From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Roberto Sassu <roberto.sassu@polito.it>
Cc: Lennart Poettering <lennart@poettering.net>,
initramfs@vger.kernel.org, systemd-devel@lists.freedesktop.org,
linux-ima-user@lists.sourceforge.net,
linux-security-module@vger.kernel.org,
Gustavo Sverzut Barbieri <barbieri@profusion.mobi>,
harald@redhat.com, ramunno@polito.it,
Andrew Morton <akpm@linux-foundation.org>,
Greg KH <greg@kroah.com>
Subject: Re: [Linux-ima-user] [systemd-devel] [PATCH 2/2] main: added support for loading IMA custom policies
Date: Tue, 21 Feb 2012 11:15:33 -0500 [thread overview]
Message-ID: <1329840934.2186.40.camel@falcor> (raw)
In-Reply-To: <4F43A2F9.2030901@polito.it>
On Tue, 2012-02-21 at 14:58 +0100, Roberto Sassu wrote:
> Hi Mimi
>
> do you intend a patch to reintroduce the 'ima=' kernel parameter for
> enabling/disabling IMA? If so, i have not actually thought about this
> but it should be not difficult to implement. Probably we can support
> these modes:
I'm not sure. There was a lot of complaint way back when. Before
re-introducing it, I'd prefer to hear from others how they feel.
> - disabled: IMA returns immediately to the system call;
Today this is done by booting with a null policy.
> - measure_only: IMA performs only measurements and does not return any
> error to the system call;
Booting with a policy, will achieve this result.
> - appraise_permissive: IMA stores measurements in the files extended
> attribute and in the measurements list but does not return any error
> to the system call even if the integrity check fails;
IMA and IMA-appraisal are different features and should not be combined.
Currently, one can be enabled without the other. For example, some may
only want the measurement list, while others may only want integrity
enforcement.
> - appraise_enforce: IMA does the same as the previous mode but returns
> an error to the system call if the integrity check fails.
"ima_appraise= enabled | fix | off" are currently supported.
> Further, we can have a simple user-space package which will contain the
> documentation about how to write a policy (so that it will be more
> easy to find in respect to the whole kernel documentation) and a tool
> that will fix/verify the measurements stored in the files extended
> attribute.
>
> Having a separate user-space package will simplify the interaction for
> users with the IMA kernel-space portion and will allow to determine
> whether the IMA support should be enabled in Systemd.
Having a Systemd config file wouldn't change the need for the existing
boot command line options. None of them can or should go away, since
IMA must start measuring before any files are accessed, including the
config and policy files, otherwise the chain of trust would be lost.
thanks,
Mimi
next prev parent reply other threads:[~2012-02-21 16:15 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-15 13:23 [PATCH 1/2] systemd: mount the securityfs filesystem at early stage Roberto Sassu
2012-02-15 13:23 ` [PATCH 2/2] main: added support for loading IMA custom policies Roberto Sassu
[not found] ` <1329312229-11856-2-git-send-email-roberto.sassu-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2012-02-15 14:30 ` [systemd-devel] " Gustavo Sverzut Barbieri
2012-02-15 16:26 ` Roberto Sassu
[not found] ` <4F3BDCAA.7040001-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2012-02-15 16:55 ` [systemd-devel] " Gustavo Sverzut Barbieri
[not found] ` <CAPdpN3C0xDeVBrbDxesPdEV+owf-q_wxUHTmr4YDCHw=NgPV1Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-02-15 17:12 ` Roberto Sassu
[not found] ` <4F3BE763.9060704-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2012-02-16 4:56 ` [Linux-ima-user] " Michael Cassaniti
2012-02-16 13:19 ` Mimi Zohar
2012-02-16 13:38 ` Roberto Sassu
2012-02-16 14:30 ` Gustavo Sverzut Barbieri
[not found] ` <CAPdpN3AAwJ6s-fOgTCV4h4OCKCw3RhEav56LJaUXWVpuf4Jowg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-02-16 14:35 ` Roberto Sassu
2012-02-16 21:50 ` Gustavo Sverzut Barbieri
2012-02-20 17:24 ` [Linux-ima-user] " Lennart Poettering
2012-02-20 19:06 ` [systemd-devel] " Roberto Sassu
2012-02-20 19:18 ` Lennart Poettering
[not found] ` <20120220191804.GD360-kS5D54t9nk0aINubkmmoJbNAH6kLmebB@public.gmane.org>
2012-02-21 10:05 ` Roberto Sassu
[not found] ` <4F436C7A.9020206-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2012-02-21 13:01 ` [Linux-ima-user] [systemd-devel] " Mimi Zohar
2012-02-21 13:58 ` Roberto Sassu
2012-02-21 16:15 ` Mimi Zohar [this message]
2012-02-21 17:32 ` Roberto Sassu
[not found] ` <4F43D532.7070006-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2012-02-21 17:54 ` Mimi Zohar
2012-02-21 17:56 ` Kay Sievers
[not found] ` <CAPXgP10zCVgj4gDTzkJ1+XqKSHhjrCHwkUazJ8caaeMF2j+mMg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-02-21 18:07 ` Roberto Sassu
[not found] ` <4F43DD49.2040202-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2012-02-21 19:06 ` Kay Sievers
2012-02-21 14:07 ` [systemd-devel] [Linux-ima-user] " Colin Guthrie
2012-02-21 14:32 ` Kay Sievers
[not found] ` <CAPXgP13c1B80u14E4FrhZEJ89NDvDP--ciWikz0j+m4En6zPRQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-02-21 16:14 ` Mimi Zohar
2012-02-21 18:25 ` Roberto Sassu
2012-02-21 12:25 ` [Linux-ima-user] [systemd-devel] " Mimi Zohar
2012-02-20 17:21 ` [systemd-devel] [Linux-ima-user] " Lennart Poettering
[not found] ` <4F3C8C6F.4010708-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-02-20 17:18 ` Lennart Poettering
2012-02-20 17:14 ` [systemd-devel] " Lennart Poettering
2012-02-20 18:36 ` Roberto Sassu
[not found] ` <4F4292A4.2030402-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2012-02-20 19:07 ` Lennart Poettering
2012-02-21 9:17 ` Roberto Sassu
2012-02-20 17:13 ` Lennart Poettering
2012-02-20 17:12 ` Lennart Poettering
2012-02-20 18:23 ` Roberto Sassu
[not found] ` <4F428FB0.3000200-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2012-02-20 18:52 ` Lennart Poettering
[not found] ` <20120220185236.GB360-kS5D54t9nk0aINubkmmoJbNAH6kLmebB@public.gmane.org>
2012-02-20 19:11 ` Roberto Sassu
[not found] ` <1329312229-11856-1-git-send-email-roberto.sassu-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2012-02-20 17:04 ` [systemd-devel] [PATCH 1/2] systemd: mount the securityfs filesystem at early stage Lennart Poettering
[not found] ` <20120220170436.GA26356-kS5D54t9nk0aINubkmmoJbNAH6kLmebB@public.gmane.org>
2012-02-20 18:02 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1329840934.2186.40.camel@falcor \
--to=zohar@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=barbieri@profusion.mobi \
--cc=greg@kroah.com \
--cc=harald@redhat.com \
--cc=initramfs@vger.kernel.org \
--cc=lennart@poettering.net \
--cc=linux-ima-user@lists.sourceforge.net \
--cc=linux-security-module@vger.kernel.org \
--cc=ramunno@polito.it \
--cc=roberto.sassu@polito.it \
--cc=systemd-devel@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox