On Wed, Jul 22, 2020 at 03:29:26PM -0700, Scott Branden wrote:
> These changes don't pass the kernel-selftest for partial reads I added
> (which are at the end of this patch v2 series).
Oh, interesting. Is there any feedback in dmesg? I wonder if I have the
LSMs configured differently than you?
> See change below added for temp workaround for issue.
> > [...]
> > +
> > + whole_file = (offset == 0 && i_size <= buf_size);
> A hack to get this passing I added which probably breaks some security?
> if (whole_file) {
> > + ret = security_kernel_read_file(file, id, whole_file);
> > + if (ret)
> > + goto out;
> > +
> }
This would imply I did something wrong in the LSM hook refactoring (i.e.
some LSM is rejecting the !whole_file case, but if the entire call to
the hooks are skipped, it's okay).
What does this return on your test system:
echo $(cat /sys/kernel/security/lsm)
(I wonder if I have IMA configured differently...)
Mimi, have you had a chance to test these changes?
--
Kees Cook
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
