[PATCH v9 12/25] security: Introduce file_post_open hook

Mimi Zohar zohar at linux.ibm.com
Wed Feb 14 20:07:25 UTC 2024


On Tue, 2024-02-13 at 10:33 -0500, Paul Moore wrote:
> On Tue, Feb 13, 2024 at 7:59 AM Roberto Sassu
> <roberto.sassu at huaweicloud.com> wrote:
> > On Mon, 2024-02-12 at 16:16 -0500, Paul Moore wrote:
> > > On Mon, Feb 12, 2024 at 4:06 PM Mimi Zohar <zohar at linux.ibm.com> wrote:
> > > > Hi Roberto,
> > > > 
> > > > 
> > > > > diff --git a/security/security.c b/security/security.c
> > > > > index d9d2636104db..f3d92bffd02f 100644
> > > > > --- a/security/security.c
> > > > > +++ b/security/security.c
> > > > > @@ -2972,6 +2972,23 @@ int security_file_open(struct file *file)
> > > > >       return fsnotify_perm(file, MAY_OPEN);  <===  Conflict
> > > > 
> > > > Replace with "return fsnotify_open_perm(file);"
> > > > 
> > > > >  }
> > > > > 
> > > > 
> > > > The patch set doesn't apply cleaning to 6.8-rcX without this
> > > > change.  Unless
> > > > there are other issues, I can make the change.
> > > 
> > > I take it this means you want to pull this via the IMA/EVM tree?
> > 
> > Not sure about that, but I have enough changes to do to make a v10.

@Roberto:  please add my "Reviewed-by" to the remaining patches.

> 
> Sorry, I should have been more clear, the point I was trying to
> resolve was who was going to take this patchset (eventually).  There
> are other patches destined for the LSM tree that touch the LSM hooks
> in a way which will cause conflicts with this patchset, and if
> you/Mimi are going to take this via the IMA/EVM tree - which is fine
> with me - I need to take that into account when merging things in the
> LSM tree during this cycle.  It's not a big deal either way, it would
> just be nice to get an answer on that within the next week.

Similarly there are other changes for IMA and EVM.  If you're willing to create
a topic branch for just the v10 patch set that can be merged into your tree and
into my tree, I'm fine with your upstreaming v10. (I'll wait to send my pull
request after yours.)  Roberto will add my Ack's to the integrity, IMA, and EVM
related patches.  However if you're not willing to create a topic branch, I'll
upstream the v10 patch set.

thanks,

Mimi




More information about the Linux-security-module-archive mailing list