From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Bottomley Subject: Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE) Date: Wed, 05 Aug 2020 08:01:29 -0700 Message-ID: <1596639689.3457.17.camel@HansenPartnership.com> References: <20200728213614.586312-1-deven.desai@linux.microsoft.com> <20200802115545.GA1162@bug> <20200802140300.GA2975990@sasha-vm> <20200802143143.GB20261@amd> <1596386606.4087.20.camel@HansenPartnership.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com To: Deven Bowers , Pavel Machek , Sasha Levin Cc: snitzer@redhat.com, zohar@linux.ibm.com, dm-devel@redhat.com, tyhicks@linux.microsoft.com, agk@redhat.com, paul@paul-moore.com, corbet@lwn.net, jmorris@namei.org, nramas@linux.microsoft.com, serge@hallyn.com, pasha.tatashin@soleen.com, jannh@google.com, linux-block@vger.kernel.org, viro@zeniv.linux.org.uk, axboe@kernel.dk, mdsakib@microsoft.com, linux-kernel@vger.kernel.org, eparis@redhat.com, linux-security-module@vger.kernel.org, linux-audit@redhat.com, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, jaskarankhurana@linux.microsoft.com List-Id: dm-devel.ids T24gVHVlLCAyMDIwLTA4LTA0IGF0IDA5OjA3IC0wNzAwLCBEZXZlbiBCb3dlcnMgd3JvdGU6Cj4g T24gOC8yLzIwMjAgOTo0MyBBTSwgSmFtZXMgQm90dG9tbGV5IHdyb3RlOgo+ID4gT24gU3VuLCAy MDIwLTA4LTAyIGF0IDE2OjMxICswMjAwLCBQYXZlbCBNYWNoZWsgd3JvdGU6Cj4gPiA+IE9uIFN1 biAyMDIwLTA4LTAyIDEwOjAzOjAwLCBTYXNoYSBMZXZpbiB3cm90ZToKPiA+ID4gPiBPbiBTdW4s IEF1ZyAwMiwgMjAyMCBhdCAwMTo1NTo0NVBNICswMjAwLCBQYXZlbCBNYWNoZWsgd3JvdGU6Cj4g PiA+ID4gPiBIaSEKPiA+ID4gPiA+IAo+ID4gPiA+ID4gPiBJUEUgaXMgYSBMaW51eCBTZWN1cml0 eSBNb2R1bGUgd2hpY2ggYWxsb3dzIGZvciBhCj4gPiA+ID4gPiA+IGNvbmZpZ3VyYWJsZSBwb2xp Y3kgdG8gZW5mb3JjZSBpbnRlZ3JpdHkgcmVxdWlyZW1lbnRzIG9uCj4gPiA+ID4gPiA+IHRoZSB3 aG9sZSBzeXN0ZW0uIEl0IGF0dGVtcHRzIHRvIHNvbHZlIHRoZSBpc3N1ZSBvZiBDb2RlCj4gPiA+ ID4gPiA+IEludGVncml0eTogdGhhdCBhbnkgY29kZSBiZWluZyBleGVjdXRlZCAob3IgZmlsZXMg YmVpbmcKPiA+ID4gPiA+ID4gcmVhZCksIGFyZSBpZGVudGljYWwgdG8gdGhlIHZlcnNpb24gdGhh dCB3YXMgYnVpbHQgYnkgYQo+ID4gPiA+ID4gPiB0cnVzdGVkIHNvdXJjZS4KPiA+ID4gPiA+IAo+ ID4gPiA+ID4gSG93IGlzIHRoYXQgZGlmZmVyZW50IGZyb20gc2VjdXJpdHkvaW50ZWdyaXR5L2lt YT8KPiA+ID4gPiAKPiA+ID4gPiBNYXliZSBpZiB5b3Ugd291bGQgaGF2ZSByZWFkIHRoZSBjb3Zl ciBsZXR0ZXIgYWxsIHRoZSB3YXkgZG93bgo+ID4gPiA+IHRvIHRoZSA1dGggcGFyYWdyYXBoIHdo aWNoIGV4cGxhaW5zIGhvdyBJUEUgaXMgZGlmZmVyZW50IGZyb20KPiA+ID4gPiBJTUEgd2UgY291 bGQgYXZvaWRlZCB0aGlzIG1haWwgZXhjaGFuZ2UuLi4KPiA+ID4gCj4gPiA+ICIKPiA+ID4gSVBF IGRpZmZlcnMgZnJvbSBvdGhlciBMU01zIHdoaWNoIHByb3ZpZGUgaW50ZWdyaXR5IGNoZWNraW5n IChmb3IKPiA+ID4gaW5zdGFuY2UsIElNQSksIGFzIGl0IGhhcyBubyBkZXBlbmRlbmN5IG9uIHRo ZSBmaWxlc3lzdGVtCj4gPiA+IG1ldGFkYXRhIGl0c2VsZi4KPiA+ID4gVGhlIGF0dHJpYnV0ZXMg dGhhdCBJUEUgY2hlY2tzIGFyZSBkZXRlcm1pbmlzdGljIHByb3BlcnRpZXMgdGhhdAo+ID4gPiBl eGlzdCBzb2xlbHkgaW4gdGhlIGtlcm5lbC4gQWRkaXRpb25hbGx5LCBJUEUgcHJvdmlkZXMgbm8K PiA+ID4gYWRkaXRpb25hbCBtZWNoYW5pc21zIG9mIHZlcmlmeWluZyB0aGVzZSBmaWxlcyAoZS5n LiBJTUEKPiA+ID4gU2lnbmF0dXJlcykgLSBhbGwgb2YgdGhlIGF0dHJpYnV0ZXMgb2YgdmVyaWZ5 aW5nIGZpbGVzIGFyZQo+ID4gPiBleGlzdGluZyBmZWF0dXJlcyB3aXRoaW4gdGhlIGtlcm5lbCwg c3VjaCBhcyBkbS12ZXJpdHkKPiA+ID4gb3IgZnN2ZXJpdHkuCj4gPiA+ICIKPiA+ID4gCj4gPiA+ IFRoYXQgaXMgbm90IHJlYWxseSBoZWxwZnVsLgo+IAo+IFBlcmhhcHMgSSBjYW4gZXhwbGFpbiAo YW5kIHJlLXdvcmQgdGhpcyBwYXJhZ3JhcGgpIGEgYml0IGJldHRlci4KPiAKPiBBcyBKYW1lcyBp bmRpY2F0ZXMsIElQRSBkb2VzIHRyeSB0byBjbG9zZSB0aGUgZ2FwIG9mIHRoZSBJTUEKPiBsaW1p dGF0aW9uIHdpdGggeGF0dHIuIEkgaG9uZXN0bHkgd2FzbuKAmXQgZmFtaWxpYXIgd2l0aCB0aGUg YXBwZW5kZWQKPiBzaWduYXR1cmVzLCB3aGljaCBzZWVtcyBmaW5lLgo+IAo+IFJlZ2FyZGxlc3Ms IHRoaXMgaXNu4oCZdCB0aGUgbGFyZ2VyIGJlbmVmaXQgdGhhdCBJUEUgcHJvdmlkZXMuIFRoZQo+ IGxhcmdlciBiZW5lZml0IG9mIHRoaXMgaXMgaG93IElQRSBzZXBhcmF0ZXMgX21lY2hhbmlzbXNf IChwcm9wZXJ0aWVzKQo+IHRvIGVuZm9yY2UgaW50ZWdyaXR5IHJlcXVpcmVtZW50cywgZnJvbSBf cG9saWN5Xy4gVGhlIExTTSBwcm92aWRlcwo+IHBvbGljeSwgd2hpbGUgdGhpbmdzIGxpa2UgZG0t dmVyaXR5IHByb3ZpZGUgbWVjaGFuaXNtLgoKQ29sb3VyIG1lIGNvbmZ1c2VkIGhlcmUsIGJ1dCBJ IHRob3VnaHQgdGhhdCdzIGV4YWN0bHkgd2hhdCBJTUEgZG9lcy4gClRoZSBtZWNoYW5pc20gaXMg dGhlIGdhdGVzIGFuZCB0aGUgcG9saWN5IGlzIHNpbXBseSBhIGxpc3Qgb2YgcnVsZXMKd2hpY2gg YXJlIGFwcGxpZWQgd2hlbiBhIGdhdGUgaXMgdHJpZ2dlcmVkLiAgVGhlIHBvbGljeSBuZWNlc3Nh cmlseSBoYXMKdG8gYmUgdGFpbG9yZWQgdG8gdGhlIGluZm9ybWF0aW9uIGF2YWlsYWJsZSBhdCB0 aGUgZ2F0ZSAoc28gdGhlIGJwcm0KZXhlYyBnYXRlIGtub3dzIGZpbGVzeXN0ZW0gdGhpbmdzIGxp a2UgdGhlIGlub2RlIGZvciBpbnN0YW5jZSkgYnV0IHRoZQp3aG9sZSB0aGluZyBsb29rcyB2ZXJ5 IGV4dGVuc2libGUuCgo+IFNvIHRvIHNwZWFrLCBJUEUgYWN0cyBhcyB0aGUgZ2x1ZSBmb3Igb3Ro ZXIgbWVjaGFuaXNtcyB0byBsZXZlcmFnZSBhCj4gY3VzdG9taXphYmxlLCBzeXN0ZW0td2lkZSBw b2xpY3kgdG8gZW5mb3JjZS4gV2hpbGUgdGhpcyBpbml0aWFsCj4gcGF0Y2hzZXQgb25seSBvbmJv YXJkcyBkbS12ZXJpdHksIHRoZXJl4oCZcyBhbHNvIHBvdGVudGlhbCBmb3IgTUFDCj4gbGFiZWxz LCBmcy12ZXJpdHksIGF1dGhlbnRpY2F0ZWQgQlRSRlMsIGRtLWludGVncml0eSwgZXRjLiBJUEUK PiBsZXZlcmFnZXMgZXhpc3Rpbmcgc3lzdGVtcyBpbiB0aGUga2VybmVsLCB3aGlsZSBJTUEgdXNl cyBpdHMgb3duLgoKSXMgdGhpcyBhYm91dCB3aG8gZG9lcyB0aGUgbWVhc3VyZW1lbnQ/ICBJIHRo aW5rIHRoZXJlJ3Mgbm8gcmVhc29uIGF0CmFsbCB3aHkgSU1BIGNhbid0IGxldmVyYWdlIGV4aXN0 aW5nIG1lYXN1cmVtZW50cywgaXQncyBqdXN0IG5vdGhpbmcgdG8KbGV2ZXJhZ2UgZXhpc3RlZCB3 aGVuIGl0IHdhcyBjcmVhdGVkLgoKPiBBbm90aGVyIGRpZmZlcmVuY2UgaXMgdGhlIGdlbmVyYWwg Y292ZXJhZ2UuIElNQSBoYXMgc29tZSBkaWZmaWN1bHRpZXMKPiBpbiBjb3ZlcmluZyBtcHJvdGVj dFsxXSwgSVBFIGRvZXNu4oCZdCAodGhlIE1BUF9BTk9OWU1PVVMgaW5kaWNhdGVkIGJ5Cj4gSmFu biBpbiB0aGF0IHRocmVhZCB3b3VsZCBiZSBkZW5pZWQgYXMgdGhlIGZpbGUgc3RydWN0IHdvdWxk IGJlIG51bGwsCj4gd2l0aCBJUEXigJlzIGN1cnJlbnQgc2V0IG9mIHN1cHBvcnRlZCBtZWNoYW5p c21zLiBtcHJvdGVjdCB3b3VsZAo+IGNvbnRpbnVlIHRvIGZ1bmN0aW9uIGFzIGV4cGVjdGVkIGlm IHlvdSBjaGFuZ2UgdG8gUFJPVF9FWEVDKS4KCkkgZG9uJ3QgcmVhbGx5IHRoaW5rIGEgZGViYXRl IG92ZXIgd2hvIGRvZXMgd2hhdCBhbmQgd2h5IGlzIHByb2R1Y3RpdmUKYXQgdGhpcyBzdGFnZS4g IEkganVzdCBub3RlIHRoYXQgSU1BIHBvbGljeSBjb3VsZCBiZSB1cGRhdGVkIHRvIGRlbnkKTUFQ X0FOT05ZTU9VUywgYnV0IG5vLW9uZSdzIGFza2VkIGZvciB0aGF0IChwcm9iYWJseSBiZWNhdXNl IG9mIHRoZQpodWdlIGFwcGxpY2F0aW9uIGJyZWFrYWdlIHRoYXQgd291bGQgZW5zdWUpLiAgVGhl IHBvbGljeSBpcyBhIHByb2R1Y3QKb2YgdGhlIHVzZSBjYXNlIGFuZCB0aGUgY3VycmVudCB1c2Ug Y2FzZSBmb3IgSU1BIGlzIHdvcmtpbmcgd2l0aApleGlzdGluZyBmaWxlc3lzdGVtIHNlbWFudGlj cy4KCj4gPiBQZXJoYXBzIHRoZSBiaWcgcXVlc3Rpb24gaXM6IElmIHdlIHVzZWQgdGhlIGV4aXN0 aW5nIElNQSBhcHBlbmRlZAo+ID4gc2lnbmF0dXJlIGZvciBkZXRhY2hlZCBzaWduYXR1cmVzIChl ZmZlY3RpdmVseSBiZWNvbWluZyB0aGUKPiA+ICJwcm9wZXJ0aWVzIiByZWZlcnJlZCB0byBpbiB0 aGUgY292ZXIgbGV0dGVyKSBhbmQgaG9va2VkIElNQSBpbnRvCj4gPiBkZXZpY2UgbWFwcGVyIHVz aW5nIGFkZGl0aW9uYWwgcG9saWN5IHRlcm1zLCB3b3VsZCB0aGF0IHNhdGlzZnkgYWxsCj4gPiB0 aGUgcmVxdWlyZW1lbnRzIHRoaXMgbmV3IExTTSBoYXM/Cj4gCj4gV2VsbCwgTWltaSwgd2hhdCBk byB5b3UgdGhpbms/IFNob3VsZCB3ZSBpbnRlZ3JhdGUgYWxsIHRoZSBmZWF0dXJlcwo+IG9mIElQ RSBpbnRvIElNQSwgb3IgZG8geW91IHRoaW5rIHRoZXkgYXJlIHN1ZmZpY2llbnRseSBkaWZmZXJl bnQgaW4KPiBhcmNoaXRlY3R1cmUgdGhhdCBpdCB3b3VsZCBiZSB3b3J0aCBpdCB0byBrZWVwIHRo ZSBjb2RlIGJhc2UgaW4KPiBzZXBhcmF0ZSBMU01zPwoKSSdsbCBsZWF2ZSBNaW1pIHRvIGFuc3dl ciwgYnV0IHJlYWxseSB0aGlzIGlzIGV4YWN0bHkgdGhlIHF1ZXN0aW9uIHRoYXQKc2hvdWxkIGhh dmUgYmVlbiBhc2tlZCBiZWZvcmUgd3JpdGluZyBJUEUuICBIb3dldmVyLCBzaW5jZSB3ZSBoYXZl IHRoZQpjYXJ0IGJlZm9yZSB0aGUgaG9yc2UsIGxldCBtZSBicmVhayB0aGUgYWJvdmUgZG93biBp bnRvIHR3byBzcGVjaWZpYwpxdWVzdGlvbnMuCgogICAxLiBDb3VsZCB3ZSBpbXBsZW1lbnQgSVBF IGluIElNQSAoYXMgaW4gd291bGQgZXh0ZW5zaW9ucyB0byBJTUEgY292ZXIKICAgICAgZXZlcnl0 aGluZykuICBJIHRoaW5rIHRoZSBhbnN3ZXJzIGFib3ZlIGluZGljYXRlIHRoaXMgaXMgYSAieWVz Ii4KICAgMi4gU2hvdWxkIHdlIGV4dGVuZCBJTUEgdG8gaW1wbGVtZW50IGl0PyAgVGhpcyBpcyBy ZWFsbHkgd2hldGhlciBmcm9tIGEKICAgICAgdXNhYmlsaXR5IHN0YW5kcG9pbnQgdHdvIHNlcGVy YXRlIExTTXMgd291bGQgbWFrZSBzZW5zZSB0byBjb3ZlciB0aGUKICAgICAgZGlmZmVyZW50IHVz ZSBjYXNlcy4gIEkndmUgZ290IHRvIHNheSB0aGUgbGVhc3QgYXR0cmFjdGl2ZSB0aGluZwogICAg ICBhYm91dCBzZXBhcmF0aW9uIGlzIHRoZSBmYWN0IHRoYXQgeW91IG5vdyBib3RoIGhhdmUgYSBw b2xpY3kgcGFyc2VyLgogICAgICAgWW91J3ZlIHRyaWVkIHRvIGRpZmZlcmVudGlhdGUgeW91cnMg YnkgbWFraW5nIGl0IG1vcmUgS2NvbmZpZwogICAgICBiYXNlZCwgYnV0IHBvbGljeSBoYXMgYSB3 YXkgb2YgYmVjb21pbmcgdXNlciBzcGFjZSBzdXBwbGllZCBiZWNhdXNlCiAgICAgIHRoZSBkaXN0 cm9zIGhhdGUgY29uZmlnIG9wdGlvbnMsIHNvIEkgdGhpbmsgeW91J3JlIGdvaW5nIHRvIGVuZCB1 cAogICAgICB3aXRoIGEgcG9saWN5IHBhcnNlciB2ZXJ5IGxpa2UgSU1Bcy4KCkphbWVzCgoKLS0K ZG0tZGV2ZWwgbWFpbGluZyBsaXN0CmRtLWRldmVsQHJlZGhhdC5jb20KaHR0cHM6Ly93d3cucmVk aGF0LmNvbS9tYWlsbWFuL2xpc3RpbmZvL2RtLWRldmVs From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 346B1C433DF for ; Wed, 5 Aug 2020 15:55:15 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D068D233FE for ; Wed, 5 Aug 2020 15:55:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D068D233FE Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=hansenpartnership.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-441-RIgR_GJ2Mayy_bpH_bueiw-1; Wed, 05 Aug 2020 11:55:11 -0400 X-MC-Unique: RIgR_GJ2Mayy_bpH_bueiw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 220B280183C; Wed, 5 Aug 2020 15:55:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CAF1965C63; Wed, 5 Aug 2020 15:55:07 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 97A4696913; Wed, 5 Aug 2020 15:55:05 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 075F1kfQ004483 for ; Wed, 5 Aug 2020 11:01:46 -0400 Received: by smtp.corp.redhat.com (Postfix) id E456E2029F71; Wed, 5 Aug 2020 15:01:45 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7649B20234BD for ; Wed, 5 Aug 2020 15:01:43 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 376DE104984F for ; Wed, 5 Aug 2020 15:01:43 +0000 (UTC) Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [66.63.167.143]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-22-I-aLXAhPMsWSxOR_FbyMJA-1; Wed, 05 Aug 2020 11:01:36 -0400 X-MC-Unique: I-aLXAhPMsWSxOR_FbyMJA-1 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id D79E28EE1DD; Wed, 5 Aug 2020 08:01:31 -0700 (PDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FBfBPUShTYhM; Wed, 5 Aug 2020 08:01:31 -0700 (PDT) Received: from [153.66.254.194] (unknown [50.35.76.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 3D9978EE0F8; Wed, 5 Aug 2020 08:01:30 -0700 (PDT) Message-ID: <1596639689.3457.17.camel@HansenPartnership.com> Subject: Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE) From: James Bottomley To: Deven Bowers , Pavel Machek , Sasha Levin Date: Wed, 05 Aug 2020 08:01:29 -0700 In-Reply-To: References: <20200728213614.586312-1-deven.desai@linux.microsoft.com> <20200802115545.GA1162@bug> <20200802140300.GA2975990@sasha-vm> <20200802143143.GB20261@amd> <1596386606.4087.20.camel@HansenPartnership.com> Mime-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false; X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 075F1kfQ004483 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Wed, 05 Aug 2020 11:55:03 -0400 Cc: snitzer@redhat.com, zohar@linux.ibm.com, dm-devel@redhat.com, tyhicks@linux.microsoft.com, agk@redhat.com, corbet@lwn.net, jmorris@namei.org, nramas@linux.microsoft.com, serge@hallyn.com, pasha.tatashin@soleen.com, jannh@google.com, linux-block@vger.kernel.org, viro@zeniv.linux.org.uk, axboe@kernel.dk, mdsakib@microsoft.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-audit@redhat.com, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, jaskarankhurana@linux.microsoft.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 T24gVHVlLCAyMDIwLTA4LTA0IGF0IDA5OjA3IC0wNzAwLCBEZXZlbiBCb3dlcnMgd3JvdGU6Cj4g T24gOC8yLzIwMjAgOTo0MyBBTSwgSmFtZXMgQm90dG9tbGV5IHdyb3RlOgo+ID4gT24gU3VuLCAy MDIwLTA4LTAyIGF0IDE2OjMxICswMjAwLCBQYXZlbCBNYWNoZWsgd3JvdGU6Cj4gPiA+IE9uIFN1 biAyMDIwLTA4LTAyIDEwOjAzOjAwLCBTYXNoYSBMZXZpbiB3cm90ZToKPiA+ID4gPiBPbiBTdW4s IEF1ZyAwMiwgMjAyMCBhdCAwMTo1NTo0NVBNICswMjAwLCBQYXZlbCBNYWNoZWsgd3JvdGU6Cj4g PiA+ID4gPiBIaSEKPiA+ID4gPiA+IAo+ID4gPiA+ID4gPiBJUEUgaXMgYSBMaW51eCBTZWN1cml0 eSBNb2R1bGUgd2hpY2ggYWxsb3dzIGZvciBhCj4gPiA+ID4gPiA+IGNvbmZpZ3VyYWJsZSBwb2xp Y3kgdG8gZW5mb3JjZSBpbnRlZ3JpdHkgcmVxdWlyZW1lbnRzIG9uCj4gPiA+ID4gPiA+IHRoZSB3 aG9sZSBzeXN0ZW0uIEl0IGF0dGVtcHRzIHRvIHNvbHZlIHRoZSBpc3N1ZSBvZiBDb2RlCj4gPiA+ ID4gPiA+IEludGVncml0eTogdGhhdCBhbnkgY29kZSBiZWluZyBleGVjdXRlZCAob3IgZmlsZXMg YmVpbmcKPiA+ID4gPiA+ID4gcmVhZCksIGFyZSBpZGVudGljYWwgdG8gdGhlIHZlcnNpb24gdGhh dCB3YXMgYnVpbHQgYnkgYQo+ID4gPiA+ID4gPiB0cnVzdGVkIHNvdXJjZS4KPiA+ID4gPiA+IAo+ ID4gPiA+ID4gSG93IGlzIHRoYXQgZGlmZmVyZW50IGZyb20gc2VjdXJpdHkvaW50ZWdyaXR5L2lt YT8KPiA+ID4gPiAKPiA+ID4gPiBNYXliZSBpZiB5b3Ugd291bGQgaGF2ZSByZWFkIHRoZSBjb3Zl ciBsZXR0ZXIgYWxsIHRoZSB3YXkgZG93bgo+ID4gPiA+IHRvIHRoZSA1dGggcGFyYWdyYXBoIHdo aWNoIGV4cGxhaW5zIGhvdyBJUEUgaXMgZGlmZmVyZW50IGZyb20KPiA+ID4gPiBJTUEgd2UgY291 bGQgYXZvaWRlZCB0aGlzIG1haWwgZXhjaGFuZ2UuLi4KPiA+ID4gCj4gPiA+ICIKPiA+ID4gSVBF IGRpZmZlcnMgZnJvbSBvdGhlciBMU01zIHdoaWNoIHByb3ZpZGUgaW50ZWdyaXR5IGNoZWNraW5n IChmb3IKPiA+ID4gaW5zdGFuY2UsIElNQSksIGFzIGl0IGhhcyBubyBkZXBlbmRlbmN5IG9uIHRo ZSBmaWxlc3lzdGVtCj4gPiA+IG1ldGFkYXRhIGl0c2VsZi4KPiA+ID4gVGhlIGF0dHJpYnV0ZXMg dGhhdCBJUEUgY2hlY2tzIGFyZSBkZXRlcm1pbmlzdGljIHByb3BlcnRpZXMgdGhhdAo+ID4gPiBl eGlzdCBzb2xlbHkgaW4gdGhlIGtlcm5lbC4gQWRkaXRpb25hbGx5LCBJUEUgcHJvdmlkZXMgbm8K PiA+ID4gYWRkaXRpb25hbCBtZWNoYW5pc21zIG9mIHZlcmlmeWluZyB0aGVzZSBmaWxlcyAoZS5n LiBJTUEKPiA+ID4gU2lnbmF0dXJlcykgLSBhbGwgb2YgdGhlIGF0dHJpYnV0ZXMgb2YgdmVyaWZ5 aW5nIGZpbGVzIGFyZQo+ID4gPiBleGlzdGluZyBmZWF0dXJlcyB3aXRoaW4gdGhlIGtlcm5lbCwg c3VjaCBhcyBkbS12ZXJpdHkKPiA+ID4gb3IgZnN2ZXJpdHkuCj4gPiA+ICIKPiA+ID4gCj4gPiA+ IFRoYXQgaXMgbm90IHJlYWxseSBoZWxwZnVsLgo+IAo+IFBlcmhhcHMgSSBjYW4gZXhwbGFpbiAo YW5kIHJlLXdvcmQgdGhpcyBwYXJhZ3JhcGgpIGEgYml0IGJldHRlci4KPiAKPiBBcyBKYW1lcyBp bmRpY2F0ZXMsIElQRSBkb2VzIHRyeSB0byBjbG9zZSB0aGUgZ2FwIG9mIHRoZSBJTUEKPiBsaW1p dGF0aW9uIHdpdGggeGF0dHIuIEkgaG9uZXN0bHkgd2FzbuKAmXQgZmFtaWxpYXIgd2l0aCB0aGUg YXBwZW5kZWQKPiBzaWduYXR1cmVzLCB3aGljaCBzZWVtcyBmaW5lLgo+IAo+IFJlZ2FyZGxlc3Ms IHRoaXMgaXNu4oCZdCB0aGUgbGFyZ2VyIGJlbmVmaXQgdGhhdCBJUEUgcHJvdmlkZXMuIFRoZQo+ IGxhcmdlciBiZW5lZml0IG9mIHRoaXMgaXMgaG93IElQRSBzZXBhcmF0ZXMgX21lY2hhbmlzbXNf IChwcm9wZXJ0aWVzKQo+IHRvIGVuZm9yY2UgaW50ZWdyaXR5IHJlcXVpcmVtZW50cywgZnJvbSBf cG9saWN5Xy4gVGhlIExTTSBwcm92aWRlcwo+IHBvbGljeSwgd2hpbGUgdGhpbmdzIGxpa2UgZG0t dmVyaXR5IHByb3ZpZGUgbWVjaGFuaXNtLgoKQ29sb3VyIG1lIGNvbmZ1c2VkIGhlcmUsIGJ1dCBJ IHRob3VnaHQgdGhhdCdzIGV4YWN0bHkgd2hhdCBJTUEgZG9lcy4gClRoZSBtZWNoYW5pc20gaXMg dGhlIGdhdGVzIGFuZCB0aGUgcG9saWN5IGlzIHNpbXBseSBhIGxpc3Qgb2YgcnVsZXMKd2hpY2gg YXJlIGFwcGxpZWQgd2hlbiBhIGdhdGUgaXMgdHJpZ2dlcmVkLiAgVGhlIHBvbGljeSBuZWNlc3Nh cmlseSBoYXMKdG8gYmUgdGFpbG9yZWQgdG8gdGhlIGluZm9ybWF0aW9uIGF2YWlsYWJsZSBhdCB0 aGUgZ2F0ZSAoc28gdGhlIGJwcm0KZXhlYyBnYXRlIGtub3dzIGZpbGVzeXN0ZW0gdGhpbmdzIGxp a2UgdGhlIGlub2RlIGZvciBpbnN0YW5jZSkgYnV0IHRoZQp3aG9sZSB0aGluZyBsb29rcyB2ZXJ5 IGV4dGVuc2libGUuCgo+IFNvIHRvIHNwZWFrLCBJUEUgYWN0cyBhcyB0aGUgZ2x1ZSBmb3Igb3Ro ZXIgbWVjaGFuaXNtcyB0byBsZXZlcmFnZSBhCj4gY3VzdG9taXphYmxlLCBzeXN0ZW0td2lkZSBw b2xpY3kgdG8gZW5mb3JjZS4gV2hpbGUgdGhpcyBpbml0aWFsCj4gcGF0Y2hzZXQgb25seSBvbmJv YXJkcyBkbS12ZXJpdHksIHRoZXJl4oCZcyBhbHNvIHBvdGVudGlhbCBmb3IgTUFDCj4gbGFiZWxz LCBmcy12ZXJpdHksIGF1dGhlbnRpY2F0ZWQgQlRSRlMsIGRtLWludGVncml0eSwgZXRjLiBJUEUK PiBsZXZlcmFnZXMgZXhpc3Rpbmcgc3lzdGVtcyBpbiB0aGUga2VybmVsLCB3aGlsZSBJTUEgdXNl cyBpdHMgb3duLgoKSXMgdGhpcyBhYm91dCB3aG8gZG9lcyB0aGUgbWVhc3VyZW1lbnQ/ICBJIHRo aW5rIHRoZXJlJ3Mgbm8gcmVhc29uIGF0CmFsbCB3aHkgSU1BIGNhbid0IGxldmVyYWdlIGV4aXN0 aW5nIG1lYXN1cmVtZW50cywgaXQncyBqdXN0IG5vdGhpbmcgdG8KbGV2ZXJhZ2UgZXhpc3RlZCB3 aGVuIGl0IHdhcyBjcmVhdGVkLgoKPiBBbm90aGVyIGRpZmZlcmVuY2UgaXMgdGhlIGdlbmVyYWwg Y292ZXJhZ2UuIElNQSBoYXMgc29tZSBkaWZmaWN1bHRpZXMKPiBpbiBjb3ZlcmluZyBtcHJvdGVj dFsxXSwgSVBFIGRvZXNu4oCZdCAodGhlIE1BUF9BTk9OWU1PVVMgaW5kaWNhdGVkIGJ5Cj4gSmFu biBpbiB0aGF0IHRocmVhZCB3b3VsZCBiZSBkZW5pZWQgYXMgdGhlIGZpbGUgc3RydWN0IHdvdWxk IGJlIG51bGwsCj4gd2l0aCBJUEXigJlzIGN1cnJlbnQgc2V0IG9mIHN1cHBvcnRlZCBtZWNoYW5p c21zLiBtcHJvdGVjdCB3b3VsZAo+IGNvbnRpbnVlIHRvIGZ1bmN0aW9uIGFzIGV4cGVjdGVkIGlm IHlvdSBjaGFuZ2UgdG8gUFJPVF9FWEVDKS4KCkkgZG9uJ3QgcmVhbGx5IHRoaW5rIGEgZGViYXRl IG92ZXIgd2hvIGRvZXMgd2hhdCBhbmQgd2h5IGlzIHByb2R1Y3RpdmUKYXQgdGhpcyBzdGFnZS4g IEkganVzdCBub3RlIHRoYXQgSU1BIHBvbGljeSBjb3VsZCBiZSB1cGRhdGVkIHRvIGRlbnkKTUFQ X0FOT05ZTU9VUywgYnV0IG5vLW9uZSdzIGFza2VkIGZvciB0aGF0IChwcm9iYWJseSBiZWNhdXNl IG9mIHRoZQpodWdlIGFwcGxpY2F0aW9uIGJyZWFrYWdlIHRoYXQgd291bGQgZW5zdWUpLiAgVGhl IHBvbGljeSBpcyBhIHByb2R1Y3QKb2YgdGhlIHVzZSBjYXNlIGFuZCB0aGUgY3VycmVudCB1c2Ug Y2FzZSBmb3IgSU1BIGlzIHdvcmtpbmcgd2l0aApleGlzdGluZyBmaWxlc3lzdGVtIHNlbWFudGlj cy4KCj4gPiBQZXJoYXBzIHRoZSBiaWcgcXVlc3Rpb24gaXM6IElmIHdlIHVzZWQgdGhlIGV4aXN0 aW5nIElNQSBhcHBlbmRlZAo+ID4gc2lnbmF0dXJlIGZvciBkZXRhY2hlZCBzaWduYXR1cmVzIChl ZmZlY3RpdmVseSBiZWNvbWluZyB0aGUKPiA+ICJwcm9wZXJ0aWVzIiByZWZlcnJlZCB0byBpbiB0 aGUgY292ZXIgbGV0dGVyKSBhbmQgaG9va2VkIElNQSBpbnRvCj4gPiBkZXZpY2UgbWFwcGVyIHVz aW5nIGFkZGl0aW9uYWwgcG9saWN5IHRlcm1zLCB3b3VsZCB0aGF0IHNhdGlzZnkgYWxsCj4gPiB0 aGUgcmVxdWlyZW1lbnRzIHRoaXMgbmV3IExTTSBoYXM/Cj4gCj4gV2VsbCwgTWltaSwgd2hhdCBk byB5b3UgdGhpbms/IFNob3VsZCB3ZSBpbnRlZ3JhdGUgYWxsIHRoZSBmZWF0dXJlcwo+IG9mIElQ RSBpbnRvIElNQSwgb3IgZG8geW91IHRoaW5rIHRoZXkgYXJlIHN1ZmZpY2llbnRseSBkaWZmZXJl bnQgaW4KPiBhcmNoaXRlY3R1cmUgdGhhdCBpdCB3b3VsZCBiZSB3b3J0aCBpdCB0byBrZWVwIHRo ZSBjb2RlIGJhc2UgaW4KPiBzZXBhcmF0ZSBMU01zPwoKSSdsbCBsZWF2ZSBNaW1pIHRvIGFuc3dl ciwgYnV0IHJlYWxseSB0aGlzIGlzIGV4YWN0bHkgdGhlIHF1ZXN0aW9uIHRoYXQKc2hvdWxkIGhh dmUgYmVlbiBhc2tlZCBiZWZvcmUgd3JpdGluZyBJUEUuICBIb3dldmVyLCBzaW5jZSB3ZSBoYXZl IHRoZQpjYXJ0IGJlZm9yZSB0aGUgaG9yc2UsIGxldCBtZSBicmVhayB0aGUgYWJvdmUgZG93biBp bnRvIHR3byBzcGVjaWZpYwpxdWVzdGlvbnMuCgogICAxLiBDb3VsZCB3ZSBpbXBsZW1lbnQgSVBF IGluIElNQSAoYXMgaW4gd291bGQgZXh0ZW5zaW9ucyB0byBJTUEgY292ZXIKICAgICAgZXZlcnl0 aGluZykuICBJIHRoaW5rIHRoZSBhbnN3ZXJzIGFib3ZlIGluZGljYXRlIHRoaXMgaXMgYSAieWVz Ii4KICAgMi4gU2hvdWxkIHdlIGV4dGVuZCBJTUEgdG8gaW1wbGVtZW50IGl0PyAgVGhpcyBpcyBy ZWFsbHkgd2hldGhlciBmcm9tIGEKICAgICAgdXNhYmlsaXR5IHN0YW5kcG9pbnQgdHdvIHNlcGVy YXRlIExTTXMgd291bGQgbWFrZSBzZW5zZSB0byBjb3ZlciB0aGUKICAgICAgZGlmZmVyZW50IHVz ZSBjYXNlcy4gIEkndmUgZ290IHRvIHNheSB0aGUgbGVhc3QgYXR0cmFjdGl2ZSB0aGluZwogICAg ICBhYm91dCBzZXBhcmF0aW9uIGlzIHRoZSBmYWN0IHRoYXQgeW91IG5vdyBib3RoIGhhdmUgYSBw b2xpY3kgcGFyc2VyLgogICAgICAgWW91J3ZlIHRyaWVkIHRvIGRpZmZlcmVudGlhdGUgeW91cnMg YnkgbWFraW5nIGl0IG1vcmUgS2NvbmZpZwogICAgICBiYXNlZCwgYnV0IHBvbGljeSBoYXMgYSB3 YXkgb2YgYmVjb21pbmcgdXNlciBzcGFjZSBzdXBwbGllZCBiZWNhdXNlCiAgICAgIHRoZSBkaXN0 cm9zIGhhdGUgY29uZmlnIG9wdGlvbnMsIHNvIEkgdGhpbmsgeW91J3JlIGdvaW5nIHRvIGVuZCB1 cAogICAgICB3aXRoIGEgcG9saWN5IHBhcnNlciB2ZXJ5IGxpa2UgSU1Bcy4KCkphbWVzCgoKLS0K TGludXgtYXVkaXQgbWFpbGluZyBsaXN0CkxpbnV4LWF1ZGl0QHJlZGhhdC5jb20KaHR0cHM6Ly93 d3cucmVkaGF0LmNvbS9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LWF1ZGl0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E49AFC433E0 for ; Wed, 5 Aug 2020 19:48:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C138B22CA0 for ; Wed, 5 Aug 2020 19:48:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="B1prvCHa"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="B1prvCHa" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728391AbgHETsI (ORCPT ); Wed, 5 Aug 2020 15:48:08 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:39006 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728145AbgHEQ6y (ORCPT ); Wed, 5 Aug 2020 12:58:54 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id D79E28EE1DD; Wed, 5 Aug 2020 08:01:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1596639691; bh=5KjscTjJ2rT9ybNg+PHjihmjqEcOr8OKbSKYiE1mN1I=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=B1prvCHaxEOP6CSKSR0sHnRVt+H7uKCtNBlJKR80V92AyV4g/UjhOaObGhccE1cxU h67RP5SGz6mKGuFNlGpONxtoRbl7VGSuPWAch2yCZ1IyNcoEJYsxbLlHDD3W5DNw4C EiJrjXIJ5VmBGYjtG0XlF6FaVWV2wOa28tr7BgzY= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FBfBPUShTYhM; Wed, 5 Aug 2020 08:01:31 -0700 (PDT) Received: from [153.66.254.194] (unknown [50.35.76.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 3D9978EE0F8; Wed, 5 Aug 2020 08:01:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1596639691; bh=5KjscTjJ2rT9ybNg+PHjihmjqEcOr8OKbSKYiE1mN1I=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=B1prvCHaxEOP6CSKSR0sHnRVt+H7uKCtNBlJKR80V92AyV4g/UjhOaObGhccE1cxU h67RP5SGz6mKGuFNlGpONxtoRbl7VGSuPWAch2yCZ1IyNcoEJYsxbLlHDD3W5DNw4C EiJrjXIJ5VmBGYjtG0XlF6FaVWV2wOa28tr7BgzY= Message-ID: <1596639689.3457.17.camel@HansenPartnership.com> Subject: Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE) From: James Bottomley To: Deven Bowers , Pavel Machek , Sasha Levin Cc: snitzer@redhat.com, zohar@linux.ibm.com, dm-devel@redhat.com, tyhicks@linux.microsoft.com, agk@redhat.com, paul@paul-moore.com, corbet@lwn.net, jmorris@namei.org, nramas@linux.microsoft.com, serge@hallyn.com, pasha.tatashin@soleen.com, jannh@google.com, linux-block@vger.kernel.org, viro@zeniv.linux.org.uk, axboe@kernel.dk, mdsakib@microsoft.com, linux-kernel@vger.kernel.org, eparis@redhat.com, linux-security-module@vger.kernel.org, linux-audit@redhat.com, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, jaskarankhurana@linux.microsoft.com Date: Wed, 05 Aug 2020 08:01:29 -0700 In-Reply-To: References: <20200728213614.586312-1-deven.desai@linux.microsoft.com> <20200802115545.GA1162@bug> <20200802140300.GA2975990@sasha-vm> <20200802143143.GB20261@amd> <1596386606.4087.20.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org On Tue, 2020-08-04 at 09:07 -0700, Deven Bowers wrote: > On 8/2/2020 9:43 AM, James Bottomley wrote: > > On Sun, 2020-08-02 at 16:31 +0200, Pavel Machek wrote: > > > On Sun 2020-08-02 10:03:00, Sasha Levin wrote: > > > > On Sun, Aug 02, 2020 at 01:55:45PM +0200, Pavel Machek wrote: > > > > > Hi! > > > > > > > > > > > IPE is a Linux Security Module which allows for a > > > > > > configurable policy to enforce integrity requirements on > > > > > > the whole system. It attempts to solve the issue of Code > > > > > > Integrity: that any code being executed (or files being > > > > > > read), are identical to the version that was built by a > > > > > > trusted source. > > > > > > > > > > How is that different from security/integrity/ima? > > > > > > > > Maybe if you would have read the cover letter all the way down > > > > to the 5th paragraph which explains how IPE is different from > > > > IMA we could avoided this mail exchange... > > > > > > " > > > IPE differs from other LSMs which provide integrity checking (for > > > instance, IMA), as it has no dependency on the filesystem > > > metadata itself. > > > The attributes that IPE checks are deterministic properties that > > > exist solely in the kernel. Additionally, IPE provides no > > > additional mechanisms of verifying these files (e.g. IMA > > > Signatures) - all of the attributes of verifying files are > > > existing features within the kernel, such as dm-verity > > > or fsverity. > > > " > > > > > > That is not really helpful. > > Perhaps I can explain (and re-word this paragraph) a bit better. > > As James indicates, IPE does try to close the gap of the IMA > limitation with xattr. I honestly wasn’t familiar with the appended > signatures, which seems fine. > > Regardless, this isn’t the larger benefit that IPE provides. The > larger benefit of this is how IPE separates _mechanisms_ (properties) > to enforce integrity requirements, from _policy_. The LSM provides > policy, while things like dm-verity provide mechanism. Colour me confused here, but I thought that's exactly what IMA does. The mechanism is the gates and the policy is simply a list of rules which are applied when a gate is triggered. The policy necessarily has to be tailored to the information available at the gate (so the bprm exec gate knows filesystem things like the inode for instance) but the whole thing looks very extensible. > So to speak, IPE acts as the glue for other mechanisms to leverage a > customizable, system-wide policy to enforce. While this initial > patchset only onboards dm-verity, there’s also potential for MAC > labels, fs-verity, authenticated BTRFS, dm-integrity, etc. IPE > leverages existing systems in the kernel, while IMA uses its own. Is this about who does the measurement? I think there's no reason at all why IMA can't leverage existing measurements, it's just nothing to leverage existed when it was created. > Another difference is the general coverage. IMA has some difficulties > in covering mprotect[1], IPE doesn’t (the MAP_ANONYMOUS indicated by > Jann in that thread would be denied as the file struct would be null, > with IPE’s current set of supported mechanisms. mprotect would > continue to function as expected if you change to PROT_EXEC). I don't really think a debate over who does what and why is productive at this stage. I just note that IMA policy could be updated to deny MAP_ANONYMOUS, but no-one's asked for that (probably because of the huge application breakage that would ensue). The policy is a product of the use case and the current use case for IMA is working with existing filesystem semantics. > > Perhaps the big question is: If we used the existing IMA appended > > signature for detached signatures (effectively becoming the > > "properties" referred to in the cover letter) and hooked IMA into > > device mapper using additional policy terms, would that satisfy all > > the requirements this new LSM has? > > Well, Mimi, what do you think? Should we integrate all the features > of IPE into IMA, or do you think they are sufficiently different in > architecture that it would be worth it to keep the code base in > separate LSMs? I'll leave Mimi to answer, but really this is exactly the question that should have been asked before writing IPE. However, since we have the cart before the horse, let me break the above down into two specific questions. 1. Could we implement IPE in IMA (as in would extensions to IMA cover everything). I think the answers above indicate this is a "yes". 2. Should we extend IMA to implement it? This is really whether from a usability standpoint two seperate LSMs would make sense to cover the different use cases. I've got to say the least attractive thing about separation is the fact that you now both have a policy parser. You've tried to differentiate yours by making it more Kconfig based, but policy has a way of becoming user space supplied because the distros hate config options, so I think you're going to end up with a policy parser very like IMAs. James