Re: [PATCH v11 0/4] evm: Do HMAC of multiple per LSM xattrs for new inodes

[PATCH v11 0/4] evm: Do HMAC of multiple per LSM xattrs for new inodes · Roberto Sassu <hidden> · 2023-06-03
[PATCH v11 1/4] security: Allow all LSMs to provide xattrs for inode_init_security hook · Roberto Sassu <hidden> · 2023-06-03
Re: [PATCH v11 1/4] security: Allow all LSMs to provide xattrs for inode_init_security hook · Paul Moore <paul@paul-moore.com> · 2023-06-09
[PATCH v11 2/4] smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security() · Roberto Sassu <hidden> · 2023-06-03
Re: [PATCH v11 2/4] smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security() · Roberto Sassu <hidden> · 2023-06-05
Re: [PATCH v11 2/4] smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security() · "Jarkko Sakkinen" <jarkko@kernel.org> · 2023-06-09
Re: [PATCH v11 2/4] smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security() · Roberto Sassu <hidden> · 2023-06-10
Re: [PATCH v11 2/4] smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security() · Mengchi Cheng <hidden> · 2023-06-23
Re: [PATCH v11 2/4] smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security() · Mimi Zohar <zohar@linux.ibm.com> · 2023-06-09
Re: [PATCH v11 2/4] smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security() · Roberto Sassu <hidden> · 2023-06-10
[PATCH v11 3/4] evm: Align evm_inode_init_security() definition with LSM infrastructure · Roberto Sassu <hidden> · 2023-06-03
Re: [PATCH v11 3/4] evm: Align evm_inode_init_security() definition with LSM infrastructure · Mimi Zohar <zohar@linux.ibm.com> · 2023-06-09
[PATCH v11 4/4] evm: Support multiple LSMs providing an xattr · Roberto Sassu <hidden> · 2023-06-03
Re: [PATCH v11 0/4] evm: Do HMAC of multiple per LSM xattrs for new inodes · Mimi Zohar <zohar@linux.ibm.com> · 2023-06-06
Re: [PATCH v11 0/4] evm: Do HMAC of multiple per LSM xattrs for new inodes · Roberto Sassu <hidden> · 2023-06-06
Re: [PATCH v11 0/4] evm: Do HMAC of multiple per LSM xattrs for new inodes · Paul Moore <paul@paul-moore.com> · 2023-06-09
Re: [PATCH v11 0/4] evm: Do HMAC of multiple per LSM xattrs for new inodes · Roberto Sassu <hidden> · 2023-06-10

From: Roberto Sassu <hidden>
Date: 2023-06-10 08:01:43
Also in: bpf, linux-integrity, lkml, selinux

On 6/9/2023 10:05 PM, Paul Moore wrote:

On Sat, Jun 3, 2023 at 3:16 PM Roberto Sassu
[off-list ref] wrote:

quoted

From: Roberto Sassu <roberto.sassu@huawei.com>

One of the major goals of LSM stacking is to run multiple LSMs side by side
without interfering with each other. The ultimate decision will depend on
individual LSM decision.

Several changes need to be made to the LSM infrastructure to be able to
support that. This patch set tackles one of them: gives to each LSM the
ability to specify one or multiple xattrs to be set at inode creation
time and, at the same time, gives to EVM the ability to access all those
xattrs and calculate the HMAC on them ...

Thanks for sticking with this Roberto, I see a few
comments/suggestions on this patchset, but overall it is looking
pretty good; I'm hopeful we will be able to merge the next revision.

Thanks for looking at it.

Just sent v12 with the suggestions. One is addressed with a different 
patch set (Smack transmute fixes).

Roberto

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help