Re: [PATCH v9 12/25] security: Introduce file_post_open hook

[PATCH v9 00/25] security: Move IMA and EVM to the LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
[PATCH v9 01/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 1/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 02/25] ima: Align ima_file_mprotect() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 2/25] ima: Align ima_file_mprotect() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 03/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 3/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 05/25] ima: Align ima_post_read_file() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 5/25] ima: Align ima_post_read_file() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 06/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 6/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 07/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 7/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 08/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 8/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 09/25] security: Align inode_setattr hook definition with EVM · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 9/25] security: Align inode_setattr hook definition with EVM · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 10/25] security: Introduce inode_post_setattr hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 10/25] security: Introduce inode_post_setattr hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 10/25] security: Introduce inode_post_setattr hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 11/25] security: Introduce inode_post_removexattr hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 11/25] security: Introduce inode_post_removexattr hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 11/25] security: Introduce inode_post_removexattr hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 12/25] security: Introduce file_post_open hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Roberto Sassu <hidden> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Roberto Sassu <hidden> · 2024-02-09
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Mimi Zohar <zohar@linux.ibm.com> · 2024-02-12
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-12
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Roberto Sassu <hidden> · 2024-02-13
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-13
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Mimi Zohar <zohar@linux.ibm.com> · 2024-02-14
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-14
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Mimi Zohar <zohar@linux.ibm.com> · 2024-02-15
Re: [PATCH v9 12/25] security: Introduce file_post_open hook · Paul Moore <paul@paul-moore.com> · 2024-02-15
[PATCH v9 14/25] security: Introduce path_post_mknod hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 14/25] security: Introduce path_post_mknod hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 14/25] security: Introduce path_post_mknod hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 14/25] security: Introduce path_post_mknod hook · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 16/25] security: Introduce inode_post_set_acl hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 16/25] security: Introduce inode_post_set_acl hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 16/25] security: Introduce inode_post_set_acl hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 17/25] security: Introduce inode_post_remove_acl hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 17/25] security: Introduce inode_post_remove_acl hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 17/25] security: Introduce inode_post_remove_acl hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 18/25] security: Introduce key_post_create_or_update hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 18/25] security: Introduce key_post_create_or_update hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Paul Moore <paul@paul-moore.com> · 2024-02-12
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Roberto Sassu <hidden> · 2024-02-13
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-13
Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA · Roberto Sassu <hidden> · 2024-02-15
[PATCH v9 20/25] ima: Move to LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 20/25] ima: Move to LSM infrastructure · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 20/25] ima: Move to LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 20/25] ima: Move to LSM infrastructure · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 20/25] ima: Move to LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure · Christian Brauner <brauner@kernel.org> · 2024-02-09
[PATCH v9 22/25] evm: Move to LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 22/25] evm: Move to LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 22/25] evm: Move to LSM infrastructure · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 22/25] evm: Move to LSM infrastructure · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 23/25] evm: Make it independent from 'integrity' LSM · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 23/25] evm: Make it independent from 'integrity' LSM · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 23/25] evm: Make it independent from 'integrity' LSM · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 23/25] evm: Make it independent from 'integrity' LSM · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 24/25] ima: Make it independent from 'integrity' LSM · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 24/25] ima: Make it independent from 'integrity' LSM · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 24/25] ima: Make it independent from 'integrity' LSM · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 25/25] integrity: Remove LSM · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 25/25] integrity: Remove LSM · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 25/25] integrity: Remove LSM · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 25/25] integrity: Remove LSM · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
[PATCH v9 04/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 4/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
[PATCH v9 13/25] security: Introduce file_release hook · Roberto Sassu <hidden> · 2024-01-15
Re: [PATCH v9 13/25] security: Introduce file_release hook · Al Viro <viro@zeniv.linux.org.uk> · 2024-01-15
Re: [PATCH v9 13/25] security: Introduce file_release hook · Roberto Sassu <hidden> · 2024-01-16
Re: [PATCH v9 13/25] security: Introduce file_release hook · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 13/25] security: Introduce file_release hook · Al Viro <viro@zeniv.linux.org.uk> · 2024-01-16
Re: [PATCH v9 13/25] security: Introduce file_release hook · Casey Schaufler <casey@schaufler-ca.com> · 2024-01-16
Re: [PATCH v9 13/25] security: Introduce file_release hook · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 13/25] security: Introduce file_release hook · Christian Brauner <brauner@kernel.org> · 2024-02-09
Re: [PATCH v9 13/25] security: Introduce file_release hook · Stefan Berger <stefanb@linux.ibm.com> · 2024-02-12
Re: [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08
Re: [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure · Roberto Sassu <hidden> · 2024-02-08
Re: [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure · Paul Moore <paul@paul-moore.com> · 2024-02-08

From: Roberto Sassu <hidden>
Date: 2024-02-13 12:59:10
Also in: keyrings, linux-fsdevel, linux-integrity, linux-kselftest, linux-nfs, lkml, selinux

On Mon, 2024-02-12 at 16:16 -0500, Paul Moore wrote:

On Mon, Feb 12, 2024 at 4:06 PM Mimi Zohar [off-list ref] wrote:

quoted

Hi Roberto,

quoted

diff --git a/security/security.c b/security/security.c
index d9d2636104db..f3d92bffd02f 100644
--- a/security/security.c
+++ b/security/security.c

@@ -2972,6 +2972,23 @@ int security_file_open(struct file *file)
      return fsnotify_perm(file, MAY_OPEN);  <===  Conflict

Replace with "return fsnotify_open_perm(file);"

quoted

The patch set doesn't apply cleaning to 6.8-rcX without this change.  Unless
there are other issues, I can make the change.

I take it this means you want to pull this via the IMA/EVM tree?

Not sure about that, but I have enough changes to do to make a v10.

Roberto

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help