similar to: [PATCH v6 11/20] evm: add evm_inode_post_init call in btrfs

After creating the initial LSM security extended attribute, call evm_inode_post_init_security() to create the ''security.evm'' extended attribute. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> --- fs/btrfs/xattr.c | 39 +++++++++++++++++++++++++++++---------- 1 files changed, 29 insertions(+), 10 deletions(-) diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c index

On Fri, Mar 24, 2023 at 9:26?AM Roberto Sassu <roberto.sassu at huaweicloud.com> wrote: > > On Fri, 2023-03-24 at 11:18 +0100, Roberto Sassu wrote: > > On Thu, 2023-03-23 at 20:09 -0400, Paul Moore wrote: > > > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu > > > <roberto.sassu at huaweicloud.com> wrote: > > > > From: Roberto Sassu

On Fri, 2023-03-24 at 17:39 -0400, Paul Moore wrote: > On Fri, Mar 24, 2023 at 9:26?AM Roberto Sassu > <roberto.sassu at huaweicloud.com> wrote: > > On Fri, 2023-03-24 at 11:18 +0100, Roberto Sassu wrote: > > > On Thu, 2023-03-23 at 20:09 -0400, Paul Moore wrote: > > > > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu > > > > <roberto.sassu at

On Fri, Mar 24, 2023 at 6:18?AM Roberto Sassu <roberto.sassu at huaweicloud.com> wrote: > On Thu, 2023-03-23 at 20:09 -0400, Paul Moore wrote: > > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu > > <roberto.sassu at huaweicloud.com> wrote: > > > From: Roberto Sassu <roberto.sassu at huawei.com> > > > > > > Currently,

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one

From: Roberto Sassu <roberto.sassu at huawei.com> As the remaining two users reiserfs and ocfs2 switched to security_inode_init_security(), security_old_inode_init_security() can be now removed. Out-of-tree kernel modules should switch to security_inode_init_security() too. Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at

From: Roberto Sassu <roberto.sassu at huawei.com> As the remaining two users reiserfs and ocfs2 switched to security_inode_init_security(), security_old_inode_init_security() can be now removed. Out-of-tree kernel modules should switch to security_inode_init_security() too. Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at

Hi In ext3_get_parent(), quick string (struct qstr) can do the job, in place of declaring a dentry on stack. Following patch does this and saves few bytes on kernel stack. Thanks, Maneesh namei.c | 69 ++++++++++++++++++++++++++++++---------------------------------- 1 files changed, 33 insertions(+), 36 deletions(-) diff -urN linux-2.5.58-base/fs/ext3/namei.c

On Tue, 2023-02-21 at 14:45 +0800, Joseph Qi wrote: > Hi, > > Sorry for the late reply. > > I don't have much background on this thread. It seems that we have to > check EOPNOTSUPP since ocfs2_init_security_get() may return EOPNOTSUPP > if it doesn't support extended attribute feature for backward > compatibility. Hi Joseph yes, I already reintroduced the check.

From: Roberto Sassu <roberto.sassu at huawei.com> In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Extend the existing ocfs2_initxattrs() to take the ocfs2_security_xattr_info structure from fs_info, and populate the name/value/len triple with the first xattr provided by LSMs. As fs_info was not used before, ocfs2_initxattrs() can

On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu at huawei.com> > > In preparation for removing security_old_inode_init_security(), switch to > security_inode_init_security(). > > Extend the existing ocfs2_initxattrs() to take the > ocfs2_security_xattr_info structure from fs_info, and populate the > name/value/len triple

Hi Dave, The patch below corrects a buffer overflow bug in q_parser.y. Since it is triggered by excessively long query strings, I believe that this bug could be exploited to allow arbitrary code execution if a query string supplied by a user is passed in directly to Ferret and not truncatated. If I''m right, you should consider a new release asap. I''ve fixed it to simply

From: Roberto Sassu <roberto.sassu at huawei.com> In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Commit 572302af1258 ("reiserfs: Add missing calls to reiserfs_security_free()") fixed possible memory leaks and another issue related to adding an xattr at inode creation time. Define the initxattrs callback

Stefan Berger wrote: > The security.evm extended attribute is fully owned by the Linux kernel > and cannot be directly written from userspace. Therefore, we can always > skip it. > --- (see below "...")... Please put this on a switch or option. The security.evm field seems only special on Mandatory Access systems (from https://lwn.net/Articles/449719/), and seems

On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu at huawei.com> > > Currently, evm_inode_init_security() processes a single LSM xattr from > the array passed by security_inode_init_security(), and calculates the > HMAC on it and other inode metadata. > > Given that initxattrs() callbacks, called by >

On Thu, Dec 1, 2022 at 5:42?AM Roberto Sassu <roberto.sassu at huaweicloud.com> wrote: > > From: Roberto Sassu <roberto.sassu at huawei.com> > > One of the major goals of LSM stacking is to run multiple LSMs side by side > without interfering with each other. The ultimate decision will depend on > individual LSM decision. > > Several changes need to be made to

On 01/06/2017 12:27 AM, L. A. Walsh wrote: > Stefan Berger wrote: >> The security.evm extended attribute is fully owned by the Linux kernel >> and cannot be directly written from userspace. Therefore, we can always >> skip it. > --- (see below "...")... > > Please put this on a switch or option. > > The security.evm field seems only special on

Am 27.06.2000 19:58:44 schrieb urban: > On Tue, 27 Jun 2000 klaus-georg.adams@rwg.de wrote: > > > > > Hi Andrew, > > your patch from 2.2.15 to 2.2.16, backing out the older protocol levels breaks > > reading from an OS/2 LAN Server. > > The appended patch fixes things for me (against 2.2.16). > > This backs out a lot of desired changes. For example I think

The security.evm extended attribute is fully owned by the Linux kernel and cannot be directly written from userspace. Therefore, we can always skip it. --- xattrs.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/xattrs.c b/xattrs.c index b105392..3b72e61 100644 --- a/xattrs.c +++ b/xattrs.c @@ -255,6 +255,9 @@ static int rsync_xal_get(const char *fname,