From: david safford <safford@watson.ibm.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
James Morris <jmorris@namei.org>,
Al Viro <viro@ZenIV.linux.org.uk>,
Serge Hallyn <serue@linux.vnet.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH 2/6] integrity: Linux Integrity Module(LIM)
Date: Thu, 04 Dec 2008 15:53:34 -0500 [thread overview]
Message-ID: <1228424014.3014.58.camel@localhost.localdomain> (raw)
In-Reply-To: <20081204130949.GA18196@infradead.org>
On Thu, 2008-12-04 at 08:09 -0500, Christoph Hellwig wrote:
>
> In integrity.h there are two operation vectors defines:
In the past, the integrity hooks were discussed with the
LSM/security community, and others expressed interest in using
them, and we were trying to accommodate their requests. On the
other hand, we have separately asked them to chime in here to
defend these hooks, and have heard nothing. As everyone has
pointed out, if no one uses them, they are bloat, and if
someone else wants them in the future, they can easily be
added back. In a little more detail:
> - struct integrity_operations delcares the operations called from the
> VFS. This one is actually used. While I don't agree to Dave's
> argument, because we don't put bloat in just because people might
> eventually some day use it when they are in the right mood and the
> sun shines, thisn't isn't the one I'm talking about in this thread.
These hooks were for alternate integrity modules, and since
no one else has defended them, we have to agree that they
should be replaced with direct calls.
> - struct template_operations on the others is not only really badly
> named for appearing in a global header but also not used in a
> meaningfull way. There is one single instace of it,
> ima_template_ops, and while there are five helpers added in the
> second patch that use it (integrity_collect_measurement,
> integrity_appraise_measurement, integrity_store_measurement,
> integrity_store_template, integrity_must_measure) none of them
> is used at all during the patch series. There are two direct
> uses of these template added in the third path, to implement the
> show operations for the "binary_runtime_measurements" and
> "ascii_runtime_measurements" files ins securityfs, but given that
> those are inside ima there no reason for the indirection at all.
These hooks were for potential use by LSM modules to inquire about the
integrity of files, and for other modules to be able to anchor data
in the TPM list. Again, since no one has chimed in to defend the
hooks, we have no problem removing them.
Sorry about arguing too long on this, and thanks for all the reviews...
dave
next prev parent reply other threads:[~2008-12-04 20:54 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-02 21:47 [PATCH 0/6] integrity Mimi Zohar
2008-12-02 21:47 ` [PATCH 1/6] integrity: TPM internel kernel interface Mimi Zohar
2008-12-02 22:19 ` Dave Hansen
2008-12-04 20:21 ` Rajiv Andrade
2008-12-04 22:31 ` Rajiv Andrade
2008-12-02 22:59 ` Jeff Garzik
2008-12-03 17:22 ` Serge E. Hallyn
2008-12-02 21:47 ` [PATCH 2/6] integrity: Linux Integrity Module(LIM) Mimi Zohar
2008-12-02 22:43 ` Dave Hansen
2008-12-03 18:15 ` Mimi Zohar
2008-12-03 18:25 ` Dave Hansen
2008-12-03 12:30 ` Christoph Hellwig
2008-12-03 18:18 ` Mimi Zohar
2008-12-03 18:23 ` Christoph Hellwig
2008-12-03 22:17 ` Mimi Zohar
2008-12-04 13:09 ` Christoph Hellwig
2008-12-04 19:24 ` Serge E. Hallyn
2008-12-04 20:53 ` david safford [this message]
2008-12-05 1:42 ` James Morris
2008-12-05 12:56 ` david safford
2008-12-05 15:23 ` Serge E. Hallyn
2008-12-05 17:14 ` david safford
2008-12-02 21:47 ` [PATCH 3/6] integrity: IMA as an integrity service provider Mimi Zohar
2008-12-02 23:35 ` Dave Hansen
2008-12-03 13:03 ` Christoph Hellwig
2008-12-03 16:55 ` Dave Hansen
2008-12-03 17:08 ` Christoph Hellwig
2008-12-03 18:24 ` Mimi Zohar
2008-12-03 18:50 ` Dave Hansen
2008-12-04 18:26 ` Mimi Zohar
2008-12-03 18:17 ` Mimi Zohar
2008-12-03 18:31 ` Dave Hansen
2008-12-05 22:33 ` Al Viro
2008-12-03 19:01 ` Len Brown
2008-12-04 15:57 ` Mimi Zohar
2008-12-03 21:10 ` Dave Hansen
2008-12-02 21:47 ` [PATCH 4/6] integrity: IMA display Mimi Zohar
2008-12-02 21:47 ` [PATCH 5/6] integrity: IMA policy Mimi Zohar
2008-12-02 21:48 ` [PATCH 6/6] integrity: replace task uid with cred uid Mimi Zohar
-- strict thread matches above, loose matches on Subject: below --
2008-12-03 20:13 [PATCH 2/6] integrity: Linux Integrity Module(LIM) Serge E. Hallyn
2008-12-03 20:25 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1228424014.3014.58.camel@localhost.localdomain \
--to=safford@watson.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=hch@infradead.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@linux.vnet.ibm.com \
--cc=viro@ZenIV.linux.org.uk \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox