[v3,00/10] evm: Support signatures on stacked filesystem

Message ID	20240223172513.4049959-1-stefanb@linux.ibm.com (mailing list archive)
Headers	show Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 48E9D13328D; Fri, 23 Feb 2024 17:25:43 +0000 (UTC) From: Stefan Berger <stefanb@linux.ibm.com> To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-unionfs@vger.kernel.org Cc: linux-kernel@vger.kernel.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, amir73il@gmail.com, brauner@kernel.org, miklos@szeredi.hu, Stefan Berger <stefanb@linux.ibm.com> Subject: [PATCH v3 00/10] evm: Support signatures on stacked filesystem Date: Fri, 23 Feb 2024 12:25:03 -0500 Message-ID: <20240223172513.4049959-1-stefanb@linux.ibm.com> Content-Transfer-Encoding: 8bit Precedence: bulk MIME-Version: 1.0
Series	evm: Support signatures on stacked filesystem \| expand [v3,00/10] evm: Support signatures on stacked filesystem [v3,01/10] ima: Rename backing_inode to real_inode [v3,02/10] security: allow finer granularity in permitting copy-up of security xattrs [v3,03/10] evm: Implement per signature type decision in security_inode_copy_up_xattr [v3,04/10] evm: Use the metadata inode to calculate metadata hash [v3,05/10] ima: Move file-change detection variables into new structure [v3,06/10] evm: Store and detect metadata inode attributes changes [v3,07/10] ima: re-evaluate file integrity on file metadata change [v3,08/10] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 [v3,09/10] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED [v3,10/10] evm: Rename is_unsupported_fs to is_unsupported_hmac_fs

Message ID

20240223172513.4049959-1-stefanb@linux.ibm.com (mailing list archive)

Headers

From: Stefan Berger <stefanb@linux.ibm.com>
To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-unionfs@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, paul@paul-moore.com, jmorris@namei.org,
        serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com,
        amir73il@gmail.com, brauner@kernel.org, miklos@szeredi.hu,
        Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v3 00/10] evm: Support signatures on stacked filesystem
Date: Fri, 23 Feb 2024 12:25:03 -0500
Message-ID: <20240223172513.4049959-1-stefanb@linux.ibm.com>
Content-Transfer-Encoding: 8bit
Precedence: bulk
MIME-Version: 1.0

Series

evm: Support signatures on stacked filesystem | expand

Message

Stefan Berger Feb. 23, 2024, 5:25 p.m. UTC

EVM signature verification on stacked filesystem has recently been
completely disabled by declaring some filesystems as unsupported
(only overlayfs). This series now enables copy-up of "portable
and immutable" signatures on those filesystems and enables the
enforcement of "portable and immultable" as well as the "original"
signatures on previously unsupported filesystem when evm is enabled
with EVM_INIT_X509. HMAC verification and generation remains disabled.

"Portable and immutable" signatures can be copied up since they are
not created over file-specific metadata, such as UUID or generation.
Instead, they are only covering file metadata such as mode bits, uid, and
gid, that will all be preserved during a copy-up of the file metadata.

This series is now based on the 'next' branch of Paul Moore's LSM tree and
requires the following two commits from the vfs.misc branch of the vfs git
repo at https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git

commit 2109cc619e73 ("fs: remove the inode argument to ->d_real() method")
commit c6c14f926fbe ("fs: make file_dentry() a simple accessor")

Regards,
   Stefan

v3:
  - Rebased series on 'next' branch of Paul Moore's LSM tree
  - Reworing of commit descriptions
  - Reworked patches 5-7

v2:
  - Added patch to rename backing_inode to real_inode (1/9)
  - Added patches renaming flag and function due to RSA enablement (7,8/9)
  - Added patch to record i_version of real_inode for change detection
    (9/9)
  - Use Amir's function to get inode holding metadata now (4,5/9)


Stefan Berger (10):
  ima: Rename backing_inode to real_inode
  security: allow finer granularity in permitting copy-up of security
    xattrs
  evm: Implement per signature type decision in
    security_inode_copy_up_xattr
  evm: Use the metadata inode to calculate metadata hash
  ima: Move file-change detection variables into new structure
  evm: Store and detect metadata inode attributes changes
  ima: re-evaluate file integrity on file metadata change
  evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509
  fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED
  evm: Rename is_unsupported_fs to is_unsupported_hmac_fs

 fs/overlayfs/copy_up.c              |  2 +-
 fs/overlayfs/super.c                |  2 +-
 include/linux/evm.h                 |  8 +++
 include/linux/fs.h                  |  2 +-
 include/linux/integrity.h           | 34 +++++++++++
 include/linux/lsm_hook_defs.h       |  3 +-
 include/linux/security.h            |  4 +-
 security/integrity/evm/evm.h        |  6 +-
 security/integrity/evm/evm_crypto.c | 25 +++++---
 security/integrity/evm/evm_main.c   | 92 +++++++++++++++++++++++------
 security/integrity/ima/ima.h        |  4 +-
 security/integrity/ima/ima_api.c    | 10 ++--
 security/integrity/ima/ima_iint.c   |  2 +-
 security/integrity/ima/ima_main.c   | 31 +++++++---
 security/security.c                 |  5 +-
 security/selinux/hooks.c            |  2 +-
 security/smack/smack_lsm.c          |  2 +-
 17 files changed, 178 insertions(+), 56 deletions(-)


base-commit: f89d47833d28f101fce65c7d08c00a4d6f28c1b1
prerequisite-patch-id: c6c14f926fbe37330af6271d26f98e70d1a07372
prerequisite-patch-id: 2109cc619e733c8709250b62d7f1d43461589f57

Comments

Mimi Zohar April 9, 2024, 9:29 p.m. UTC | #1

On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> EVM signature verification on stacked filesystem has recently been
> completely disabled by declaring some filesystems as unsupported
> (only overlayfs). This series now enables copy-up of "portable
> and immutable" signatures on those filesystems and enables the
> enforcement of "portable and immultable" as well as the "original"
> signatures on previously unsupported filesystem when evm is enabled
> with EVM_INIT_X509. HMAC verification and generation remains disabled.
> 
> "Portable and immutable" signatures can be copied up since they are
> not created over file-specific metadata, such as UUID or generation.
> Instead, they are only covering file metadata such as mode bits, uid, and
> gid, that will all be preserved during a copy-up of the file metadata.
> 
> This series is now based on the 'next' branch of Paul Moore's LSM tree and
> requires the following two commits from the vfs.misc branch of the vfs git
> repo at https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
> 
> commit 2109cc619e73 ("fs: remove the inode argument to ->d_real() method")
> commit c6c14f926fbe ("fs: make file_dentry() a simple accessor")

Thanks, Stefan.  The patch set is now queued in the next-integrity branch.
https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/

Mimi