Re: [PATCH 21/28] security: Introduce inode_post_remove_acl hook

[PATCH 00/28] security: Move IMA and EVM to the LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
[PATCH 12/28] fs: Fix description of vfs_tmpfile() · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 12/28] fs: Fix description of vfs_tmpfile() · Christian Brauner <brauner@kernel.org> · 2023-03-06
Re: [PATCH 12/28] fs: Fix description of vfs_tmpfile() · Roberto Sassu <hidden> · 2023-03-06
[PATCH 13/28] security: Align inode_setattr hook definition with EVM · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 13/28] security: Align inode_setattr hook definition with EVM · Casey Schaufler <casey@schaufler-ca.com> · 2023-03-05
Re: [PATCH 13/28] security: Align inode_setattr hook definition with EVM · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 14/28] security: Introduce inode_post_setattr hook · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 14/28] security: Introduce inode_post_setattr hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
Re: [PATCH 14/28] security: Introduce inode_post_setattr hook · Mimi Zohar <zohar@linux.ibm.com> · 2023-03-08
[PATCH 15/28] security: Introduce inode_post_removexattr hook · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 15/28] security: Introduce inode_post_removexattr hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
Re: [PATCH 15/28] security: Introduce inode_post_removexattr hook · Mimi Zohar <zohar@linux.ibm.com> · 2023-03-08
Re: [PATCH 15/28] security: Introduce inode_post_removexattr hook · Roberto Sassu <hidden> · 2023-03-09
Re: [PATCH 15/28] security: Introduce inode_post_removexattr hook · Roberto Sassu <hidden> · 2023-08-30
Re: [PATCH 15/28] security: Introduce inode_post_removexattr hook · Christian Brauner <brauner@kernel.org> · 2023-08-30
[PATCH 16/28] security: Introduce file_post_open hook · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 16/28] security: Introduce file_post_open hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 17/28] security: Introduce file_pre_free_security hook · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 17/28] security: Introduce file_pre_free_security hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 18/28] security: Introduce path_post_mknod hook · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 18/28] security: Introduce path_post_mknod hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
Re: [PATCH 18/28] security: Introduce path_post_mknod hook · Mimi Zohar <zohar@linux.ibm.com> · 2023-03-08
[PATCH 19/28] security: Introduce inode_post_create_tmpfile hook · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 19/28] security: Introduce inode_post_create_tmpfile hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 20/28] security: Introduce inode_post_set_acl hook · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 20/28] security: Introduce inode_post_set_acl hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 23/28] security: Introduce LSM_ORDER_LAST · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 23/28] security: Introduce LSM_ORDER_LAST · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-07
Re: [PATCH 23/28] security: Introduce LSM_ORDER_LAST · Roberto Sassu <hidden> · 2023-03-08
Re: [PATCH 23/28] security: Introduce LSM_ORDER_LAST · Mimi Zohar <zohar@linux.ibm.com> · 2023-03-08
Re: [PATCH 23/28] security: Introduce LSM_ORDER_LAST · Roberto Sassu <hidden> · 2023-03-08
Re: [PATCH 23/28] security: Introduce LSM_ORDER_LAST · Mimi Zohar <zohar@linux.ibm.com> · 2023-03-08
Re: [PATCH 23/28] security: Introduce LSM_ORDER_LAST · Roberto Sassu <hidden> · 2023-03-08
Re: [PATCH 23/28] security: Introduce LSM_ORDER_LAST · Mimi Zohar <zohar@linux.ibm.com> · 2023-03-08
[PATCH 24/28] ima: Move to LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
[PATCH 25/28] ima: Move IMA-Appraisal to LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
[PATCH 26/28] evm: Move to LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 26/28] evm: Move to LSM infrastructure · Casey Schaufler <casey@schaufler-ca.com> · 2023-03-04
Re: [PATCH 26/28] evm: Move to LSM infrastructure · Roberto Sassu <hidden> · 2023-03-06
Re: [PATCH 26/28] evm: Move to LSM infrastructure · Casey Schaufler <casey@schaufler-ca.com> · 2023-03-07
Re: [PATCH 26/28] evm: Move to LSM infrastructure · Roberto Sassu <hidden> · 2023-03-07
[PATCH 28/28] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache · Roberto Sassu <hidden> · 2023-03-03
[PATCH 04/28] ima: Align ima_file_mprotect() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 04/28] ima: Align ima_file_mprotect() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 10/28] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 10/28] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 05/28] ima: Align ima_inode_setxattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 05/28] ima: Align ima_inode_setxattr() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 06/28] ima: Align ima_inode_removexattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 06/28] ima: Align ima_inode_removexattr() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 02/28] ima: Align ima_post_path_mknod() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 02/28] ima: Align ima_post_path_mknod() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 08/28] evm: Align evm_inode_post_setattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 08/28] evm: Align evm_inode_post_setattr() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 03/28] ima: Align ima_post_create_tmpfile() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 03/28] ima: Align ima_post_create_tmpfile() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
Re: [PATCH 03/28] ima: Align ima_post_create_tmpfile() definition with LSM infrastructure · Mimi Zohar <zohar@linux.ibm.com> · 2023-03-08
Re: [PATCH 03/28] ima: Align ima_post_create_tmpfile() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-09
[PATCH 01/28] ima: Align ima_inode_post_setattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 01/28] ima: Align ima_inode_post_setattr() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 11/28] evm: Complete description of evm_inode_setattr() · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 11/28] evm: Complete description of evm_inode_setattr() · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
Re: [PATCH 11/28] evm: Complete description of evm_inode_setattr() · Roberto Sassu <hidden> · 2023-03-07
[PATCH 07/28] ima: Align ima_post_read_file() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 07/28] ima: Align ima_post_read_file() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 09/28] evm: Align evm_inode_setxattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 09/28] evm: Align evm_inode_setxattr() definition with LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
[PATCH 21/28] security: Introduce inode_post_remove_acl hook · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 21/28] security: Introduce inode_post_remove_acl hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
Re: [PATCH 21/28] security: Introduce inode_post_remove_acl hook · Roberto Sassu <hidden> · 2023-03-06
Re: [PATCH 21/28] security: Introduce inode_post_remove_acl hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-06
Re: [PATCH 21/28] security: Introduce inode_post_remove_acl hook · Roberto Sassu <hidden> · 2023-03-06
[PATCH 22/28] security: Introduce key_post_create_or_update hook · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 22/28] security: Introduce key_post_create_or_update hook · Stefan Berger <stefanb@linux.ibm.com> · 2023-03-07
Re: [PATCH 22/28] security: Introduce key_post_create_or_update hook · Mimi Zohar <zohar@linux.ibm.com> · 2023-03-08
[PATCH 27/28] integrity: Move integrity functions to the LSM infrastructure · Roberto Sassu <hidden> · 2023-03-03
Re: [PATCH 00/28] security: Move IMA and EVM to the LSM infrastructure · Mimi Zohar <zohar@linux.ibm.com> · 2023-03-08
Re: [PATCH 00/28] security: Move IMA and EVM to the LSM infrastructure · Roberto Sassu <hidden> · 2023-03-08

From: Roberto Sassu <hidden>
Date: 2023-03-06 15:36:48
Also in: keyrings, linux-fsdevel, linux-integrity, linux-nfs, lkml, selinux

On Mon, 2023-03-06 at 10:22 -0500, Stefan Berger wrote:

On 3/3/23 13:18, Roberto Sassu wrote:

quoted

From: Roberto Sassu <roberto.sassu@huawei.com>

In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_remove_acl hook.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
  
+/**
+ * security_inode_post_remove_acl() - Update inode sec after remove_acl op
+ * @idmap: idmap of the mount
+ * @dentry: file
+ * @acl_name: acl name
+ *
+ * Update inode security field after successful remove_acl operation on @dentry
+ * in @idmap. The posix acls are identified by @acl_name.
+ */
+void security_inode_post_remove_acl(struct mnt_idmap *idmap,
+				    struct dentry *dentry, const char *acl_name)
+{
+	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
+		return;

Was that a mistake before that EVM and IMA functions did not filtered out private inodes?

Looks like that. At least for hooks that are not called from
security.c.

Thanks

Roberto

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help