[PATCH] evm: Correct inode_init_security hooks behaviors
Mimi Zohar
zohar at linux.ibm.com
Tue Oct 25 14:22:35 UTC 2022
On Tue, 2022-10-25 at 10:21 -0400, Mimi Zohar wrote:
> On Tue, 2022-10-25 at 15:33 +0200, Nicolas Bouchinet wrote:
> > > Agreed, independently as to whether BPF defines a security xattr, if
> > > two LSMs initialize security xattrs, then this change is needed. Are
> > > there any other examples?
> >
> > I think that in its current state the kernel cannot load two LSM capable of xattr
> > initialization as they are all defined with the `LSM_FLAG_EXCLUSIVE` flag set.
> > But I may be unaware of other LSM in development stage.
>
> Casey, Paul, can we get confirmation on this?
>
> > >
> > > (nit: I understand the line size has generally been relaxed, but for
> > > IMA/EVM I would prefer it to be remain as 80 chars.)
> > >
> >
> > No problem, will change it !
> >
> > I'll take time to run few tests with BPF and send a patch v3 with new changes.
>
> Since Roberto's patches will address the BPF bug(s), is this a fix for
> a real bug or a possbile future one. Cc'ing stable might not be
> necessary.
And the patch description will need to be updated accordingly.
thanks,
Mimi
More information about the Linux-security-module-archive
mailing list