Quoting Mimi Zohar (zohar@xxxxxxxxxxxxxxxxxx): > On Fri, 2011-05-20 at 08:40 -0500, Serge E. Hallyn wrote: > > Quoting Mimi Zohar (zohar@xxxxxxxxxxxxxxxxxx): > > > On Thu, 2011-05-19 at 17:06 -0500, Serge E. Hallyn wrote: > > > > Quoting Mimi Zohar (zohar@xxxxxxxxxxxxxxxxxx): > > > > > Integrity appraisal measures files on file_free and stores the file > > > > > measurement as an xattr. Measure the file before releasing it. > > > > > > > > Can you put a bit more in the commit msg about why? What's magic > > > > about the fs-specific release function? > > > > > > ima_file_free(), called on __fput(), currently flags files that have > > > changed, so that the file is re-measured. However, for appraising a > > > files's integrity, flagging the file is not enough. The file's > > > security.ima xattr must be updated to reflect any changes. This patch > > > moves releasing the file to after calculating the new file hash. > > > > Sorry if I'm being dense, but I still don't understand (even though > > apparently I used to :) why the fs release is magic here. The > > dropping of the writelock comes later, so no file will be able to > > open the file for execute or write until that point, meaning that > > won't be happening without a re-measure with or without this patch. > > > > So you must be thinking something about general opens(), but I > > don't believe that file_operations->release makes a difference to > > another tasks's ability to open the file, nor to the writing out > > of changed contents. > > > > security_file_free() doesn't appear to be hooked by ima or evm, > > and if a security module changes its security.X xattr you'll > > end up re-measuring the xattrs anyway. > > > > So I'm still missing something, sorry :) > > > > -serge > > No, my mistake. IMA-appraisal, not EVM, needs to be able to read the > file in order to re-calculate the hash and update the 'security.ima' > extended attribute. Will move this patch to the IMA patchset. Gotcha, thanks. Please do keep my ack on it :) -serge -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
