public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 00:34:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
No description
1135986 commits 2 branches 894 tags 3.6 GiB
C 97.4%
Assembly 1%
Shell 0.5%
Python 0.4%
Makefile 0.3%
Other 0.2%
Find a file
Christian Brauner a56df5d5b7
evm: add post set acl hook 
The security_inode_post_setxattr() hook is used by security modules to
update their own security.* xattrs. Consequently none of the security
modules operate on posix acls. So we don't need an additional security
hook when post setting posix acls.

However, the integrity subsystem wants to be informed about posix acl
changes in order to reset the EVM status flag.

-> evm_inode_post_setxattr()
   -> evm_update_evmxattr()
      -> evm_calc_hmac()
         -> evm_calc_hmac_or_hash()

and evm_cacl_hmac_or_hash() walks the global list of protected xattr
names evm_config_xattrnames. This global list can be modified via
/sys/security/integrity/evm/evm_xattrs. The write to "evm_xattrs" is
restricted to security.* xattrs and the default xattrs in
evm_config_xattrnames only contains security.* xattrs as well.

So the actual value for posix acls is currently completely irrelevant
for evm during evm_inode_post_setxattr() and frankly it should stay that
way in the future to not cause the vfs any more headaches. But if the
actual posix acl values matter then evm shouldn't operate on the binary
void blob and try to hack around in the uapi struct anyway. Instead it
should then in the future add a dedicated hook which takes a struct
posix_acl argument passing the posix acls in the proper vfs format.

For now it is sufficient to make evm_inode_post_set_acl() a wrapper
around evm_inode_post_setxattr() not passing any actual values down.
This will cause the hashes to be updated as before.

Reviewed-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-10-20 10:13:29 +02:00
arch Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
block Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
certs certs: make system keyring depend on built-in x509 parser 2022-09-24 04:31:18 +09:00
crypto treewide: use get_random_bytes() when possible 2022-10-11 17:42:58 -06:00
Documentation fs: add new get acl method 2022-10-20 10:13:27 +02:00
drivers Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
fs 9p: implement set acl method 2022-10-20 10:13:28 +02:00
include evm: add post set acl hook 2022-10-20 10:13:29 +02:00
init - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
io_uring io_uring/rw: ensure kiocb_end_write() is always called 2022-10-12 16:30:56 -06:00
ipc - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
kernel Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
lib Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm fs: pass dentry to set acl method 2022-10-19 12:55:42 +02:00
net Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
rust Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
samples VFIO updates for v6.1-rc1 2022-10-12 14:46:48 -07:00
scripts Kbuild fixes for v6.1 2022-10-16 11:12:22 -07:00
security integrity: implement get and set acl hook 2022-10-20 10:13:29 +02:00
sound sound fixes for 6.1-rc1 2022-10-14 13:22:14 -07:00
tools perf tools changes for v6.1: 2nd batch 2022-10-16 15:14:29 -07:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt VFIO updates for v6.1-rc1 2022-10-12 14:46:48 -07:00
.clang-format PCI/DOE: Add DOE mailbox support functions 2022-07-19 15:38:04 -07:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING
CREDITS drm for 5.20/6.0 2022-08-03 19:52:08 -07:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS OpenRISC 6.1 Updates 2022-10-15 16:47:33 -07:00
Makefile Linux 6.1-rc1 2022-10-16 15:36:24 -07:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.