Message ID | 20240205182506.3569743-3-stefanb@linux.ibm.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | evm: Support signatures on stacked filesystem | expand |
On Mon, Feb 5, 2024 at 8:25 PM Stefan Berger <stefanb@linux.ibm.com> wrote: > > Copying up xattrs is solely based on the security xattr name. For finer > granularity add a dentry parameter to the security_inode_copy_up_xattr > hook definition, allowing decisions to be based on the xattr content as > well. > > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> For ovl part Acked-by: Amir Goldstein <amir73il@gmail.com> > --- > fs/overlayfs/copy_up.c | 2 +- > include/linux/evm.h | 5 +++-- > include/linux/lsm_hook_defs.h | 3 ++- > include/linux/security.h | 4 ++-- > security/integrity/evm/evm_main.c | 2 +- > security/security.c | 7 ++++--- > security/selinux/hooks.c | 2 +- > security/smack/smack_lsm.c | 2 +- > 8 files changed, 15 insertions(+), 12 deletions(-) > > diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c > index 8586e2f5d243..de20fe9333c0 100644 > --- a/fs/overlayfs/copy_up.c > +++ b/fs/overlayfs/copy_up.c > @@ -114,7 +114,7 @@ int ovl_copy_xattr(struct super_block *sb, const struct path *oldpath, struct de > if (ovl_is_private_xattr(sb, name)) > continue; > > - error = security_inode_copy_up_xattr(name); > + error = security_inode_copy_up_xattr(old, name); > if (error < 0 && error != -EOPNOTSUPP) > break; > if (error == 1) { > diff --git a/include/linux/evm.h b/include/linux/evm.h > index 36ec884320d9..840ffbdc2860 100644 > --- a/include/linux/evm.h > +++ b/include/linux/evm.h > @@ -31,7 +31,7 @@ extern void evm_inode_post_setxattr(struct dentry *dentry, > const char *xattr_name, > const void *xattr_value, > size_t xattr_value_len); > -extern int evm_inode_copy_up_xattr(const char *name); > +extern int evm_inode_copy_up_xattr(struct dentry *dentry, const char *name); > extern int evm_inode_removexattr(struct mnt_idmap *idmap, > struct dentry *dentry, const char *xattr_name); > extern void evm_inode_post_removexattr(struct dentry *dentry, > @@ -118,7 +118,8 @@ static inline void evm_inode_post_setxattr(struct dentry *dentry, > return; > } > > -static inline int evm_inode_copy_up_xattr(const char *name) > +static inline int evm_inode_copy_up_xattr(struct dentry *dentry, > + const char *name) > { > return 0; > } > diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h > index 185924c56378..7dd61f51d84a 100644 > --- a/include/linux/lsm_hook_defs.h > +++ b/include/linux/lsm_hook_defs.h > @@ -163,7 +163,8 @@ LSM_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer, > size_t buffer_size) > LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid) > LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new) > -LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, const char *name) > +LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, struct dentry *src, > + const char *name) > LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir, > struct kernfs_node *kn) > LSM_HOOK(int, 0, file_permission, struct file *file, int mask) > diff --git a/include/linux/security.h b/include/linux/security.h > index d0eb20f90b26..9fc9ca6284d6 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -387,7 +387,7 @@ int security_inode_setsecurity(struct inode *inode, const char *name, const void > int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); > void security_inode_getsecid(struct inode *inode, u32 *secid); > int security_inode_copy_up(struct dentry *src, struct cred **new); > -int security_inode_copy_up_xattr(const char *name); > +int security_inode_copy_up_xattr(struct dentry *src, const char *name); > int security_kernfs_init_security(struct kernfs_node *kn_dir, > struct kernfs_node *kn); > int security_file_permission(struct file *file, int mask); > @@ -980,7 +980,7 @@ static inline int security_kernfs_init_security(struct kernfs_node *kn_dir, > return 0; > } > > -static inline int security_inode_copy_up_xattr(const char *name) > +static inline int security_inode_copy_up_xattr(struct dentry *src, const char *name) > { > return -EOPNOTSUPP; > } > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c > index cc7956d7878b..2555aa4501ae 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -896,7 +896,7 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) > evm_update_evmxattr(dentry, NULL, NULL, 0); > } > > -int evm_inode_copy_up_xattr(const char *name) > +int evm_inode_copy_up_xattr(struct dentry *src, const char *name) > { > if (strcmp(name, XATTR_NAME_EVM) == 0) > return 1; /* Discard */ > diff --git a/security/security.c b/security/security.c > index 0144a98d3712..ee63863c1dc0 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -2596,6 +2596,7 @@ EXPORT_SYMBOL(security_inode_copy_up); > > /** > * security_inode_copy_up_xattr() - Filter xattrs in an overlayfs copy-up op > + * @src: union dentry of copy-up file > * @name: xattr name > * > * Filter the xattrs being copied up when a unioned file is copied up from a > @@ -2606,7 +2607,7 @@ EXPORT_SYMBOL(security_inode_copy_up); > * if the security module does not know about attribute, or a negative > * error code to abort the copy up. > */ > -int security_inode_copy_up_xattr(const char *name) > +int security_inode_copy_up_xattr(struct dentry *src, const char *name) > { > struct security_hook_list *hp; > int rc; > @@ -2618,12 +2619,12 @@ int security_inode_copy_up_xattr(const char *name) > */ > hlist_for_each_entry(hp, > &security_hook_heads.inode_copy_up_xattr, list) { > - rc = hp->hook.inode_copy_up_xattr(name); > + rc = hp->hook.inode_copy_up_xattr(src, name); > if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr)) > return rc; > } > > - return evm_inode_copy_up_xattr(name); > + return evm_inode_copy_up_xattr(src, name); > } > EXPORT_SYMBOL(security_inode_copy_up_xattr); > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index a6bf90ace84c..ebb8876837c6 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -3530,7 +3530,7 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new) > return 0; > } > > -static int selinux_inode_copy_up_xattr(const char *name) > +static int selinux_inode_copy_up_xattr(struct dentry *dentry, const char *name) > { > /* The copy_up hook above sets the initial context on an inode, but we > * don't then want to overwrite it by blindly copying all the lower > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 0fdbf04cc258..bffca165f07f 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -4873,7 +4873,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) > return 0; > } > > -static int smack_inode_copy_up_xattr(const char *name) > +static int smack_inode_copy_up_xattr(struct dentry *src, const char *name) > { > /* > * Return 1 if this is the smack access Smack attribute. > -- > 2.43.0 >
On Mon, Feb 5, 2024 at 1:25 PM Stefan Berger <stefanb@linux.ibm.com> wrote: > > Copying up xattrs is solely based on the security xattr name. For finer > granularity add a dentry parameter to the security_inode_copy_up_xattr > hook definition, allowing decisions to be based on the xattr content as > well. > > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> > --- > fs/overlayfs/copy_up.c | 2 +- > include/linux/evm.h | 5 +++-- > include/linux/lsm_hook_defs.h | 3 ++- > include/linux/security.h | 4 ++-- > security/integrity/evm/evm_main.c | 2 +- > security/security.c | 7 ++++--- > security/selinux/hooks.c | 2 +- > security/smack/smack_lsm.c | 2 +- > 8 files changed, 15 insertions(+), 12 deletions(-) Acked-by: Paul Moore <paul@paul-moore.com> (LSM,SELinux)
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 8586e2f5d243..de20fe9333c0 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -114,7 +114,7 @@ int ovl_copy_xattr(struct super_block *sb, const struct path *oldpath, struct de if (ovl_is_private_xattr(sb, name)) continue; - error = security_inode_copy_up_xattr(name); + error = security_inode_copy_up_xattr(old, name); if (error < 0 && error != -EOPNOTSUPP) break; if (error == 1) { diff --git a/include/linux/evm.h b/include/linux/evm.h index 36ec884320d9..840ffbdc2860 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -31,7 +31,7 @@ extern void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name, const void *xattr_value, size_t xattr_value_len); -extern int evm_inode_copy_up_xattr(const char *name); +extern int evm_inode_copy_up_xattr(struct dentry *dentry, const char *name); extern int evm_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, const char *xattr_name); extern void evm_inode_post_removexattr(struct dentry *dentry, @@ -118,7 +118,8 @@ static inline void evm_inode_post_setxattr(struct dentry *dentry, return; } -static inline int evm_inode_copy_up_xattr(const char *name) +static inline int evm_inode_copy_up_xattr(struct dentry *dentry, + const char *name) { return 0; } diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 185924c56378..7dd61f51d84a 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -163,7 +163,8 @@ LSM_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer, size_t buffer_size) LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid) LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new) -LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, const char *name) +LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, struct dentry *src, + const char *name) LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir, struct kernfs_node *kn) LSM_HOOK(int, 0, file_permission, struct file *file, int mask) diff --git a/include/linux/security.h b/include/linux/security.h index d0eb20f90b26..9fc9ca6284d6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -387,7 +387,7 @@ int security_inode_setsecurity(struct inode *inode, const char *name, const void int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); void security_inode_getsecid(struct inode *inode, u32 *secid); int security_inode_copy_up(struct dentry *src, struct cred **new); -int security_inode_copy_up_xattr(const char *name); +int security_inode_copy_up_xattr(struct dentry *src, const char *name); int security_kernfs_init_security(struct kernfs_node *kn_dir, struct kernfs_node *kn); int security_file_permission(struct file *file, int mask); @@ -980,7 +980,7 @@ static inline int security_kernfs_init_security(struct kernfs_node *kn_dir, return 0; } -static inline int security_inode_copy_up_xattr(const char *name) +static inline int security_inode_copy_up_xattr(struct dentry *src, const char *name) { return -EOPNOTSUPP; } diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index cc7956d7878b..2555aa4501ae 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -896,7 +896,7 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) evm_update_evmxattr(dentry, NULL, NULL, 0); } -int evm_inode_copy_up_xattr(const char *name) +int evm_inode_copy_up_xattr(struct dentry *src, const char *name) { if (strcmp(name, XATTR_NAME_EVM) == 0) return 1; /* Discard */ diff --git a/security/security.c b/security/security.c index 0144a98d3712..ee63863c1dc0 100644 --- a/security/security.c +++ b/security/security.c @@ -2596,6 +2596,7 @@ EXPORT_SYMBOL(security_inode_copy_up); /** * security_inode_copy_up_xattr() - Filter xattrs in an overlayfs copy-up op + * @src: union dentry of copy-up file * @name: xattr name * * Filter the xattrs being copied up when a unioned file is copied up from a @@ -2606,7 +2607,7 @@ EXPORT_SYMBOL(security_inode_copy_up); * if the security module does not know about attribute, or a negative * error code to abort the copy up. */ -int security_inode_copy_up_xattr(const char *name) +int security_inode_copy_up_xattr(struct dentry *src, const char *name) { struct security_hook_list *hp; int rc; @@ -2618,12 +2619,12 @@ int security_inode_copy_up_xattr(const char *name) */ hlist_for_each_entry(hp, &security_hook_heads.inode_copy_up_xattr, list) { - rc = hp->hook.inode_copy_up_xattr(name); + rc = hp->hook.inode_copy_up_xattr(src, name); if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr)) return rc; } - return evm_inode_copy_up_xattr(name); + return evm_inode_copy_up_xattr(src, name); } EXPORT_SYMBOL(security_inode_copy_up_xattr); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a6bf90ace84c..ebb8876837c6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3530,7 +3530,7 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new) return 0; } -static int selinux_inode_copy_up_xattr(const char *name) +static int selinux_inode_copy_up_xattr(struct dentry *dentry, const char *name) { /* The copy_up hook above sets the initial context on an inode, but we * don't then want to overwrite it by blindly copying all the lower diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 0fdbf04cc258..bffca165f07f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4873,7 +4873,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) return 0; } -static int smack_inode_copy_up_xattr(const char *name) +static int smack_inode_copy_up_xattr(struct dentry *src, const char *name) { /* * Return 1 if this is the smack access Smack attribute.
Copying up xattrs is solely based on the security xattr name. For finer granularity add a dentry parameter to the security_inode_copy_up_xattr hook definition, allowing decisions to be based on the xattr content as well. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- fs/overlayfs/copy_up.c | 2 +- include/linux/evm.h | 5 +++-- include/linux/lsm_hook_defs.h | 3 ++- include/linux/security.h | 4 ++-- security/integrity/evm/evm_main.c | 2 +- security/security.c | 7 ++++--- security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- 8 files changed, 15 insertions(+), 12 deletions(-)