From: Paul Moore <paul@paul-moore.com>
To: Fan Wu <wufan@linux.microsoft.com>,
corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org,
serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org,
axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org,
eparis@redhat.com
Cc: linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-block@vger.kernel.org,
dm-devel@redhat.com, audit@vger.kernel.org,
roberto.sassu@huawei.com, linux-kernel@vger.kernel.org,
Deven Bowers <deven.desai@linux.microsoft.com>,
Fan Wu <wufan@linux.microsoft.com>
Subject: Re: [PATCH RFC v10 1/17] security: add ipe lsm
Date: Sat, 08 Jul 2023 01:36:54 -0400 [thread overview]
Message-ID: <b460c0317dfbd5b4668015e104ea3e92.paul@paul-moore.com> (raw)
In-Reply-To: <1687986571-16823-2-git-send-email-wufan@linux.microsoft.com>
On Jun 28, 2023 Fan Wu <wufan@linux.microsoft.com> wrote:
>
> Integrity Policy Enforcement (IPE) is an LSM that provides an
> complimentary approach to Mandatory Access Control than existing LSMs
> today.
>
> Existing LSMs have centered around the concept of access to a resource
> should be controlled by the current user's credentials. IPE's approach,
> is that access to a resource should be controlled by the system's trust
> of a current resource.
>
> The basis of this approach is defining a global policy to specify which
> resource can be trusted.
>
> Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
> Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
> ---
> MAINTAINERS | 7 +++++++
> security/Kconfig | 11 ++++++-----
> security/Makefile | 1 +
> security/ipe/Kconfig | 17 +++++++++++++++++
> security/ipe/Makefile | 10 ++++++++++
> security/ipe/ipe.c | 37 +++++++++++++++++++++++++++++++++++++
> security/ipe/ipe.h | 16 ++++++++++++++++
> 7 files changed, 94 insertions(+), 5 deletions(-)
> create mode 100644 security/ipe/Kconfig
> create mode 100644 security/ipe/Makefile
> create mode 100644 security/ipe/ipe.c
> create mode 100644 security/ipe/ipe.h
...
> diff --git a/MAINTAINERS b/MAINTAINERS
> index a82795114ad4..ad00887d38ea 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -10278,6 +10278,13 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> F: security/integrity/
> F: security/integrity/ima/
>
> +INTEGRITY POLICY ENFORCEMENT (IPE)
> +M: Fan Wu <wufan@linux.microsoft.com>
> +L: linux-security-module@vger.kernel.org
> +S: Supported
> +T: git git://github.com/microsoft/ipe.git
Using the raw git protocol doesn't seem to work with GH, I think you
need to refernce the git/https URL:
https://github.com/microsoft/ipe.git
> +F: security/ipe/
> +
> INTEL 810/815 FRAMEBUFFER DRIVER
> M: Antonino Daplas <adaplas@gmail.com>
> L: linux-fbdev@vger.kernel.org
> diff --git a/security/Kconfig b/security/Kconfig
> index 97abeb9b9a19..daa4626ea99c 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -202,6 +202,7 @@ source "security/yama/Kconfig"
> source "security/safesetid/Kconfig"
> source "security/lockdown/Kconfig"
> source "security/landlock/Kconfig"
> +source "security/ipe/Kconfig"
>
> source "security/integrity/Kconfig"
>
> @@ -241,11 +242,11 @@ endchoice
>
> config LSM
> string "Ordered list of enabled LSMs"
> - default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
> - default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
> - default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
> - default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC
> - default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf"
> + default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf,ipe" if DEFAULT_SECURITY_SMACK
> + default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf,ipe" if DEFAULT_SECURITY_APPARMOR
> + default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf,ipe" if DEFAULT_SECURITY_TOMOYO
> + default "landlock,lockdown,yama,loadpin,safesetid,bpf,ipe" if DEFAULT_SECURITY_DAC
> + default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf,ipe"
Generally speaking the BPF LSM should be the last entry in the LSM
list to help prevent issues caused by a BPF LSM returning an improper
error and shortcutting a LSM after it.
> help
> A comma-separated list of LSMs, in initialization order.
> Any LSMs left off this list, except for those with order
...
> diff --git a/security/ipe/Makefile b/security/ipe/Makefile
> new file mode 100644
> index 000000000000..571648579991
> --- /dev/null
> +++ b/security/ipe/Makefile
> @@ -0,0 +1,10 @@
> +# SPDX-License-Identifier: GPL-2.0
> +#
> +# Copyright (C) Microsoft Corporation. All rights reserved.
> +#
> +# Makefile for building the IPE module as part of the kernel tree.
> +#
> +
> +obj-$(CONFIG_SECURITY_IPE) += \
> + hooks.o \
> + ipe.o \
It doesn't look like security/ipe/hook.c is included in this patch.
It is important to ensure that each patch compiles after it is
applied.
--
paul-moore.com
next prev parent reply other threads:[~2023-07-08 5:37 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-28 21:09 [RFC PATCH v10 00/17] Integrity Policy Enforcement LSM (IPE) Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 01/17] security: add ipe lsm Fan Wu
2023-07-08 5:36 ` Paul Moore [this message]
[not found] ` <ffd5c67f4a9bf45df0ce95a8fe0932a3.paul@paul-moore.com>
2023-07-13 23:31 ` [PATCH RFC v10 1/17] " Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 02/17] ipe: add policy parser Fan Wu
2023-07-08 5:36 ` [PATCH RFC v10 2/17] " Paul Moore
[not found] ` <b2abfd3883dce682ee911413fea2ec66.paul@paul-moore.com>
2023-07-14 4:18 ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 03/17] ipe: add evaluation loop Fan Wu
2023-07-08 5:36 ` [PATCH RFC v10 3/17] " Paul Moore
[not found] ` <309cfd62a474a7e93be6a0886a3d5aa8.paul@paul-moore.com>
2023-07-14 20:28 ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 04/17] ipe: add LSM hooks on execution and kernel read Fan Wu
2023-07-08 5:36 ` [PATCH RFC v10 4/17] " Paul Moore
[not found] ` <cbe877b3905033d2b8c7c92e6d0cad4e.paul@paul-moore.com>
2023-07-14 21:47 ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 05/17] ipe: introduce 'boot_verified' as a trust provider Fan Wu
2023-07-08 5:36 ` [PATCH RFC v10 5/17] " Paul Moore
[not found] ` <7b0f16fd49fb3490af1018eba986d0e4.paul@paul-moore.com>
2023-07-14 23:56 ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 06/17] security: add new securityfs delete function Fan Wu
2023-07-08 5:36 ` [PATCH RFC v10 6/17] " Paul Moore
[not found] ` <80ae988288d2ac277a4429e85524a9bb.paul@paul-moore.com>
2023-07-14 23:59 ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 07/17] ipe: add userspace interface Fan Wu
2023-07-08 5:36 ` [PATCH RFC v10 7/17] " Paul Moore
[not found] ` <fcc5de3f153eb60b5acf799c159e6ec8.paul@paul-moore.com>
2023-07-15 3:26 ` Fan Wu
2023-08-01 19:29 ` Paul Moore
2023-06-28 21:09 ` [RFC PATCH v10 08/17] uapi|audit|ipe: add ipe auditing support Fan Wu
2023-07-08 5:37 ` [PATCH RFC v10 8/17] " Paul Moore
[not found] ` <ec09144af7c7109d8b457ceccd50ba7a.paul@paul-moore.com>
2023-07-15 3:57 ` Fan Wu
2023-08-01 19:24 ` Paul Moore
2023-06-28 21:09 ` [RFC PATCH v10 09/17] ipe: add permissive toggle Fan Wu
2023-07-08 5:37 ` [PATCH RFC v10 9/17] " Paul Moore
[not found] ` <85af33c02638ebb501b40fd0f3785b12.paul@paul-moore.com>
2023-07-15 4:00 ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 10/17] block|security: add LSM blob to block_device Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 11/17] dm-verity: consume root hash digest and signature data via LSM hook Fan Wu
2023-07-07 14:53 ` Mike Snitzer
2023-07-12 3:43 ` Fan Wu
2023-07-25 20:43 ` Paul Moore
2023-08-08 22:45 ` Fan Wu
2023-08-08 23:40 ` Alasdair G Kergon
2023-08-09 18:02 ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 12/17] ipe: add support for dm-verity as a trust provider Fan Wu
2023-07-08 5:37 ` [PATCH RFC " Paul Moore
2023-06-28 21:09 ` [RFC PATCH v10 13/17] fsverity: consume builtin signature via LSM hook Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 14/17] ipe: enable support for fs-verity as a trust provider Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 15/17] scripts: add boot policy generation program Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 16/17] ipe: kunit test for parser Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 17/17] documentation: add ipe documentation Fan Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b460c0317dfbd5b4668015e104ea3e92.paul@paul-moore.com \
--to=paul@paul-moore.com \
--cc=agk@redhat.com \
--cc=audit@vger.kernel.org \
--cc=axboe@kernel.dk \
--cc=corbet@lwn.net \
--cc=deven.desai@linux.microsoft.com \
--cc=dm-devel@redhat.com \
--cc=ebiggers@kernel.org \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=snitzer@kernel.org \
--cc=tytso@mit.edu \
--cc=wufan@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox