Re: [PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes

[PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes · Roberto Sassu <hidden> · 2022-12-01
[PATCH v7 1/6] reiserfs: Switch to security_inode_init_security() · Roberto Sassu <hidden> · 2022-12-01
Re: [PATCH v7 1/6] reiserfs: Switch to security_inode_init_security() · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-17
[PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Roberto Sassu <hidden> · 2022-12-01
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Roberto Sassu <hidden> · 2023-01-10
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Paul Moore <paul@paul-moore.com> · 2023-01-12
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Roberto Sassu <hidden> · 2023-02-08
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Paul Moore <paul@paul-moore.com> · 2023-02-09
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Joseph Qi <joseph.qi@linux.alibaba.com> · 2023-02-21
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Roberto Sassu <hidden> · 2023-02-21
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-17
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-17
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Roberto Sassu <hidden> · 2023-02-20
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-20
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Roberto Sassu <hidden> · 2023-02-20
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-20
Re: [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security() · Roberto Sassu <hidden> · 2023-02-20
[PATCH v7 3/6] security: Remove security_old_inode_init_security() · Roberto Sassu <hidden> · 2022-12-01
Re: [PATCH v7 3/6] security: Remove security_old_inode_init_security() · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-19
[PATCH v7 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook · Roberto Sassu <hidden> · 2022-12-01
Re: [PATCH v7 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-20
[PATCH v7 5/6] evm: Align evm_inode_init_security() definition with LSM infrastructure · Roberto Sassu <hidden> · 2022-12-01
Re: [PATCH v7 5/6] evm: Align evm_inode_init_security() definition with LSM infrastructure · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-19
[PATCH v7 6/6] evm: Support multiple LSMs providing an xattr · Roberto Sassu <hidden> · 2022-12-01
Re: [PATCH v7 6/6] evm: Support multiple LSMs providing an xattr · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-19
Re: [PATCH v7 6/6] evm: Support multiple LSMs providing an xattr · Roberto Sassu <hidden> · 2023-02-20
Re: [PATCH v7 6/6] evm: Support multiple LSMs providing an xattr · Mimi Zohar <zohar@linux.ibm.com> · 2023-02-20
Re: [PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes · Paul Moore <paul@paul-moore.com> · 2023-01-12
Re: [PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes · Roberto Sassu <hidden> · 2023-01-13
Re: [PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes · Paul Moore <paul@paul-moore.com> · 2023-03-08
Re: [PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes · Roberto Sassu <hidden> · 2023-03-09

From: Roberto Sassu <hidden>
Date: 2023-03-09 07:56:06
Also in: linux-integrity, lkml, ocfs2-devel, selinux

On Wed, 2023-03-08 at 17:16 -0500, Paul Moore wrote:

On Thu, Dec 1, 2022 at 5:42 AM Roberto Sassu
[off-list ref] wrote:

quoted

From: Roberto Sassu <roberto.sassu@huawei.com>

One of the major goals of LSM stacking is to run multiple LSMs side by side
without interfering with each other. The ultimate decision will depend on
individual LSM decision.

Several changes need to be made to the LSM infrastructure to be able to
support that. This patch set tackles one of them: gives to each LSM the
ability to specify one or multiple xattrs to be set at inode creation
time and, at the same time, gives to EVM the ability to access all those
xattrs and calculate the HMAC on them.

Hi Roberto,

The v7 draft of this patchset had some good discussion, and based on a
quick read of the comments it looks like everyone was eventually
satisfied that the v7 draft was good and no further changes were
necessary, is that correct or do you have an updated draft of this
patchset?

Hi Paul

I addressed few more concerns from Mimi and Casey. I think v8 should be
good to send (unless you have more comments/suggestions).

Thanks

Roberto

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help