Re: [PATCH V2] EVM: Allow runtime modification of the set of verified xattrs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2018-05-01 at 17:21 +0000, Matthew Garrett wrote:
> On Mon, Apr 30, 2018 at 6:56 PM Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> 
> > On Fri, 2018-04-27 at 12:41 -0700, Matthew Garrett wrote:
> > > +     for (xattrname = evm_config_default_xattrnames; *xattrname !=
> NULL;
> > > +          xattrname++) {
> > > +             tmp = kmalloc(sizeof(struct xattr_list), GFP_KERNEL);
> > > +             if (!tmp)
> > > +                     return -ENOMEM;
> > > +             tmp->name = kstrdup(*xattrname, GFP_KERNEL);
> > > +             if (!tmp->name) {
> > > +                     kfree(tmp);
> > > +                     return -ENOMEM;
> > > +             }
> > > +             list_add_tail(&tmp->list, &evm_config_xattrnames);
> 
> > If evm_config_xattrnames[] is defined as struct xattr_list, there's no
> > need for allocating memory for the xattr_list and name.  Something
> > like in ima_init_policy() would work.
> 
> Hm. Do you mean evm_config_default_xattrnames?

Yes, or:
        for (i = 0; i < secure_boot_entries; i++)
                list_add_tail(&secure_boot_rules[i].list,
                              &ima_default_rules);

> 
> > Could we break this patch up to simplify review?  The first patch
> > would create and use the xattrname list.  The subsequent patch(es)
> > would add the new functionality.
> 
> Sure, I'll do that.

thanks!

Mimi
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux