[PATCH 2/2] ima: add policy support for the new file open MAY_OPENEXEC flag
kbuild test robot
lkp at intel.com
Wed Apr 29 21:24:15 UTC 2020
Hi Mimi,
I love your patch! Yet something to improve:
[auto build test ERROR on integrity/next-integrity]
[also build test ERROR on linus/master v5.7-rc3 next-20200429]
[cannot apply to security/next-testing]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Mimi-Zohar/ima-extending-IMA-policy-to-support-interpreters/20200430-030608
base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: arc-allyesconfig (attached as .config)
compiler: arc-elf-gcc (GCC) 9.3.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day GCC_VERSION=9.3.0 make.cross ARCH=arc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp at intel.com>
All error/warnings (new ones prefixed by >>):
security/integrity/ima/ima_main.c: In function 'ima_file_check':
>> security/integrity/ima/ima_main.c:442:20: error: 'MAY_OPENEXEC' undeclared (first use in this function); did you mean 'MAY_OPEN'?
442 | MAY_EXEC | MAY_OPENEXEC |
| ^~~~~~~~~~~~
| MAY_OPEN
security/integrity/ima/ima_main.c:442:20: note: each undeclared identifier is reported only once for each function it appears in
>> security/integrity/ima/ima_main.c:444:1: warning: control reaches end of non-void function [-Wreturn-type]
444 | }
| ^
--
security/integrity/ima/ima_policy.c: In function 'ima_parse_rule':
>> security/integrity/ima/ima_policy.c:1100:19: error: 'MAY_OPENEXEC' undeclared (first use in this function); did you mean 'MAY_OPEN'?
1100 | entry->mask = MAY_OPENEXEC;
| ^~~~~~~~~~~~
| MAY_OPEN
security/integrity/ima/ima_policy.c:1100:19: note: each undeclared identifier is reported only once for each function it appears in
security/integrity/ima/ima_policy.c: In function 'ima_policy_show':
security/integrity/ima/ima_policy.c:1535:21: error: 'MAY_OPENEXEC' undeclared (first use in this function); did you mean 'MAY_OPEN'?
1535 | if (entry->mask & MAY_OPENEXEC)
| ^~~~~~~~~~~~
| MAY_OPEN
vim +442 security/integrity/ima/ima_main.c
424
425 /**
426 * ima_path_check - based on policy, collect/store measurement.
427 * @file: pointer to the file to be measured
428 * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND
429 *
430 * Measure files based on the ima_must_measure() policy decision.
431 *
432 * On success return 0. On integrity appraisal error, assuming the file
433 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
434 */
435 int ima_file_check(struct file *file, int mask)
436 {
437 u32 secid;
438
439 security_task_getsecid(current, &secid);
440 return process_measurement(file, current_cred(), secid, NULL, 0,
441 mask & (MAY_READ | MAY_WRITE |
> 442 MAY_EXEC | MAY_OPENEXEC |
443 MAY_APPEND), FILE_CHECK);
> 444 }
445 EXPORT_SYMBOL_GPL(ima_file_check);
446
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
More information about the Linux-security-module-archive
mailing list