From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752378AbcC3UYX (ORCPT <rfc822;w@1wt.eu>);
	Wed, 30 Mar 2016 16:24:23 -0400
Received: from e28smtp04.in.ibm.com ([125.16.236.4]:51009 "EHLO
	e28smtp04.in.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750804AbcC3UYW (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 30 Mar 2016 16:24:22 -0400
X-IBM-Helo: d28relay02.in.ibm.com
X-IBM-MailFrom: zohar@linux.vnet.ibm.com
X-IBM-RcptTo: linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org
Message-ID: <1459369441.2657.3.camel@linux.vnet.ibm.com>
Subject: Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>, James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Kalle Valo <kvalo@codeaurora.org>,
        Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
        Joe Perches <joe@perches.com>, Guenter Roeck <linux@roeck-us.net>,
        Jiri Slaby <jslaby@suse.com>, Paul Moore <pmoore@redhat.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Andreas Gruenbacher <agruenba@redhat.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        Ulf Hansson <ulf.hansson@linaro.org>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Date: Wed, 30 Mar 2016 16:24:01 -0400
In-Reply-To: <20160328143833.911097dc39990ebe7a40b23d@linux-foundation.org>
References: <1459199662-16558-1-git-send-email-keescook@chromium.org>
	 <1459199662-16558-6-git-send-email-keescook@chromium.org>
	 <20160328143833.911097dc39990ebe7a40b23d@linux-foundation.org>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
x-cbid: 16033020-0013-0000-0000-00000B4C0BA6
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 2016-03-28 at 14:38 -0700, Andrew Morton wrote:
> On Mon, 28 Mar 2016 14:14:22 -0700 Kees Cook <keescook@chromium.org> wrote:
> 
> > This LSM enforces that kernel-loaded files (modules, firmware, etc)
> > must all come from the same filesystem, with the expectation that
> > such a filesystem is backed by a read-only device such as dm-verity
> > or CDROM. This allows systems that have a verified and/or unchangeable
> > filesystem to enforce module and firmware loading restrictions without
> > needing to sign the files individually.
> 
> Patchset generally looks good to me.  It's regrettable that a load of
> stuff was added to lib/ for one obscure LSM but hopefully (doubtfully)
> someone else will find a use for some of it.

I'm planning on adding support for measuring buffers, like the boot
command line, which will need to be string safe.

Mimi