Re: IMA: How to manage user space signing policy with others

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Eric Paris <eparis@parisplace.org>
Cc: Vivek Goyal <vgoyal@redhat.com>,
	linux kernel mailing list <linux-kernel@vger.kernel.org>,
	LSM List <linux-security-module@vger.kernel.org>
Subject: Re: IMA: How to manage user space signing policy with others
Date: Thu, 28 Feb 2013 20:49:04 -0500	[thread overview]
Message-ID: <1362102544.9158.35.camel@falcor1> (raw)
In-Reply-To: <CACLa4pum7kXK+7+8ceVSuQsKDCFebdgGVYRTMKH9GQarqCEgMQ@mail.gmail.com>

On Thu, 2013-02-28 at 17:20 -0500, Eric Paris wrote:
> On Thu, Feb 28, 2013 at 4:35 PM, Vivek Goyal <vgoyal@redhat.com> wrote:
> > On Thu, Feb 28, 2013 at 02:23:39PM -0500, Mimi Zohar wrote:
> 
> I think just a second for both of you to step back and see a slightly
> larger picture/problem might help.
> 
> This is a weird case where Vivek does not trust root to make the
> policy decision.  If the box is configured for secure boot, it needs
> to make these decisions no matter what the admin wants.  This is why
> he talks about trying to merge multiple competing policies.  The
> current IMA policy is controlled by whomever can first write to the
> ima policy file interface.  Vivek does not want an admin to be able to
> overwrite the secureboot policy.  So I get why he thinks changes may
> be needed to support this use case.

Nobody is saying that changes aren't necessary.

> The ima_tcb policy was meant to be larger than needed to determine a
> trusted computing base, but it is clearly not a superset of what he is
> hoping to accomplish.

The 'ima_tcb' policy is for measurement and attestation.  The policy
being discussed here is the 'ima_appraise_tcb' used for enforcing local
file integrity.

> So how do we take a system where the admin/software has some control
> over the integrity policy (as it is today?) and the kernel/system
> itself also has control (as Vivek wants it)?  

> It seems unsolved with what we have today....

Right, and merging policies won't work.  I see where you're going with
this...

thanks!

Mimi

next prev parent reply	other threads:[~2013-03-01  1:49 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-02-28 15:13 IMA: How to manage user space signing policy with others Vivek Goyal
2013-02-28 18:51 ` Vivek Goyal
2013-02-28 20:30   ` Mimi Zohar
2013-02-28 20:57     ` Vivek Goyal
2013-03-01  1:42       ` Mimi Zohar
2013-02-28 19:23 ` Mimi Zohar
2013-02-28 20:08   ` Vivek Goyal
2013-03-01  1:45     ` Mimi Zohar
2013-02-28 21:35   ` Vivek Goyal
2013-02-28 22:20     ` Eric Paris
2013-03-01  1:49       ` Mimi Zohar [this message]
2013-03-01 12:15         ` Mimi Zohar
2013-03-01 15:28           ` Vivek Goyal
2013-03-01 18:40             ` Vivek Goyal
2013-03-01 19:39               ` Mimi Zohar
2013-03-01 21:33                 ` Vivek Goyal
2013-03-03 21:42                   ` Mimi Zohar
2013-03-04 15:29                     ` Vivek Goyal
2013-03-04 17:46                       ` Vivek Goyal
2013-03-04 18:59                       ` Mimi Zohar
2013-03-04 19:15                         ` Vivek Goyal
2013-03-05  1:21                           ` Mimi Zohar
2013-03-05 15:18                             ` Vivek Goyal
2013-03-05 20:40                               ` Mimi Zohar
2013-03-05 21:53                                 ` Vivek Goyal
2013-03-06 15:42                                   ` Mimi Zohar
2013-03-06 23:55                                     ` Vivek Goyal
2013-03-07  1:39                                       ` Mimi Zohar
2013-03-07 14:36                                         ` Vivek Goyal
2013-03-07 15:40                                           ` Mimi Zohar
2013-03-07 15:53                                             ` Vivek Goyal
2013-03-07 17:53                                               ` Kasatkin, Dmitry
2013-03-07 21:56                                                 ` Vivek Goyal
2013-03-08  8:09                                                   ` Kasatkin, Dmitry
2013-03-08 15:40                                                     ` Vivek Goyal
2013-03-06 15:54                                 ` Vivek Goyal
2013-03-06 22:48                                   ` Mimi Zohar
2013-03-06 23:38                                     ` Vivek Goyal
2013-03-07 13:38                                       ` Mimi Zohar
2013-03-07 14:57                                         ` Vivek Goyal
2013-03-04 19:19                         ` Eric Paris
2013-03-04 21:47                     ` Vivek Goyal
2013-03-01  2:17     ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1362102544.9158.35.camel@falcor1 \
    --to=zohar@linux.vnet.ibm.com \
    --cc=eparis@parisplace.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=vgoyal@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.