr array each time...
2023 Feb 19
1
[PATCH v7 6/6] evm: Support multiple LSMs providing an xattr
...rto Sassu wrote: > From: Roberto Sassu <roberto.sassu at huawei.com> > > Currently, evm_inode_init_security() processes a single LSM xattr from > the array passed by security_inode_init_security(), and calculates the > HMAC on it and other inode metadata. > > Given that initxattrs() callbacks, called by > security_inode_init_security(), expect that this array is terminated when > the xattr name is set to NULL, reuse the same assumption to scan all xattrs > and to calculate the HMAC on all of them. > > Signed-off-by: Roberto Sassu <roberto.sassu at huawei....
2023 Mar 14
1
[PATCH v8 1/6] reiserfs: Switch to security_inode_init_security()
...eparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Commit 572302af1258 ("reiserfs: Add missing calls to reiserfs_security_free()") fixed possible memory leaks and another issue related to adding an xattr at inode creation time. Define the initxattrs callback reiserfs_initxattrs(), to populate the name/value/len triple in the reiserfs_security_handle() with the first xattr provided by LSMs. Make a copy of the xattr value, as security_inode_init_security() frees it. After the call to security_inode_init_security(), remove the check for returni...