Re: [PATCH v2] ima: define ima_post_create_tmpfile() hook and add missing call

2019-01-22 Thread Goldwyn Rodrigues
On 10:43 22/01, Mimi Zohar wrote: > On Mon, 2019-01-21 at 14:29 +0200, Amir Goldstein wrote: > > On Mon, Jan 21, 2019 at 2:00 PM Mimi Zohar wrote: > > > > > > On Thu, 2019-01-17 at 15:34 -0600, Goldwyn Rodrigues wrote: > > > > On 13:47 18/12, Mimi Zohar wrote: > > > > > If tmpfiles can be made per

Re: [PATCH v2] ima: define ima_post_create_tmpfile() hook and add missing call

2019-01-22 Thread Mimi Zohar
On Mon, 2019-01-21 at 14:29 +0200, Amir Goldstein wrote: > On Mon, Jan 21, 2019 at 2:00 PM Mimi Zohar wrote: > > > > On Thu, 2019-01-17 at 15:34 -0600, Goldwyn Rodrigues wrote: > > > On 13:47 18/12, Mimi Zohar wrote: > > > > If tmpfiles can be made persistent, then newly created tmpfiles need to >

Re: [PATCH v2] ima: define ima_post_create_tmpfile() hook and add missing call

2019-01-21 Thread Amir Goldstein
On Mon, Jan 21, 2019 at 2:00 PM Mimi Zohar wrote: > > On Thu, 2019-01-17 at 15:34 -0600, Goldwyn Rodrigues wrote: > > On 13:47 18/12, Mimi Zohar wrote: > > > If tmpfiles can be made persistent, then newly created tmpfiles need to > > > be treated like any other new files in policy. > > > > > > Thi

Re: [PATCH v2] ima: define ima_post_create_tmpfile() hook and add missing call

2019-01-21 Thread Mimi Zohar
On Thu, 2019-01-17 at 15:34 -0600, Goldwyn Rodrigues wrote: > On 13:47 18/12, Mimi Zohar wrote: > > If tmpfiles can be made persistent, then newly created tmpfiles need to > > be treated like any other new files in policy. > > > > This patch indicates which newly created tmpfiles are in policy, ca

Re: [PATCH v2] ima: define ima_post_create_tmpfile() hook and add missing call

2019-01-17 Thread Goldwyn Rodrigues
On 13:47 18/12, Mimi Zohar wrote: > If tmpfiles can be made persistent, then newly created tmpfiles need to > be treated like any other new files in policy. > > This patch indicates which newly created tmpfiles are in policy, causing > the file hash to be calculated on __fput(). Discussed in over

Re: [PATCH v2] ima: define ima_post_create_tmpfile() hook and add missing call

2018-12-18 Thread Ignaz Forster
Am 18.12.18 um 19:47 schrieb Mimi Zohar: If tmpfiles can be made persistent, then newly created tmpfiles need to be treated like any other new files in policy. This patch indicates which newly created tmpfiles are in policy, causing the file hash to be calculated on __fput(). Reported-by: Ignaz

[PATCH v2] ima: define ima_post_create_tmpfile() hook and add missing call

2018-12-18 Thread Mimi Zohar
If tmpfiles can be made persistent, then newly created tmpfiles need to be treated like any other new files in policy. This patch indicates which newly created tmpfiles are in policy, causing the file hash to be calculated on __fput(). Reported-by: Ignaz Forster Signed-off-by: Mimi Zohar --- Ch