[PATCH] Do not require attributes for security_inode_init_security.
Casey Schaufler
casey at schaufler-ca.com
Thu Mar 28 16:34:39 UTC 2024
On 3/28/2024 8:38 AM, Dr. Greg wrote:
> ...
>> In Linux v6.8[1] only Smack and SELinux provide implementations for
>> the security_inode_init_security() hook, and both also increment the
>> associated lsm_blob_sizes::lbs_xattr_count field. While the
>> behavior of the hook may have changed, I see no indications of any
>> harm with respect to the standard upstream Linux kernel. We
>> obviously want to ensure that we work to fix harmful behavior, but I
>> simply don't see that here; convince me there is a problem, send me
>> a patch as we've discussed, and I'll merge it.
> BPF provides an implementation and would be affected.
BPF has chosen to implement its LSM hooks their own way. As it is
impossible for the infrastructure developers to predict what the
behavior of those hooks may be, it is unreasonable to constrain
them based on hypothetical or rumored use cases.
The implementation of BPF precludes its use of LSM blobs that are
infrastructure managed. That ought to be obvious. BPF could include
a non-zero lbs_xattr_count just in case, and your problem would be
solved, but at a cost.
> Bear poking trimmed ...
>
> [1] In Linux v6.9-rc1 this grows to include EVM, but EVM also provides
> both a hook implementation and a lbs_xattr_count bump.
> BPF initialization, as of 6.8 does not include an xattr request.
Just so. If BPF wants to use the aforementioned interface, it needs to
include an xattr request. Just like any other LSM.
More information about the Linux-security-module-archive
mailing list