From patchwork Fri May 17 16:55:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 10948273 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 20EB96C5 for ; Fri, 17 May 2019 16:59:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0DF9828397 for ; Fri, 17 May 2019 16:59:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 01B1D283A2; Fri, 17 May 2019 16:59:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BF89028397 for ; Fri, 17 May 2019 16:59:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727838AbfEQQ7D (ORCPT ); Fri, 17 May 2019 12:59:03 -0400 Received: from lhrrgout.huawei.com ([185.176.76.210]:32951 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727370AbfEQQ7C (ORCPT ); Fri, 17 May 2019 12:59:02 -0400 Received: from lhreml707-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id DD288D5C50E3A877CF75; Fri, 17 May 2019 17:59:00 +0100 (IST) Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.154) by smtpsuk.huawei.com (10.201.108.48) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 17 May 2019 17:58:52 +0100 From: Roberto Sassu To: CC: , , , , , , , , , , , , , , , , Roberto Sassu Subject: [PATCH v3 0/2] initramfs: add support for xattrs in the initial ram disk Date: Fri, 17 May 2019 18:55:17 +0200 Message-ID: <20190517165519.11507-1-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 X-Originating-IP: [10.204.65.154] X-CFilter-Loop: Reflected Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This patch set aims at solving the following use case: appraise files from the initial ram disk. To do that, IMA checks the signature/hash from the security.ima xattr. Unfortunately, this use case cannot be implemented currently, as the CPIO format does not support xattrs. This proposal consists in marshaling pathnames and xattrs in a file called .xattr-list. They are unmarshaled by the CPIO parser after all files have been extracted, or before the next ram disk is processed. The difference from v1 (https://lkml.org/lkml/2018/11/22/1182) is that all xattrs are stored in a single file and not per file (solves the file name limitation issue, as it is not necessary to add a suffix to files containing xattrs). The difference with another proposal (https://lore.kernel.org/patchwork/cover/888071/) is that xattrs can be included in an image without changing the image format, as opposed to defining a new one. As seen from the discussion, if a new format has to be defined, it should fix the issues of the existing format, which requires more time. To fulfill both requirements, adding support for xattrs in a short time and defining a new image format properly, this patch set takes an incremental approach: it introduces a parser of xattrs that can be used either if xattrs are in a regular file or directly added to the image (this patch set reuses patch 9/15 of the existing proposal); in addition, it introduces a wrapper of the xattr parser, to read xattrs from a file. The changes introduced by this patch set don't cause any compatibility issue: kernels without the xattr parser simply extracts .xattr-list and don't unmarshal xattrs; kernels with the xattr parser don't unmarshal xattrs if .xattr-list is not found in the image. From the kernel space perspective, backporting this functionality to older kernels should be very easy. It is sufficient to add two calls to the new function do_readxattrs(). From the user space perspective, no change is required for the use case. A new dracut module (module-setup.sh) will execute: getfattr --absolute-names -d -h -R -e hex -m security.ima \ | xattr.awk -b > ${initdir}/.xattr-list where xattr.awk is the script that marshals xattrs (see patch 3/3). The same can be done with the initramfs-tools ram disk generator. Changelog v2: - replace ksys_lsetxattr() with kern_path() and vfs_setxattr() (suggested by Jann Horn) - replace ksys_open()/ksys_read()/ksys_close() with filp_open()/kernel_read()/fput() (suggested by Jann Horn) - use path variable instead of name_buf in do_readxattrs() - set last byte of str to 0 in do_readxattrs() - call do_readxattrs() in do_name() before replacing an existing .xattr-list - pass pathname to do_setxattrs() Mimi Zohar (1): initramfs: set extended attributes Roberto Sassu (1): initramfs: introduce do_readxattrs() init/initramfs.c | 170 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 168 insertions(+), 2 deletions(-)