Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Paul Moore <paul@xxxxxxxxxxxxxx>, "Guozihua (Scott)" <guozihua@xxxxxxxxxx>
Subject: Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
From: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Date: Thu, 05 Jan 2023 20:05:47 -0500
Cc: dmitry.kasatkin@xxxxxxxxx, sds@xxxxxxxxxxxxx, eparis@xxxxxxxxxxxxxx, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>, sashal@xxxxxxxxxx, selinux@xxxxxxxxxxxxxxx, "linux-integrity@xxxxxxxxxxxxxxx" <linux-integrity@xxxxxxxxxxxxxxx>, stable@xxxxxxxxxxxxxxx
In-reply-to: <CAHC9VhT0SRWMi2gQKaBPOj1owqUh-24O9L2DyOZ8JDgEr+ZQiQ@mail.gmail.com>
References: <389334fe-6e12-96b2-6ce9-9f0e8fcb85bf@huawei.com> <efd4ce83299a10b02b1c04cc94934b8d51969e1c.camel@linux.ibm.com> <6a5bc829-b788-5742-cbfc-dba348065dbe@huawei.com> <566721e9e8d639c82d841edef4d11d30a4d29694.camel@linux.ibm.com> <fffb29b7-a1ac-33fb-6aca-989e5567f565@huawei.com> <40cf70a96d2adbff1c0646d3372f131413989854.camel@linux.ibm.com> <a63d5d4b-d7a9-fdcb-2b90-b5e2a974ca4c@huawei.com> <757bc525f7d3fe6db5f3ee1f86de2f4d02d8286b.camel@linux.ibm.com> <CAHC9VhR2mfaVjXz3sBzbkBamt8nE-9aV+jSOs9jH1ESnKvDrvw@mail.gmail.com> <fc11076f-1760-edf3-c0e4-8f58d5e0335c@huawei.com> <CAHC9VhT0SRWMi2gQKaBPOj1owqUh-24O9L2DyOZ8JDgEr+ZQiQ@mail.gmail.com>

On Thu, 2022-12-15 at 22:04 -0500, Paul Moore wrote:
> On Thu, Dec 15, 2022 at 9:36 PM Guozihua (Scott) <guozihua@xxxxxxxxxx> wrote:
> > On 2022/12/16 5:04, Paul Moore wrote:
> 
> ...
> 
> > > How bad is the backport really?  Perhaps it is worth doing it to see
> > > what it looks like?
> > >
> > It might not be that bad, I'll try to post a version next Monday.
> 
> Thanks for giving it a shot.

FYI, in the end backporting the atomic to blocking LSM notifier change
was the best solution.  Other than one minor correction, v6 of the
"ima: Fix IMA mishandling of LSM based rule during" looks good.

-- 
thanks,

Mimi

References:
- [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Guozihua (Scott)
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Mimi Zohar
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Guozihua (Scott)
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Mimi Zohar
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Guozihua (Scott)
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Mimi Zohar
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Guozihua (Scott)
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Mimi Zohar
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Paul Moore
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Guozihua (Scott)
- Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
  - From: Paul Moore

Prev by Date: [PATCH 1/2] libsepol: do not write empty class definitions
Next by Date: Re: [PATCH 1/1] [RFC] SELINUX: Remove obsolete deferred inode security init list.
Previous by thread: Re: [RFC] IMA LSM based rule race condition issue on 4.19 LTS
Next by thread: [PATCH testsuite] policy: allow user_namespace::create where appropriate
Index(es):
- Date
- Thread

[Index of Archives] [Selinux Refpolicy] [Linux SGX] [Fedora Users] [Fedora Desktop] [Yosemite Photos] [Yosemite Camping] [Yosemite Campsites] [KDE Users] [Gnome Users]