From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759510Ab3BMN31 (ORCPT ); Wed, 13 Feb 2013 08:29:27 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41924 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759301Ab3BMN3Y (ORCPT ); Wed, 13 Feb 2013 08:29:24 -0500 Date: Wed, 13 Feb 2013 08:29:21 -0500 From: Vivek Goyal To: "Kasatkin, Dmitry" Cc: Mimi Zohar , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/2] ima: Support appraise_type=imasig_optional Message-ID: <20130213132920.GA3540@redhat.com> References: <1360613493-11969-1-git-send-email-vgoyal@redhat.com> <1360613493-11969-3-git-send-email-vgoyal@redhat.com> <1360620614.3524.223.camel@falcor1.watson.ibm.com> <20130212142636.GA23410@redhat.com> <1360689247.3524.275.camel@falcor1.watson.ibm.com> <20130212185203.GA29958@redhat.com> <20130212185725.GC23410@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 13, 2013 at 02:14:55PM +0200, Kasatkin, Dmitry wrote: > Hello Vivek, > > Can you please send to us how your IMA policy looks like. Hi Dmitry, For testing purposes, I am using following. appraise fowner=0 func=BPRM_CHECK appraise_type=imasig_optional I set this using /sys/kernel/security/policy interface after boot. Thanks Vivek > > Thanks, > Dmitry > > On Tue, Feb 12, 2013 at 8:57 PM, Vivek Goyal wrote: > > On Tue, Feb 12, 2013 at 01:52:03PM -0500, Vivek Goyal wrote: > >> On Tue, Feb 12, 2013 at 12:14:07PM -0500, Mimi Zohar wrote: > >> > >> [..] > >> > > > > --- a/security/integrity/ima/ima_appraise.c > >> > > > > +++ b/security/integrity/ima/ima_appraise.c > >> > > > > @@ -124,19 +124,26 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, > >> > > > > enum integrity_status status = INTEGRITY_UNKNOWN; > >> > > > > const char *op = "appraise_data"; > >> > > > > char *cause = "unknown"; > >> > > > > - int rc; > >> > > > > + int rc, audit_info = 0; > >> > > > > > >> > > > > if (!ima_appraise) > >> > > > > return 0; > >> > > > > - if (!inode->i_op->getxattr) > >> > > > > + if (!inode->i_op->getxattr) { > >> > > > > + /* getxattr not supported. file couldn't have been signed */ > >> > > > > + if (iint->flags & IMA_DIGSIG_OPTIONAL) > >> > > > > + return INTEGRITY_PASS; > >> > > > > return INTEGRITY_UNKNOWN; > >> > > > > + } > >> > > > > > >> > > > > >> > > > Please don't change the result of the appraisal like this. A single > >> > > > change can be made towards the bottom of process_measurement(). > >> > > > >> > > I don't want to pass integrity in all cases of INTEGRITY_UNKNOWN. So > >> > > I can probably maintain a bool variable, say pass_appraisal, and set > >> > > that here and at the end of function, parse that variable and change > >> > > the status accordingly. > >> > > >> > process_measurement() is the only caller of ima_appraise_measurement(). > >> > Leave the results of ima_appraise_measurement() alone. There's already > >> > code at the end of process_measurement() which decides what to return. > >> > Just modify it based on the appraisal results. > >> > > > > If we do this, audit logs will be filled with integrity unknown failures. > > As each unsigned executable file will fail appraisal with INTEGRITY_UNKNOWN > > and an audit message will be logged. > > > > Thanks > > Vivek > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html