Menu
▾
▴
Re: [Linux-ima-devel] [RFC PATCH 3/5] ima: mamespace audit status flags
|
From: Magalhaes, G. (B. R&D-CL) <gui...@hp...> - 2017-07-21 20:30:19
|
Mehmet,
+#define IMA_NS_STATUS_ACTIONS IMA_AUDIT
+#define IMA_NS_STATUS_FLAGS IMA_AUDITED
+
+unsigned long iint_flags(struct integrity_iint_cache *iint,
+ struct ns_status *status)
+{
+ if (!status)
+ return iint->flags;
+
+ return iint->flags & (status->flags & IMA_NS_STATUS_FLAGS); }
I believe the first '&' should be replaced with '|', so you can return the consolidated 'flags | ns_flags'.
+
+unsigned long set_iint_flags(struct integrity_iint_cache *iint,
+ struct ns_status *status, unsigned long flags) {
+ iint->flags = flags;
I believe the global flags should consider if status is NULL, otherwise the namespaced flags such as IMA_AUDITED should not be set to the global flags otherwise this namespace flag IMA_AUDITED could be incorrectly injected into other namespaces.
--
Guilherme
+ if (status)
+ status->flags = flags & IMA_NS_STATUS_FLAGS;
+ return flags;
+}
--
2.9.4
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to maj...@vg... More majordomo info at http://vger.kernel.org/majordomo-info.html
|
