search for: security_inode_init_security

Displaying 17 results from an estimated 17 matches for "security_inode_init_security".

2023 Mar 14
1
[PATCH v8 1/6] reiserfs: Switch to security_inode_init_security()
From: Roberto Sassu <roberto.sassu at huawei.com> In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Commit 572302af1258 ("reiserfs: Add missing calls to reiserfs_security_free()") fixed possible memory leaks and another issue related to adding an xattr at inode creation time. Define the initxattrs callback reiserfs_initxattrs(), to populate the name/value/len triple in the reiserfs_...
2023 Jan 10
3
[PATCH v7 2/6] ocfs2: Switch to security_inode_init_security()
On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu at huawei.com> > > In preparation for removing security_old_inode_init_security(), switch to > security_inode_init_security(). > > Extend the existing ocfs2_initxattrs() to take the > ocfs2_security_xattr_info structure from fs_info, and populate the > name/value/len triple with the first xattr provided by LSMs. Hi Mark, Joel, Joseph some time ago I sent this patch set to switch to the newer function secu...
2023 Feb 21
0
[PATCH v7 2/6] ocfs2: Switch to security_inode_init_security()
...; On 1/10/23 4:55 PM, Roberto Sassu wrote: > > On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote: > > > From: Roberto Sassu <roberto.sassu at huawei.com> > > > > > > In preparation for removing security_old_inode_init_security(), switch to > > > security_inode_init_security(). > > > > > > Extend the existing ocfs2_initxattrs() to take the > > > ocfs2_security_xattr_info structure from fs_info, and populate the > > > name/value/len triple with the first xattr provided by LSMs. > > > > Hi Mark, Joel, Joseph > > &g...
2023 Mar 14
2
[PATCH v8 2/6] ocfs2: Switch to security_inode_init_security()
From: Roberto Sassu <roberto.sassu at huawei.com> In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Extend the existing ocfs2_initxattrs() to take the ocfs2_security_xattr_info structure from fs_info, and populate the name/value/len triple with the first xattr provided by LSMs. As fs_info was not used before, ocfs2_initxattrs() can now handle the case of replicating the behavior of security_...
2023 Mar 14
7
[PATCH v8 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes
...place in the inode_init_security definition the name/value/len parameters with the beginning of the array containing all xattrs set by LSMs. Due to security_old_inode_init_security() API limitation of setting only one xattr, it has been dropped and the remaining users, ocfs2 and reiserfs, switch to security_inode_init_security(). However, due to the complexity of the changes required to fully exploit the ability of security_inode_init_security() to set multiple xattrs, those users can still set only one xattr (the first set in the xattr array) where previously they called security_old_inode_init_security(). Furthermore,...
2022 Dec 01
8
[PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes
...place in the inode_init_security definition the name/value/len parameters with the beginning of the array containing all xattrs set by LSMs. Due to security_old_inode_init_security() API limitation of setting only one xattr, it has been dropped and the remaining users, ocfs2 and reiserfs, switch to security_inode_init_security(). However, due to the complexity of the changes required to fully exploit the ability of security_inode_init_security() to set multiple xattrs, those users can still set only one xattr (the first set in the xattr array) where previously they called security_old_inode_init_security(). Furthermore,...
2022 Dec 01
1
[PATCH v7 3/6] security: Remove security_old_inode_init_security()
From: Roberto Sassu <roberto.sassu at huawei.com> As the remaining two users reiserfs and ocfs2 switched to security_inode_init_security(), security_old_inode_init_security() can be now removed. Out-of-tree kernel modules should switch to security_inode_init_security() too. Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> --- include/linux/security.h |...
2023 Mar 14
1
[PATCH v8 3/6] security: Remove security_old_inode_init_security()
From: Roberto Sassu <roberto.sassu at huawei.com> As the remaining two users reiserfs and ocfs2 switched to security_inode_init_security(), security_old_inode_init_security() can be now removed. Out-of-tree kernel modules should switch to security_inode_init_security() too. Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at schaufler-ca.com> Reviewed-by: Mimi Zohar <zoh...
2023 Mar 24
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
...hu, 2023-03-23 at 20:09 -0400, Paul Moore wrote: > > > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu > > > <roberto.sassu at huaweicloud.com> wrote: > > > > From: Roberto Sassu <roberto.sassu at huawei.com> > > > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > > metadata. > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > > blob rese...
2023 Mar 27
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
...400, Paul Moore wrote: > > > > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu > > > > <roberto.sassu at huaweicloud.com> wrote: > > > > > From: Roberto Sassu <roberto.sassu at huawei.com> > > > > > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > > > metadata. > > > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > &gt...
2023 Feb 19
1
[PATCH v7 6/6] evm: Support multiple LSMs providing an xattr
On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu at huawei.com> > > Currently, evm_inode_init_security() processes a single LSM xattr from > the array passed by security_inode_init_security(), and calculates the > HMAC on it and other inode metadata. > > Given that initxattrs() callbacks, called by > security_inode_init_security(), expect that this array is terminated when > the xattr name is set to NULL, reuse the same assumption to scan all xattrs > and to calcula...
2023 Mar 24
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
....com> wrote: > On Thu, 2023-03-23 at 20:09 -0400, Paul Moore wrote: > > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu > > <roberto.sassu at huaweicloud.com> wrote: > > > From: Roberto Sassu <roberto.sassu at huawei.com> > > > > > > Currently, security_inode_init_security() supports only one LSM providing > > > an xattr and EVM calculating the HMAC on that xattr, plus other inode > > > metadata. > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > blob reservation mechanism. Introd...
2009 Feb 08
1
[PATCH] ocfs2/security: Check xattr support in security_init.
...3..8a7db21 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -5289,6 +5289,9 @@ int ocfs2_init_security_get(struct inode *inode, struct inode *dir, struct ocfs2_security_xattr_info *si) { + if (!ocfs2_supports_xattr(OCFS2_SB(inode->i_sb))) + return -EOPNOTSUPP; + return security_inode_init_security(inode, dir, &si->name, &si->value, &si->value_len); } -- 1.5.4.4
2011 May 16
0
[PATCH v5 12/21] evm: add evm_inode_post_init call in btrfs
...h" #include "transaction.h" @@ -367,31 +368,49 @@ int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, const struct qstr *qstr) { int err; - size_t len; - void *value; - char *suffix; + struct xattr lsm_xattr; + struct xattr evm_xattr; char *name; - err = security_inode_init_security(inode, dir, qstr, &suffix, &value, - &len); + err = security_inode_init_security(inode, dir, qstr, &lsm_xattr.name, + &lsm_xattr.value, + &lsm_xattr.value_len); if (err) { if (err == -EOPNOTSUPP) return 0; return err; } - name = kmalloc(X...
2011 Jun 02
0
[PATCH v6 11/20] evm: add evm_inode_post_init call in btrfs
...h" #include "transaction.h" @@ -367,31 +368,49 @@ int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, const struct qstr *qstr) { int err; - size_t len; - void *value; - char *suffix; + struct xattr lsm_xattr; + struct xattr evm_xattr; char *name; - err = security_inode_init_security(inode, dir, qstr, &suffix, &value, - &len); + err = security_inode_init_security(inode, dir, qstr, &lsm_xattr.name, + &lsm_xattr.value, + &lsm_xattr.value_len); if (err) { if (err == -EOPNOTSUPP) return 0; return err; } - name = kmalloc(X...
2009 May 03
6
[RFC] The reflink(2) system call.
Hi everyone, I described the reflink operation at the Linux Storage & Filesystems Workshop last month. Originally implemented as an ocfs2-specific ioctl, the consensus was that it should be a syscall from the get-go. Here's some first-cut patches. For people who have not seen reflink, either at LSF or on the ocfs2 wiki, the first patch contains Documentation/filesystems/reflink.txt to
2008 Oct 17
3
[PATCH 0/3] ocfs2: add security EA and ACL support v3
Hi, These three patches fix the problems in the version two. And them base on the Tao's patches: ocfs2/xattr: xattr improvement The first patch fix some problem in xattr code. The second patch add security EA support. The third patch add ACL support. Best regards, tiger