Re: [PATCH v2 14/25] evm: add support for fscaps security hooks

2024-03-04 Thread Roberto Sassu
On Wed, 2024-02-21 at 15:24 -0600, Seth Forshee (DigitalOcean) wrote: > Support the new fscaps security hooks by converting the vfs_caps to raw > xattr data and then handling them the same as other xattrs. I realized that you need to register hooks for IMA too. This should be the content to add

Re: [PATCH v2 14/25] evm: add support for fscaps security hooks

2024-03-01 Thread Roberto Sassu
On Fri, 2024-03-01 at 08:39 -0600, Seth Forshee (DigitalOcean) wrote: > On Fri, Mar 01, 2024 at 10:19:13AM +0100, Roberto Sassu wrote: > > On Wed, 2024-02-21 at 15:24 -0600, Seth Forshee (DigitalOcean) wrote: > > > Support the new fscaps security hooks by converting the vfs_caps to raw > > > xattr

Re: [PATCH v2 14/25] evm: add support for fscaps security hooks

2024-03-01 Thread Seth Forshee (DigitalOcean)
On Fri, Mar 01, 2024 at 10:19:13AM +0100, Roberto Sassu wrote: > On Wed, 2024-02-21 at 15:24 -0600, Seth Forshee (DigitalOcean) wrote: > > Support the new fscaps security hooks by converting the vfs_caps to raw > > xattr data and then handling them the same as other xattrs. > > Hi Seth > > I

Re: [PATCH v2 14/25] evm: add support for fscaps security hooks

2024-03-01 Thread Christian Brauner
> I have seen this policy of adding tests in other subsystems (eBPF), It makes sense if the drive of the patchset would be IMA/EVM features not refactoring of existing code. > Happy to try adding the tests, would appreciate your help to review if Cool, happy to help review them.

Re: [PATCH v2 14/25] evm: add support for fscaps security hooks

2024-03-01 Thread Roberto Sassu
On Fri, 2024-03-01 at 13:54 +0100, Christian Brauner wrote: > On Fri, Mar 01, 2024 at 10:19:13AM +0100, Roberto Sassu wrote: > > On Wed, 2024-02-21 at 15:24 -0600, Seth Forshee (DigitalOcean) wrote: > > > Support the new fscaps security hooks by converting the vfs_caps to raw > > > xattr data and

Re: [PATCH v2 14/25] evm: add support for fscaps security hooks

2024-03-01 Thread Christian Brauner
On Fri, Mar 01, 2024 at 10:19:13AM +0100, Roberto Sassu wrote: > On Wed, 2024-02-21 at 15:24 -0600, Seth Forshee (DigitalOcean) wrote: > > Support the new fscaps security hooks by converting the vfs_caps to raw > > xattr data and then handling them the same as other xattrs. > > Hi Seth > > I

Re: [PATCH v2 14/25] evm: add support for fscaps security hooks

2024-03-01 Thread Roberto Sassu
On Wed, 2024-02-21 at 15:24 -0600, Seth Forshee (DigitalOcean) wrote: > Support the new fscaps security hooks by converting the vfs_caps to raw > xattr data and then handling them the same as other xattrs. Hi Seth I started looking at this patch set. The first question I have is if you are also

[PATCH v2 14/25] evm: add support for fscaps security hooks

2024-02-21 Thread Seth Forshee (DigitalOcean)
Support the new fscaps security hooks by converting the vfs_caps to raw xattr data and then handling them the same as other xattrs. Signed-off-by: Seth Forshee (DigitalOcean) --- include/linux/evm.h | 39 + security/integrity/evm/evm_main.c | 60