search for: lsms

...gt; > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > > > metadata. > > > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > > > blob reservation mechanism. Introduce the new lbs_xattr field of the > > > > > lsm_blob_sizes structure, so that each LSM can specify how many xattrs it > > > > > needs, and the LSM i...

...huawei.com> > > > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > > metadata. > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > > blob reservation mechanism. Introduce the new lbs_xattr field of the > > > > lsm_blob_sizes structure, so that each LSM can specify how many xattrs it > > > > needs, and the LSM infrastructure k...

...wrote: > > > > > > > > From: Roberto Sassu <roberto.sassu at huawei.com> ... > > Okay, that's fair, but we could still pass the full xattrs array and a > > reference to the current count which could be both read and updated by > > the individual LSMs, right? > > Yes, we could do. > > > The issue is that the separate compaction stage is not something we > > want to have to do if we can avoid it. Maybe we're stuck with it, but > > I'm not yet convinced that we can't make some minor changes to the > >...

...rto Sassu <roberto.sassu at huawei.com> > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > metadata. > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > blob reservation mechanism. Introduce the new lbs_xattr field of the > > > lsm_blob_sizes structure, so that each LSM can specify how many xattrs it > > > needs, and the LSM infrastructure knows how many x...

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one or multiple xattrs...

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one or multiple xattrs...

...at huawei.com> In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Extend the existing ocfs2_initxattrs() to take the ocfs2_security_xattr_info structure from fs_info, and populate the name/value/len triple with the first xattr provided by LSMs. As fs_info was not used before, ocfs2_initxattrs() can now handle the case of replicating the behavior of security_old_inode_init_security(), i.e. just obtaining the xattr, in addition to setting all xattrs provided by LSMs. Supporting multiple xattrs is not currently supported where security_ol...

On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu at huawei.com> > > Currently, evm_inode_init_security() processes a single LSM xattr from > the array passed by security_inode_init_security(), and calculates the > HMAC on it and other inode metadata. > > Given that initxattrs() callbacks, called by >

...eparation for removing security_old_inode_init_security(), switch to > security_inode_init_security(). > > Extend the existing ocfs2_initxattrs() to take the > ocfs2_security_xattr_info structure from fs_info, and populate the > name/value/len triple with the first xattr provided by LSMs. Hi Mark, Joel, Joseph some time ago I sent this patch set to switch to the newer function security_inode_init_security(). Almost all the other parts of this patch set have been reviewed, and the patch set itself should be ready to be merged. I kindly ask if you could have a look at this patch a...

On Thu, Dec 1, 2022 at 5:42?AM Roberto Sassu <roberto.sassu at huaweicloud.com> wrote: > > From: Roberto Sassu <roberto.sassu at huawei.com> > > One of the major goals of LSM stacking is to run multiple LSMs side by side > without interfering with each other. The ultimate decision will depend on > individual LSM decision. > > Several changes need to be made to the LSM infrastructure to be able to > support that. This patch set tackles one of them: gives to each LSM the > ability to sp...

...g calls to reiserfs_security_free()") fixed possible memory leaks and another issue related to adding an xattr at inode creation time. Define the initxattrs callback reiserfs_initxattrs(), to populate the name/value/len triple in the reiserfs_security_handle() with the first xattr provided by LSMs. Make a copy of the xattr value, as security_inode_init_security() frees it. After the call to security_inode_init_security(), remove the check for returning -EOPNOTSUPP, as security_inode_init_security() changes it to zero. Multiple xattrs are currently not supported, as the reiserfs_security_ha...

...urity(), switch to > > > security_inode_init_security(). > > > > > > Extend the existing ocfs2_initxattrs() to take the > > > ocfs2_security_xattr_info structure from fs_info, and populate the > > > name/value/len triple with the first xattr provided by LSMs. > > > > Hi Mark, Joel, Joseph > > > > some time ago I sent this patch set to switch to the newer > > function security_inode_init_security(). Almost all the other parts of > > this patch set have been reviewed, and the patch set itself should be > > read...

Hi, I use shorewall-4.5.4 + lsm-0.143 and it does not seem to work as expected... When all providers are up, everything seems fine. When one goes down, lsm says "link <provider> down event"... and it seems ok but we then experience some problems such as a few unreachable sites, DNS problems... If I remove the downed provider from all confs and restart, everything works again.

The message from this sender included one or more files which could not be scanned for virus detection; do not open these files unless you are certain of the sender's intent. ---------------------------------------------------------------------- Hi, I'm seeing the crash below on 6.1 and 6.2 kernels when trying to copy a directory to OCFS2 filesystem. The problem seems to be that

Hi everyone, I described the reflink operation at the Linux Storage & Filesystems Workshop last month. Originally implemented as an ocfs2-specific ioctl, the consensus was that it should be a syscall from the get-go. Here's some first-cut patches. For people who have not seen reflink, either at LSF or on the ocfs2 wiki, the first patch contains Documentation/filesystems/reflink.txt to