Displaying 20 results from an estimated 600 matches similar to: "[PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes"
2023 Mar 14
7
[PATCH v8 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes
From: Roberto Sassu <roberto.sassu at huawei.com>
One of the major goals of LSM stacking is to run multiple LSMs side by side
without interfering with each other. The ultimate decision will depend on
individual LSM decision.
Several changes need to be made to the LSM infrastructure to be able to
support that. This patch set tackles one of them: gives to each LSM the
ability to specify one
2023 Mar 24
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
On Fri, Mar 24, 2023 at 9:26?AM Roberto Sassu
<roberto.sassu at huaweicloud.com> wrote:
>
> On Fri, 2023-03-24 at 11:18 +0100, Roberto Sassu wrote:
> > On Thu, 2023-03-23 at 20:09 -0400, Paul Moore wrote:
> > > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu
> > > <roberto.sassu at huaweicloud.com> wrote:
> > > > From: Roberto Sassu
2023 Mar 27
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
On Fri, 2023-03-24 at 17:39 -0400, Paul Moore wrote:
> On Fri, Mar 24, 2023 at 9:26?AM Roberto Sassu
> <roberto.sassu at huaweicloud.com> wrote:
> > On Fri, 2023-03-24 at 11:18 +0100, Roberto Sassu wrote:
> > > On Thu, 2023-03-23 at 20:09 -0400, Paul Moore wrote:
> > > > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu
> > > > <roberto.sassu at
2023 Mar 24
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
On Fri, Mar 24, 2023 at 6:18?AM Roberto Sassu
<roberto.sassu at huaweicloud.com> wrote:
> On Thu, 2023-03-23 at 20:09 -0400, Paul Moore wrote:
> > On Tue, Mar 14, 2023 at 4:19?AM Roberto Sassu
> > <roberto.sassu at huaweicloud.com> wrote:
> > > From: Roberto Sassu <roberto.sassu at huawei.com>
> > >
> > > Currently,
2023 Jan 10
3
[PATCH v7 2/6] ocfs2: Switch to security_inode_init_security()
On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> In preparation for removing security_old_inode_init_security(), switch to
> security_inode_init_security().
>
> Extend the existing ocfs2_initxattrs() to take the
> ocfs2_security_xattr_info structure from fs_info, and populate the
> name/value/len triple
2023 Mar 14
2
[PATCH v8 2/6] ocfs2: Switch to security_inode_init_security()
From: Roberto Sassu <roberto.sassu at huawei.com>
In preparation for removing security_old_inode_init_security(), switch to
security_inode_init_security().
Extend the existing ocfs2_initxattrs() to take the
ocfs2_security_xattr_info structure from fs_info, and populate the
name/value/len triple with the first xattr provided by LSMs.
As fs_info was not used before, ocfs2_initxattrs() can
2023 Mar 14
1
[PATCH v8 1/6] reiserfs: Switch to security_inode_init_security()
From: Roberto Sassu <roberto.sassu at huawei.com>
In preparation for removing security_old_inode_init_security(), switch to
security_inode_init_security(). Commit 572302af1258 ("reiserfs: Add missing
calls to reiserfs_security_free()") fixed possible memory leaks and another
issue related to adding an xattr at inode creation time.
Define the initxattrs callback
2023 Feb 19
1
[PATCH v7 6/6] evm: Support multiple LSMs providing an xattr
On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> Currently, evm_inode_init_security() processes a single LSM xattr from
> the array passed by security_inode_init_security(), and calculates the
> HMAC on it and other inode metadata.
>
> Given that initxattrs() callbacks, called by
>
2023 Mar 28
1
[PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook
On Tue, Mar 28, 2023 at 3:47?AM Roberto Sassu
<roberto.sassu at huaweicloud.com> wrote:
>
> On Mon, 2023-03-27 at 17:02 -0400, Paul Moore wrote:
> > On Mon, Mar 27, 2023 at 3:30?AM Roberto Sassu
> > <roberto.sassu at huaweicloud.com> wrote:
> > > On Fri, 2023-03-24 at 17:39 -0400, Paul Moore wrote:
> > > > On Fri, Mar 24, 2023 at 9:26?AM Roberto
2023 Mar 14
1
[PATCH v8 3/6] security: Remove security_old_inode_init_security()
From: Roberto Sassu <roberto.sassu at huawei.com>
As the remaining two users reiserfs and ocfs2 switched to
security_inode_init_security(), security_old_inode_init_security() can be
now removed.
Out-of-tree kernel modules should switch to security_inode_init_security()
too.
Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
Reviewed-by: Casey Schaufler <casey at
2022 Dec 01
1
[PATCH v7 3/6] security: Remove security_old_inode_init_security()
From: Roberto Sassu <roberto.sassu at huawei.com>
As the remaining two users reiserfs and ocfs2 switched to
security_inode_init_security(), security_old_inode_init_security() can be
now removed.
Out-of-tree kernel modules should switch to security_inode_init_security()
too.
Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
Reviewed-by: Casey Schaufler <casey at
2023 Feb 21
0
[PATCH v7 2/6] ocfs2: Switch to security_inode_init_security()
On Tue, 2023-02-21 at 14:45 +0800, Joseph Qi wrote:
> Hi,
>
> Sorry for the late reply.
>
> I don't have much background on this thread. It seems that we have to
> check EOPNOTSUPP since ocfs2_init_security_get() may return EOPNOTSUPP
> if it doesn't support extended attribute feature for backward
> compatibility.
Hi Joseph
yes, I already reintroduced the check.
2023 Mar 08
1
[PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes
On Thu, Dec 1, 2022 at 5:42?AM Roberto Sassu
<roberto.sassu at huaweicloud.com> wrote:
>
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> One of the major goals of LSM stacking is to run multiple LSMs side by side
> without interfering with each other. The ultimate decision will depend on
> individual LSM decision.
>
> Several changes need to be made to
2011 Jun 02
0
[PATCH v6 11/20] evm: add evm_inode_post_init call in btrfs
After creating the initial LSM security extended attribute, call
evm_inode_post_init_security() to create the ''security.evm''
extended attribute.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
---
fs/btrfs/xattr.c | 39 +++++++++++++++++++++++++++++----------
1 files changed, 29 insertions(+), 10 deletions(-)
diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c
index
2011 May 16
0
[PATCH v5 12/21] evm: add evm_inode_post_init call in btrfs
After creating the initial LSM security extended attribute, call
evm_inode_post_init_security() to create the ''security.evm''
extended attribute.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
---
fs/btrfs/xattr.c | 39 +++++++++++++++++++++++++++++----------
1 files changed, 29 insertions(+), 10 deletions(-)
diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c
index
2016 Dec 01
3
[PATCH v2 1/2] xattrs: Skip security.evm extended attribute
The security.evm extended attribute is fully owned by the Linux kernel
and cannot be directly written from userspace. Therefore, we can always
skip it.
---
xattrs.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/xattrs.c b/xattrs.c
index b105392..3b72e61 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -255,6 +255,9 @@ static int rsync_xal_get(const char *fname,
2009 Feb 08
1
[PATCH] ocfs2/security: Check xattr support in security_init.
If the system supports selinux, we will return sucessfully from
ocfs2_init_security_get if it is called for the mount point.
And in that case if the volume doesn't have xattr support, we
will not be able to create a new inode in the mount dir because
ocfs2_mknod will try to set security attributes for a new created
inode. This patch check xattr support in ocfs2_init_security_get,
so it will
2006 Sep 24
1
[patch] buffer overflow in q_parser.y
Hi Dave,
The patch below corrects a buffer overflow bug in q_parser.y. Since it
is triggered by excessively long query strings, I believe that this bug
could be exploited to allow arbitrary code execution if a query string
supplied by a user is passed in directly to Ferret and not truncatated.
If I''m right, you should consider a new release asap.
I''ve fixed it to simply
2023 Mar 06
1
ocfs2 xattr
On Mon, Mar 06, 2023 at 05:58:30PM +0100, Roberto Sassu wrote:
> If there is no hook registering to inode_init_security, theoretically
> the LSM infrastructure should return -EOPNOTSUPP, which causes ocfs2 to
> set si->enable to zero, and not execute the line that causes the kernel
> to panic.
>
> The problem would arise if somehow the LSM infrastructure returns zero,
>
2007 Jul 20
1
Porting Speex on C5509A and CELP Algorithm Documentation
Jim,
Thank you very much for your suggestions. I managed to get the C55x code
working on the simulator. I would like to port Speex both on a C5502 EVM and
a C5509A EVM. As such, if you can provide me with the details of your port
on the C5509A, it would be greatly appreciated.
Furthermore, I am looking for some technical documentation on the CELP
algorithms. I would like to better