On Fri, 2021-05-07 at 15:31 +0200, Roberto Sassu wrote: > When a file is being created, LSMs can set the initial label with the > inode_init_security hook. If no HMAC key is loaded, the new file will have > LSM xattrs but not the HMAC. It is also possible that the file remains > without protected xattrs after creation if no active LSM provided it. > > Unfortunately, EVM will deny any further metadata operation on new files, > as evm_protect_xattr() will always return the INTEGRITY_NOLABEL error, or > INTEGRITY_NOXATTRS if no protected xattrs exist. This would limit the > usability of EVM when only a public key is loaded, as commands such as cp > or tar with the option to preserve xattrs won't work. > > This patch introduces the evm_hmac_disabled() function to determine whether > or not it is safe to ignore verification errors, based on the ability of > EVM to calculate HMACs. If the HMAC key is not loaded, and it cannot be > loaded in the future due to the EVM_SETUP_COMPLETE initialization flag, > allowing an operation despite the attrs/xattrs being found invalid will not > make them valid. > > Since the post hooks can be executed even when the HMAC key is not loaded, > this patch also ensures that the EVM_INIT_HMAC initialization flag is set > before the post hooks call evm_update_evmxattr(). > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> Thanks, Robert! Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
