Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC"
authorEric W. Biederman <ebiederm@xmission.com>
Fri, 2 Dec 2016 15:35:31 +0000 (09:35 -0600)
committerEric W. Biederman <ebiederm@xmission.com>
Sat, 3 Dec 2016 02:58:41 +0000 (20:58 -0600)
commit19339c251607a3defc7f089511ce8561936fee45
treebc9111556f3cdf375c0a3530420ae9da0b578342
parentf84df2a6f268de584a201e8911384a2d244876e3
Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC"

This reverts commit 0b3c9761d1e405514a551ed24d3ea89aea26ce14.

Seth Forshee <seth.forshee@canonical.com> writes:
> All right, I think 0b3c9761d1e405514a551ed24d3ea89aea26ce14 should be
> reverted then. EVM is a machine-local integrity mechanism, and so it
> makes sense that the signature would be based on the kernel's notion of
> the uid and not the filesystem's.

I added a commment explaining why the EVM hmac needs to be in the
kernel's notion of uid and gid, not the filesystems to prevent
remounting the filesystem and gaining unwaranted trust in files.

Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
security/integrity/evm/evm_crypto.c