[PATCH] evm: Correct inode_init_security hooks behaviors
Mimi Zohar
zohar at linux.ibm.com
Tue Oct 25 14:21:30 UTC 2022
On Tue, 2022-10-25 at 15:33 +0200, Nicolas Bouchinet wrote:
> > Agreed, independently as to whether BPF defines a security xattr, if
> > two LSMs initialize security xattrs, then this change is needed. Are
> > there any other examples?
>
> I think that in its current state the kernel cannot load two LSM capable of xattr
> initialization as they are all defined with the `LSM_FLAG_EXCLUSIVE` flag set.
> But I may be unaware of other LSM in development stage.
Casey, Paul, can we get confirmation on this?
> >
> > (nit: I understand the line size has generally been relaxed, but for
> > IMA/EVM I would prefer it to be remain as 80 chars.)
> >
>
> No problem, will change it !
>
> I'll take time to run few tests with BPF and send a patch v3 with new changes.
Since Roberto's patches will address the BPF bug(s), is this a fix for
a real bug or a possbile future one. Cc'ing stable might not be
necessary.
thanks,
Mimi
More information about the Linux-security-module-archive
mailing list