From patchwork Fri Dec 22 14:32:35 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dongsu Park <dongsu@kinvolk.io>
X-Patchwork-Id: 10130591
Return-Path: <linux-integrity-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	3B6A76056E for <patchwork-linux-integrity@patchwork.kernel.org>;
	Fri, 22 Dec 2017 14:34:06 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 315C029FA9
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Fri, 22 Dec 2017 14:34:06 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 262B229FE4; Fri, 22 Dec 2017 14:34:06 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C516B29FF0
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Fri, 22 Dec 2017 14:34:05 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756491AbdLVOc2 (ORCPT
	<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
	Fri, 22 Dec 2017 09:32:28 -0500
Received: from mail-wm0-f65.google.com ([74.125.82.65]:43814 "EHLO
	mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756214AbdLVObc (ORCPT
	<rfc822;linux-integrity@vger.kernel.org>);
	Fri, 22 Dec 2017 09:31:32 -0500
Received: by mail-wm0-f65.google.com with SMTP id n138so22132059wmg.2
	for <linux-integrity@vger.kernel.org>;
	Fri, 22 Dec 2017 06:31:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=jqiv81xI/uuTat3QvN/5fUrDutGV31c0I2/xrHviQL0=;
	b=UYycT01tUQiDB0vLnzaNDAoXL+ClMj0UdtT++wld+4qNYB7YhBT0Z6rcMnAOSjXN7a
	z6FGUxybnuS46ab9XBobh4FXBh84xHuUfiVJSnZed8ExkNRvjjw/E4D6PIq+8sJrVUZp
	d0DZ+Zc062JN9L2itkZ8DSLjg6lQL9lAa326w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=jqiv81xI/uuTat3QvN/5fUrDutGV31c0I2/xrHviQL0=;
	b=Lrp3hbUfdKyG1zZ3cDYwxuc7NwxrdqvFdPRERUNiGH+Rx0a8tM/4Y7kKpNN3o13J7+
	c4qJXl70dd0Y2Jiovg+TR4eXAvFmY6ghctfcl6IW8KhWbb/Vc4XTovlgfh6NYTEqKtCE
	rUhNZ5YXzfqyYDso/w9iJ/ib7z8no8pCVvnPmUJkmbQRWfhz4DTFh9BD202YkgijF/pr
	sQfX//R24E8FwK/7HRFBOzh5rXdQjRJIc2nxwOrhOxvPuQIMgrUrGEdB6FjFusZpyIWm
	Sb0lc/0DJSHuwAVqc8LP1wktSFDqE9PS+Wb0rx7d9deX8z6ny1vxRZIq2cR+VbeYlAF1
	IqFw==
X-Gm-Message-State: AKGB3mJ+kdq3CZaPPkyfABwa6JNDJlmyAsyqr/R2hu7oSJPloSYa5V1T
	1L2EgYbJiUznk1kGs3p7hVzmhQ==
X-Google-Smtp-Source: 
 ACJfBotGqwS+GEONMWass59PwgH5dapWeA8CQZFdHB5HLK5yhApTgO0D0+ij8jkPimxGR+A+f0GQ4Q==
X-Received: by 10.80.184.83 with SMTP id k19mr15743995ede.190.1513953090761;
	Fri, 22 Dec 2017 06:31:30 -0800 (PST)
Received: from dberlin.localdomain ([178.19.216.175])
	by smtp.gmail.com with ESMTPSA id
	j39sm19698065ede.38.2017.12.22.06.31.29
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Fri, 22 Dec 2017 06:31:30 -0800 (PST)
From: Dongsu Park <dongsu@kinvolk.io>
To: linux-kernel@vger.kernel.org
Cc: containers@lists.linux-foundation.org, Alban Crequy <alban@kinvolk.io>,
	"Eric W . Biederman" <ebiederm@xmission.com>,
	Miklos Szeredi <mszeredi@redhat.com>,
	Seth Forshee <seth.forshee@canonical.com>,
	Sargun Dhillon <sargun@sargun.me>, Dongsu Park <dongsu@kinvolk.io>,
	linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org,
	James Morris <james.l.morris@oracle.com>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	"Serge E. Hallyn" <serge@hallyn.com>
Subject: [PATCH 11/11] evm: Don't update hmacs in user ns mounts
Date: Fri, 22 Dec 2017 15:32:35 +0100
Message-Id: 
 <1f2233a1a028f1eb1e9bea7d06efa6d34e69e752.1512041070.git.dongsu@kinvolk.io>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <cover.1512741134.git.dongsu@kinvolk.io>
References: <cover.1512741134.git.dongsu@kinvolk.io>
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Seth Forshee <seth.forshee@canonical.com>

The kernel should not calculate new hmacs for mounts done by
non-root users. Update evm_calc_hmac_or_hash() to refuse to
calculate new hmacs for mounts for non-init user namespaces.

Cc: linux-integrity@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: James Morris <james.l.morris@oracle.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Dongsu Park <dongsu@kinvolk.io>
---
 security/integrity/evm/evm_crypto.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index bcd64baf..729f4545 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -190,7 +190,8 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry,
 	int error;
 	int size;
 
-	if (!(inode->i_opflags & IOP_XATTR))
+	if (!(inode->i_opflags & IOP_XATTR) ||
+	    inode->i_sb->s_user_ns != &init_user_ns)
 		return -EOPNOTSUPP;
 
 	desc = init_desc(type);