[PATCH RFC v1 4/7] integrity: Fix inode numbers in audit records
Mickaël Salaün
mic at digikod.net
Fri Oct 11 10:15:55 UTC 2024
On Thu, Oct 10, 2024 at 09:20:52PM -0400, Paul Moore wrote:
> On Oct 10, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic at digikod.net> wrote:
> >
> > Use the new inode_get_ino() helper to log the user space's view of
> > inode's numbers instead of the private kernel values.
> >
> > Cc: Mimi Zohar <zohar at linux.ibm.com>
> > Cc: Roberto Sassu <roberto.sassu at huawei.com>
> > Cc: Dmitry Kasatkin <dmitry.kasatkin at gmail.com>
> > Cc: Eric Snowberg <eric.snowberg at oracle.com>
> > Signed-off-by: Mickaël Salaün <mic at digikod.net>
> > ---
> > security/integrity/integrity_audit.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Should we also need to update the inode value used in hmac_add_misc()?
I'm not sure what the impact will be wrt backward compatibility. Mimi,
Roberto?
>
> diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
> index 7c06ffd633d2..68ae454e187f 100644
> --- a/security/integrity/evm/evm_crypto.c
> +++ b/security/integrity/evm/evm_crypto.c
> @@ -155,7 +155,7 @@ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
> * signatures
> */
> if (type != EVM_XATTR_PORTABLE_DIGSIG) {
> - hmac_misc.ino = inode->i_ino;
> + hmac_misc.ino = inode_get_ino(inode->i_ino);
> hmac_misc.generation = inode->i_generation;
> }
> /* The hmac uid and gid must be encoded in the initial user
>
> --
> paul-moore.com
More information about the Linux-security-module-archive
mailing list