From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:34090 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750989AbdLXF4K (ORCPT ); Sun, 24 Dec 2017 00:56:10 -0500 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vBO5s7Hc146046 for ; Sun, 24 Dec 2017 00:56:10 -0500 Received: from e06smtp13.uk.ibm.com (e06smtp13.uk.ibm.com [195.75.94.109]) by mx0a-001b2d01.pphosted.com with ESMTP id 2f252fsska-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Sun, 24 Dec 2017 00:56:10 -0500 Received: from localhost by e06smtp13.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Sun, 24 Dec 2017 05:56:07 -0000 Subject: Re: [PATCH 11/11] evm: Don't update hmacs in user ns mounts From: Mimi Zohar To: "Serge E. Hallyn" , Dongsu Park Cc: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, Alban Crequy , "Eric W . Biederman" , Miklos Szeredi , Seth Forshee , Sargun Dhillon , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, James Morris Date: Sun, 24 Dec 2017 00:56:01 -0500 In-Reply-To: <1514092328.5221.116.camel@linux.vnet.ibm.com> References: <1f2233a1a028f1eb1e9bea7d06efa6d34e69e752.1512041070.git.dongsu@kinvolk.io> <20171223040348.GK6837@mail.hallyn.com> <1514092328.5221.116.camel@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Message-Id: <1514094961.5221.132.camel@linux.vnet.ibm.com> Sender: linux-integrity-owner@vger.kernel.org List-ID: On Sun, 2017-12-24 at 00:12 -0500, Mimi Zohar wrote: > Hi Serge, > > On Fri, 2017-12-22 at 22:03 -0600, Serge E. Hallyn wrote: > > On Fri, Dec 22, 2017 at 03:32:35PM +0100, Dongsu Park wrote: > > > From: Seth Forshee > > > > > > The kernel should not calculate new hmacs for mounts done by > > > non-root users. Update evm_calc_hmac_or_hash() to refuse to > > > calculate new hmacs for mounts for non-init user namespaces. > > > > > > Cc: linux-integrity@vger.kernel.org > > > Cc: linux-security-module@vger.kernel.org > > > Cc: linux-kernel@vger.kernel.org > > > Cc: James Morris > > > Cc: Mimi Zohar > > > > Hi Mimi, > > > > does this change seem sufficient to you? > > I think this is the correct behavior in the context of fuse file > systems. This patch, the "ima: define a new policy option named > force" patch, and an updated IMA policy should be upstreamed together. > The cover letter should provide the motivation for these patches. Ah, this patch is being upstreamed with the fuse mounts patches. I guess Seth is planning on posting the IMA policy changes for fuse separately. Mimi From mboxrd@z Thu Jan 1 00:00:00 1970 From: zohar@linux.vnet.ibm.com (Mimi Zohar) Date: Sun, 24 Dec 2017 00:56:01 -0500 Subject: [PATCH 11/11] evm: Don't update hmacs in user ns mounts In-Reply-To: <1514092328.5221.116.camel@linux.vnet.ibm.com> References: <1f2233a1a028f1eb1e9bea7d06efa6d34e69e752.1512041070.git.dongsu@kinvolk.io> <20171223040348.GK6837@mail.hallyn.com> <1514092328.5221.116.camel@linux.vnet.ibm.com> Message-ID: <1514094961.5221.132.camel@linux.vnet.ibm.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Sun, 2017-12-24 at 00:12 -0500, Mimi Zohar wrote: > Hi Serge, > > On Fri, 2017-12-22 at 22:03 -0600, Serge E. Hallyn wrote: > > On Fri, Dec 22, 2017 at 03:32:35PM +0100, Dongsu Park wrote: > > > From: Seth Forshee > > > > > > The kernel should not calculate new hmacs for mounts done by > > > non-root users. Update evm_calc_hmac_or_hash() to refuse to > > > calculate new hmacs for mounts for non-init user namespaces. > > > > > > Cc: linux-integrity at vger.kernel.org > > > Cc: linux-security-module at vger.kernel.org > > > Cc: linux-kernel at vger.kernel.org > > > Cc: James Morris > > > Cc: Mimi Zohar > > > > Hi Mimi, > > > > does this change seem sufficient to you? > > I think this is the correct behavior in the context of fuse file > systems. ?This patch, the "ima: define a new policy option named > force" patch, and an updated IMA policy should be upstreamed together. > ?The cover letter should provide the motivation for these patches. Ah, this patch is being upstreamed with the fuse mounts patches. ?I guess Seth is planning on posting the IMA policy changes for fuse separately. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751788AbdLXF4O (ORCPT ); Sun, 24 Dec 2017 00:56:14 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:58280 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750968AbdLXF4K (ORCPT ); Sun, 24 Dec 2017 00:56:10 -0500 Subject: Re: [PATCH 11/11] evm: Don't update hmacs in user ns mounts From: Mimi Zohar To: "Serge E. Hallyn" , Dongsu Park Cc: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, Alban Crequy , "Eric W . Biederman" , Miklos Szeredi , Seth Forshee , Sargun Dhillon , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, James Morris Date: Sun, 24 Dec 2017 00:56:01 -0500 In-Reply-To: <1514092328.5221.116.camel@linux.vnet.ibm.com> References: <1f2233a1a028f1eb1e9bea7d06efa6d34e69e752.1512041070.git.dongsu@kinvolk.io> <20171223040348.GK6837@mail.hallyn.com> <1514092328.5221.116.camel@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 17122405-0012-0000-0000-0000059C8543 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17122405-0013-0000-0000-00001917BCBC Message-Id: <1514094961.5221.132.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-12-24_01:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1712240081 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 2017-12-24 at 00:12 -0500, Mimi Zohar wrote: > Hi Serge, > > On Fri, 2017-12-22 at 22:03 -0600, Serge E. Hallyn wrote: > > On Fri, Dec 22, 2017 at 03:32:35PM +0100, Dongsu Park wrote: > > > From: Seth Forshee > > > > > > The kernel should not calculate new hmacs for mounts done by > > > non-root users. Update evm_calc_hmac_or_hash() to refuse to > > > calculate new hmacs for mounts for non-init user namespaces. > > > > > > Cc: linux-integrity@vger.kernel.org > > > Cc: linux-security-module@vger.kernel.org > > > Cc: linux-kernel@vger.kernel.org > > > Cc: James Morris > > > Cc: Mimi Zohar > > > > Hi Mimi, > > > > does this change seem sufficient to you? > > I think this is the correct behavior in the context of fuse file > systems.  This patch, the "ima: define a new policy option named > force" patch, and an updated IMA policy should be upstreamed together. >  The cover letter should provide the motivation for these patches. Ah, this patch is being upstreamed with the fuse mounts patches.  I guess Seth is planning on posting the IMA policy changes for fuse separately. Mimi