Re: [PATCH v9 13/25] security: Introduce file_release hook

2024-02-12 Thread Stefan Berger
On 1/15/24 13:17, Roberto Sassu wrote: From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the file_release hook. IMA calculates at file close the new digest of the file content and writes it to security.ima, so that appraisal at next file access

Re: [PATCH v9 13/25] security: Introduce file_release hook

2024-02-09 Thread Christian Brauner
On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wrote: > From: Roberto Sassu > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the file_release hook. > > IMA calculates at file close the new digest of the file content and writes > it to security.ima, so

Re: [PATCH v9 13/25] security: Introduce file_release hook

2024-02-07 Thread Paul Moore
On Jan 15, 2024 Roberto Sassu wrote: > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the file_release hook. > > IMA calculates at file close the new digest of the file content and writes > it to security.ima, so that appraisal at next file access succeeds. > >

Re: [PATCH v9 13/25] security: Introduce file_release hook

2024-01-16 Thread Casey Schaufler
On 1/16/2024 9:33 AM, Al Viro wrote: > On Tue, Jan 16, 2024 at 08:51:11AM -0800, Casey Schaufler wrote: >> On 1/16/2024 12:47 AM, Roberto Sassu wrote: >>> On Mon, 2024-01-15 at 19:15 +, Al Viro wrote: On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wrote: > From: Roberto Sassu

Re: [PATCH v9 13/25] security: Introduce file_release hook

2024-01-16 Thread Al Viro
On Tue, Jan 16, 2024 at 08:51:11AM -0800, Casey Schaufler wrote: > On 1/16/2024 12:47 AM, Roberto Sassu wrote: > > On Mon, 2024-01-15 at 19:15 +, Al Viro wrote: > >> On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wrote: > >>> From: Roberto Sassu > >>> > >>> In preparation for moving

Re: [PATCH v9 13/25] security: Introduce file_release hook

2024-01-16 Thread Casey Schaufler
On 1/16/2024 12:47 AM, Roberto Sassu wrote: > On Mon, 2024-01-15 at 19:15 +, Al Viro wrote: >> On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wrote: >>> From: Roberto Sassu >>> >>> In preparation for moving IMA and EVM to the LSM infrastructure, introduce >>> the file_release hook.

Re: [PATCH v9 13/25] security: Introduce file_release hook

2024-01-16 Thread Roberto Sassu
On Mon, 2024-01-15 at 19:15 +, Al Viro wrote: > On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wrote: > > From: Roberto Sassu > > > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > > the file_release hook. > > > > IMA calculates at file close the new

Re: [PATCH v9 13/25] security: Introduce file_release hook

2024-01-15 Thread Al Viro
On Mon, Jan 15, 2024 at 07:17:57PM +0100, Roberto Sassu wrote: > From: Roberto Sassu > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the file_release hook. > > IMA calculates at file close the new digest of the file content and writes > it to security.ima, so

[PATCH v9 13/25] security: Introduce file_release hook

2024-01-15 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the file_release hook. IMA calculates at file close the new digest of the file content and writes it to security.ima, so that appraisal at next file access succeeds. An LSM could implement an