diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-05-12 09:28:11 -0400 |
|---|---|---|
| committer | Serge Hallyn <serge.hallyn@ubuntu.com> | 2014-06-03 15:21:50 -0400 |
| commit | f9b2a735bdddf836214b5dca74f6ca7712e5a08c (patch) | |
| tree | c4793e07a83230143e3490dc274ad2c9883d980c /security/integrity/ima/ima_policy.c | |
| parent | ed1c96429a6aa6ffd8c4ee3e80bcde28aad270bc (diff) | |
ima: audit log files opened with O_DIRECT flag
Files are measured or appraised based on the IMA policy. When a
file, in policy, is opened with the O_DIRECT flag, a deadlock
occurs.
The first attempt at resolving this lockdep temporarily removed the
O_DIRECT flag and restored it, after calculating the hash. The
second attempt introduced the O_DIRECT_HAVELOCK flag. Based on this
flag, do_blockdev_direct_IO() would skip taking the i_mutex a second
time. The third attempt, by Dmitry Kasatkin, resolves the i_mutex
locking issue, by re-introducing the IMA mutex, but uncovered
another problem. Reading a file with O_DIRECT flag set, writes
directly to userspace pages. A second patch allocates a user-space
like memory. This works for all IMA hooks, except ima_file_free(),
which is called on __fput() to recalculate the file hash.
Until this last issue is addressed, do not 'collect' the
measurement for measuring, appraising, or auditing files opened
with the O_DIRECT flag set. Based on policy, permit or deny file
access. This patch defines a new IMA policy rule option named
'permit_directio'. Policy rules could be defined, based on LSM
or other criteria, to permit specific applications to open files
with the O_DIRECT flag set.
Changelog v1:
- permit or deny file access based IMA policy rules
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Cc: <stable@vger.kernel.org>
Diffstat (limited to 'security/integrity/ima/ima_policy.c')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 93873a450ff7..40a7488f6721 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -353,7 +353,7 @@ enum { | |||
| 353 | Opt_obj_user, Opt_obj_role, Opt_obj_type, | 353 | Opt_obj_user, Opt_obj_role, Opt_obj_type, |
| 354 | Opt_subj_user, Opt_subj_role, Opt_subj_type, | 354 | Opt_subj_user, Opt_subj_role, Opt_subj_type, |
| 355 | Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner, | 355 | Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner, |
| 356 | Opt_appraise_type, Opt_fsuuid | 356 | Opt_appraise_type, Opt_fsuuid, Opt_permit_directio |
| 357 | }; | 357 | }; |
| 358 | 358 | ||
| 359 | static match_table_t policy_tokens = { | 359 | static match_table_t policy_tokens = { |
| @@ -375,6 +375,7 @@ static match_table_t policy_tokens = { | |||
| 375 | {Opt_uid, "uid=%s"}, | 375 | {Opt_uid, "uid=%s"}, |
| 376 | {Opt_fowner, "fowner=%s"}, | 376 | {Opt_fowner, "fowner=%s"}, |
| 377 | {Opt_appraise_type, "appraise_type=%s"}, | 377 | {Opt_appraise_type, "appraise_type=%s"}, |
| 378 | {Opt_permit_directio, "permit_directio"}, | ||
| 378 | {Opt_err, NULL} | 379 | {Opt_err, NULL} |
| 379 | }; | 380 | }; |
| 380 | 381 | ||
| @@ -622,6 +623,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) | |||
| 622 | else | 623 | else |
| 623 | result = -EINVAL; | 624 | result = -EINVAL; |
| 624 | break; | 625 | break; |
| 626 | case Opt_permit_directio: | ||
| 627 | entry->flags |= IMA_PERMIT_DIRECTIO; | ||
| 628 | break; | ||
| 625 | case Opt_err: | 629 | case Opt_err: |
| 626 | ima_log_string(ab, "UNKNOWN", p); | 630 | ima_log_string(ab, "UNKNOWN", p); |
| 627 | result = -EINVAL; | 631 | result = -EINVAL; |