On Thu, May 10, 2018 at 9:42 PM Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> On Wed, 2018-05-09 at 13:28 -0700, Matthew Garrett wrote:
> > + xattr->name = memdup_user_nul(buf, count);
> Up to now, the set of protected EVM xattrs was in the security domain.
> The current code permits any string in any domain. If that is the
> intention, there needs to be an explanation of the security
> implications of this change at least in the patch description.
Restricting it to security makes sense for now - if it turns out that it
seems useful to use other attributes then we can talk about changing that
later.
> > + if (strcmp(xattr->name, ".") == 0) {
> > + evm_xattrs_locked = 1;
> > + err = count;
> Please update the file mode bits of <securityfs>/evm_xattrs.
Ok.
> Should "evm_xattrs" be defined directly in the securityfs directory or
> in a subdirectory similar to ima? It will be difficult later on to
> move "evm_xattrs" to a subdirectory once applications start
> reading/writing to it. What would the subdirectory be called?
Yeah, that's tricky - the obvious directory would be evm, but that's
already in use. integrity makes sense, but then ima should also be under it.
