Message ID | 20240205182506.3569743-8-stefanb@linux.ibm.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | evm: Support signatures on stacked filesystem | expand |
On Mon, Feb 5, 2024 at 8:25 PM Stefan Berger <stefanb@linux.ibm.com> wrote: > > Now that EVM supports RSA signatures for previously completely > unsupported filesystems rename the flag SB_I_EVM_UNSUPPORTED to > SB_I_EVM_HMAC_UNSUPPORTED to reflect that only HMAC is not supported. > > Suggested-by: Amir Goldstein <amir73il@gmail.com> > Suggested-by: Mimi Zohar <zohar@linux.ibm.com> > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Acked-by: Amir Goldstein <amir73il@gmail.com> > --- > fs/overlayfs/super.c | 2 +- > include/linux/fs.h | 2 +- > security/integrity/evm/evm_main.c | 2 +- > 3 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c > index 460126b7e1cd..db132d437e14 100644 > --- a/fs/overlayfs/super.c > +++ b/fs/overlayfs/super.c > @@ -1445,7 +1445,7 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc) > * lead to unexpected results. > */ > sb->s_iflags |= SB_I_NOUMASK; > - sb->s_iflags |= SB_I_EVM_UNSUPPORTED; > + sb->s_iflags |= SB_I_EVM_HMAC_UNSUPPORTED; > > err = -ENOMEM; > root_dentry = ovl_get_root(sb, ctx->upper.dentry, oe); > diff --git a/include/linux/fs.h b/include/linux/fs.h > index 1823a93202bd..37306a09b4dc 100644 > --- a/include/linux/fs.h > +++ b/include/linux/fs.h > @@ -1177,7 +1177,7 @@ extern int send_sigurg(struct fown_struct *fown); > #define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */ > #define SB_I_IMA_UNVERIFIABLE_SIGNATURE 0x00000020 > #define SB_I_UNTRUSTED_MOUNTER 0x00000040 > -#define SB_I_EVM_UNSUPPORTED 0x00000080 > +#define SB_I_EVM_HMAC_UNSUPPORTED 0x00000080 > > #define SB_I_SKIP_SYNC 0x00000100 /* Skip superblock at global sync */ > #define SB_I_PERSB_BDI 0x00000200 /* has a per-sb bdi */ > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c > index c3bd88aba78c..ff659e622f4a 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -155,7 +155,7 @@ static int is_unsupported_fs(struct dentry *dentry) > { > struct inode *inode = d_backing_inode(dentry); > > - if (inode->i_sb->s_iflags & SB_I_EVM_UNSUPPORTED) { > + if (inode->i_sb->s_iflags & SB_I_EVM_HMAC_UNSUPPORTED) { > pr_info_once("%s not supported\n", inode->i_sb->s_type->name); > return 1; > } > -- > 2.43.0 >
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 460126b7e1cd..db132d437e14 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -1445,7 +1445,7 @@ int ovl_fill_super(struct super_block *sb, struct fs_context *fc) * lead to unexpected results. */ sb->s_iflags |= SB_I_NOUMASK; - sb->s_iflags |= SB_I_EVM_UNSUPPORTED; + sb->s_iflags |= SB_I_EVM_HMAC_UNSUPPORTED; err = -ENOMEM; root_dentry = ovl_get_root(sb, ctx->upper.dentry, oe); diff --git a/include/linux/fs.h b/include/linux/fs.h index 1823a93202bd..37306a09b4dc 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1177,7 +1177,7 @@ extern int send_sigurg(struct fown_struct *fown); #define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */ #define SB_I_IMA_UNVERIFIABLE_SIGNATURE 0x00000020 #define SB_I_UNTRUSTED_MOUNTER 0x00000040 -#define SB_I_EVM_UNSUPPORTED 0x00000080 +#define SB_I_EVM_HMAC_UNSUPPORTED 0x00000080 #define SB_I_SKIP_SYNC 0x00000100 /* Skip superblock at global sync */ #define SB_I_PERSB_BDI 0x00000200 /* has a per-sb bdi */ diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index c3bd88aba78c..ff659e622f4a 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -155,7 +155,7 @@ static int is_unsupported_fs(struct dentry *dentry) { struct inode *inode = d_backing_inode(dentry); - if (inode->i_sb->s_iflags & SB_I_EVM_UNSUPPORTED) { + if (inode->i_sb->s_iflags & SB_I_EVM_HMAC_UNSUPPORTED) { pr_info_once("%s not supported\n", inode->i_sb->s_type->name); return 1; }
Now that EVM supports RSA signatures for previously completely unsupported filesystems rename the flag SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED to reflect that only HMAC is not supported. Suggested-by: Amir Goldstein <amir73il@gmail.com> Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- fs/overlayfs/super.c | 2 +- include/linux/fs.h | 2 +- security/integrity/evm/evm_main.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-)