On Fri, Mar 31, 2023 at 8:33 AM Roberto Sassu <roberto.sassu@xxxxxxxxxxxxxxx> wrote: > > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > Change the evm_inode_init_security() definition to align with the LSM > infrastructure. Keep the existing behavior of including in the HMAC > calculation only the first xattr provided by LSMs. > > Changing the evm_inode_init_security() definition requires passing the > xattr array allocated by security_inode_init_security(), and the number of > xattrs filled by previously invoked LSMs. > > Use the newly introduced lsm_get_xattr_slot() to position EVM correctly in > the xattrs array, like a regular LSM, and to increment the number of filled > slots. For now, the LSM infrastructure allocates enough xattrs slots to > store the EVM xattr, without using the reservation mechanism. > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > --- > include/linux/evm.h | 13 +++++++------ > security/integrity/evm/evm_main.c | 16 ++++++++++------ > security/security.c | 6 +++--- > 3 files changed, 20 insertions(+), 15 deletions(-) This seems reasonable to me, but I'll want to see a sign-off from Mimi for the EVM bits. Same thing for patch 4/4. -- paul-moore.com
