diff options
| author | Roberto Sassu <roberto.sassu@huawei.com> | 2026-01-20 15:53:41 +0100 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2026-01-23 14:31:41 -0500 |
| commit | 0496fc9cdc384f67be4413b1c6156eb64fccd5c4 (patch) | |
| tree | 6b6ac329df58e461a3c07aeaa1e68754855a5758 /include | |
| parent | 377cae9851e8559e9d8b82a78c1ac0abeb18839c (diff) | |
evm: Use ordered xattrs list to calculate HMAC in evm_init_hmac()
Commit 8e5d9f916a96 ("smack: deduplicate xattr setting in
smack_inode_init_security()") introduced xattr_dupval() to simplify setting
the xattrs to be provided by the SMACK LSM on inode creation, in the
smack_inode_init_security().
Unfortunately, moving lsm_get_xattr_slot() caused the SMACK64TRANSMUTE
xattr be added in the array of new xattrs before SMACK64. This causes the
HMAC of xattrs calculated by evm_init_hmac() for new files to diverge from
the one calculated by both evm_calc_hmac_or_hash() and evmctl.
evm_init_hmac() calculates the HMAC of the xattrs of new files based on the
order LSMs provide them, while evm_calc_hmac_or_hash() and evmctl calculate
the HMAC based on an ordered xattrs list.
Fix the issue by making evm_init_hmac() calculate the HMAC of new files
based on the ordered xattrs list too.
Fixes: 8e5d9f916a96 ("smack: deduplicate xattr setting in smack_inode_init_security()")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions