OERV-BSP/kernel-spacemit-k1
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

evm: don't copy up 'security.evm' xattr

Browse Source 
[ Upstream commit 40ca4ee3136d2d09977d1cab8c0c0e1582c3359d ]

The security.evm HMAC and the original file signatures contain
filesystem specific data.  As a result, the HMAC and signature
are not the same on the stacked and backing filesystems.

Don't copy up 'security.evm'.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Mimi Zohar
2023-12-12 06:12:43 -05:00
committed by Greg Kroah-Hartman
parent e9c902dd36
commit 7a3e7f1ed6
3 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
security/integrity/evm/evm_main.c
View File

@@ -864,6 +864,13 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
evm_update_evmxattr(dentry, NULL, NULL, 0);
}
int evm_inode_copy_up_xattr(const char *name)
{
if (strcmp(name, XATTR_NAME_EVM) == 0)
return 1; /* Discard */
return -EOPNOTSUPP;
}
/*
* evm_inode_init_security - initializes security.evm HMAC value
*/

2
security/security.c
View File

@@ -2539,7 +2539,7 @@ int security_inode_copy_up_xattr(const char *name)
return rc;
}
return LSM_RET_DEFAULT(inode_copy_up_xattr);
return evm_inode_copy_up_xattr(name);
}
EXPORT_SYMBOL(security_inode_copy_up_xattr);