On Mon, 2018-04-16 at 18:32 +0000, Matthew Garrett wrote: > On Sun, Apr 15, 2018 at 7:05 AM Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > > Although evm_config_xattrnames is not currently defined as a const, it > > should have been. Including additional xattrs via a securityfs file, > > limits how the memory for the entire list of xattrs and the pointer to > > that list can be protected. > > Right, I did wonder about that. > > > Does this extra list of xattrs need to be run time or build time > > configurable? If it's build time configurable you'd be able to use > > __ro_after_init. For run time configurable, perhaps the proposed > > "post-init read-only memory" (https://lwn.net/Articles/750215/) could > > be used. > > Runtime. I'll look into the post-init stuff, but given that this doesn't > change the current security position do you think it's a blocker? I would probably make the existing evm_config_xattrnames a const and create a link list. As new xattrs are defined, append them to the tail. Is there a reason for adding one additional xattrs one at a time, as opposed to parsing a string? Is it better to define a securityfs file, rather than a boot command line argument? With a boot command line argument, the list of xattrs could be defined as __ro_after_init. Mimi
