Re: [PATCH v9 13/25] security: Introduce file_release hook

[PATCH v9 00/25] security: Move IMA and EVM to the LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
[PATCH v9 01/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 1/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 02/25] ima: Align ima_file_mprotect() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 2/25] ima: Align ima_file_mprotect() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 03/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 3/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 05/25] ima: Align ima_post_read_file() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 5/25] ima: Align ima_post_read_file() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 06/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 6/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 07/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 7/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 08/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 8/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 09/25] security: Align inode_setattr hook definition with EVM · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 9/25] security: Align inode_setattr hook definition with EVM · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 10/25] security: Introduce inode_post_setattr hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 10/25] security: Introduce inode_post_setattr hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 10/25] security: Introduce inode_post_setattr hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 11/25] security: Introduce inode_post_removexattr hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 11/25] security: Introduce inode_post_removexattr hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 11/25] security: Introduce inode_post_removexattr hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 12/25] security: Introduce file_post_open hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Roberto Sassu <hidden> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Roberto Sassu <hidden> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Mimi Zohar <zohar@linux.ibm.com> · 2024-02-12
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-12
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Roberto Sassu <hidden> · 2024-02-13
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-13
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Mimi Zohar <zohar@linux.ibm.com> · 2024-02-14
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-14
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Mimi Zohar <zohar@linux.ibm.com> · 2024-02-15
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-15
[PATCH v9 14/25] security: Introduce path_post_mknod hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 14/25] security: Introduce path_post_mknod hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 14/25] security: Introduce path_post_mknod hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 14/25] security: Introduce path_post_mknod hook · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 16/25] security: Introduce inode_post_set_acl hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 16/25] security: Introduce inode_post_set_acl hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 16/25] security: Introduce inode_post_set_acl hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 17/25] security: Introduce inode_post_remove_acl hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 17/25] security: Introduce inode_post_remove_acl hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 17/25] security: Introduce inode_post_remove_acl hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 18/25] security: Introduce key_post_create_or_update hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 18/25] security: Introduce key_post_create_or_update hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Paul Moore <paul@paul-moore.com> · 2024-02-12
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Roberto Sassu <hidden> · 2024-02-13
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-13
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Roberto Sassu <hidden> · 2024-02-15
[PATCH v9 20/25] ima: Move to LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 20/25] ima: Move to LSM infrastructure · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 20/25] ima: Move to LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 20/25] ima: Move to LSM infrastructure · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 20/25] ima: Move to LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 22/25] evm: Move to LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 22/25] evm: Move to LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 22/25] evm: Move to LSM infrastructure · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 22/25] evm: Move to LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 23/25] evm: Make it independent from 'integrity' LSM · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 23/25] evm: Make it independent from 'integrity' LSM · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 23/25] evm: Make it independent from 'integrity' LSM · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 23/25] evm: Make it independent from 'integrity' LSM · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 24/25] ima: Make it independent from 'integrity' LSM · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 24/25] ima: Make it independent from 'integrity' LSM · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 24/25] ima: Make it independent from 'integrity' LSM · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 25/25] integrity: Remove LSM · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 25/25] integrity: Remove LSM · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 25/25] integrity: Remove LSM · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 25/25] integrity: Remove LSM · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 04/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 4/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 13/25] security: Introduce file_release hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 13/25] security: Introduce file_release hook · Al Viro <viro@zeniv.linux.org.uk> · 2024-01-15
Re: [PATCH v9 13/25] security: Introduce file_release hook · Roberto Sassu <hidden> · 2024-01-16
Re: [PATCH v9 13/25] security: Introduce file_release hook · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 13/25] security: Introduce file_release hook · Al Viro <viro@zeniv.linux.org.uk> · 2024-01-16
Re: [PATCH v9 13/25] security: Introduce file_release hook · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 13/25] security: Introduce file_release hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 13/25] security: Introduce file_release hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 13/25] security: Introduce file_release hook · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
Re: [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure · Roberto Sassu <hidden> · 2024-02-08
Re: [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08

From: Al Viro <viro@zeniv.linux.org.uk>
Date: 2024-01-15 19:15:48
Also in: keyrings, linux-fsdevel, linux-integrity, linux-kselftest, linux-nfs, lkml, selinux

On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wrote:

From: Roberto Sassu <roberto.sassu@huawei.com>

In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the file_release hook.

IMA calculates at file close the new digest of the file content and writes
it to security.ima, so that appraisal at next file access succeeds.

An LSM could implement an exclusive access scheme for files, only allowing
access to files that have no references.

Elaborate that last part, please.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help