From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: Mimi Zohar <zohar@linux.ibm.com>,
Tyler Hicks <tyhicks@linux.microsoft.com>,
Casey Schaufler <casey@schaufler-ca.com>
Cc: stephen.smalley.work@gmail.com, sashal@kernel.org,
jmorris@namei.org, linux-integrity@vger.kernel.org,
selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 0/4] LSM: Measure security module data
Date: Wed, 5 Aug 2020 10:25:41 -0700 [thread overview]
Message-ID: <9ad079ff-1bd4-1302-e6fb-25a7396ef12f@linux.microsoft.com> (raw)
In-Reply-To: <69810007161e689ac817099fb1c6df21962963e4.camel@linux.ibm.com>
On 8/5/20 10:03 AM, Mimi Zohar wrote:
> On Wed, 2020-08-05 at 10:45 -0500, Tyler Hicks wrote:
>
>> In addition to SELINUX_STATE and SELINUX_POLICY, we should also consider
>> the proposed LSM_STATE and LSM_POLICY func values but require an "lsm"
>> rule conditional.
>>
>> So the current proposed rules:
>>
>> measure func=LSM_STATE
>> measure func=LSM_POLICY
>>
>> Would become:
>>
>> measure func=LSM_STATE lsm=selinux
>> measure func=LSM_POLICY lsm=selinux
>>
>> The following rules would be rejected:
>>
>> measure func=LSM_STATE
>> measure func=LSM_POLICY
>> measure func=LSM_STATE lsm=apparmor
>> measure func=LSM_POLICY lsm=smack
>
> Kees is cleaning up the firmware code which differentiated between how
> firmware was loaded. There will be a single firmware enumeration.
>
> Similarly, the new IMA hook to measure critical state may be placed in
> multiple places. Is there really a need from a policy perspective for
> differentiating the source of the critical state being measurind? The
> data being measured should include some identifying information.
Yes Mimi - SELinux is including the identifying information in the
"event name" field. Please see a sample measurement of STATE and POLICY
for SELinux below:
10 e32e...5ac3 ima-buf sha256:86e8...4594
selinux-state-1595389364:287899386
696e697469616c697a65643d313b656e61626c65643d313b656e666f7263696e673d303b636865636b72657170726f743d313b6e6574776f726b5f706565725f636f6e74726f6c733d313b6f70656e5f7065726d733d313b657874656e6465645f736f636b65745f636c6173733d313b616c776179735f636865636b5f6e6574776f726b3d303b6367726f75705f7365636c6162656c3d313b6e6e705f6e6f737569645f7472616e736974696f6e3d313b67656e66735f7365636c6162656c5f73796d6c696e6b733d303
10 f4a7...9408 ima-ng sha256:8d1d...1834
selinux-policy-hash-1595389353:863934271
>
> I think moving away from the idea that measuring "critical" data should
> be limited to LSMs, will clarify this.
>
Are you suggesting that instead of calling the hooks LSM_STATE and
LSM_POLICY, we should keep it more generic so that it can be utilized by
any subsystem to measure their "critical data"?
I think that is a good idea.
-lakshmi
next prev parent reply other threads:[~2020-08-05 17:27 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-05 0:43 [PATCH v6 0/4] LSM: Measure security module data Lakshmi Ramasubramanian
2020-08-05 0:43 ` [PATCH v6 1/4] IMA: Add func to measure LSM state and policy Lakshmi Ramasubramanian
2020-08-05 3:25 ` Mimi Zohar
2020-08-05 12:46 ` Stephen Smalley
2020-08-05 12:56 ` Mimi Zohar
2020-08-05 13:03 ` Stephen Smalley
2020-08-05 13:19 ` Mimi Zohar
2020-08-05 14:27 ` Stephen Smalley
2020-08-05 15:07 ` Tyler Hicks
2020-08-05 15:43 ` Stephen Smalley
2020-08-05 16:45 ` John Johansen
2020-08-05 15:17 ` Mimi Zohar
2020-08-05 0:43 ` [PATCH v6 2/4] IMA: Define IMA hooks " Lakshmi Ramasubramanian
2020-08-05 0:43 ` [PATCH v6 3/4] LSM: Define SELinux function to measure " Lakshmi Ramasubramanian
2020-08-05 0:43 ` [PATCH v6 4/4] IMA: Handle early boot data measurement Lakshmi Ramasubramanian
2020-08-05 1:04 ` [PATCH v6 0/4] LSM: Measure security module data Casey Schaufler
2020-08-05 1:14 ` Lakshmi Ramasubramanian
2020-08-05 15:36 ` Casey Schaufler
2020-08-05 15:45 ` Tyler Hicks
2020-08-05 16:07 ` Lakshmi Ramasubramanian
2020-08-05 16:14 ` Tyler Hicks
2020-08-05 16:21 ` Lakshmi Ramasubramanian
2020-08-05 16:32 ` Tyler Hicks
2020-08-05 17:31 ` Casey Schaufler
2020-08-05 17:03 ` Mimi Zohar
2020-08-05 17:25 ` Lakshmi Ramasubramanian [this message]
2020-08-05 17:57 ` Casey Schaufler
2020-08-05 18:08 ` Lakshmi Ramasubramanian
2020-08-05 18:25 ` Casey Schaufler
2020-08-12 20:37 ` Lakshmi Ramasubramanian
2020-08-05 12:37 ` Mimi Zohar
2020-08-05 12:00 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9ad079ff-1bd4-1302-e6fb-25a7396ef12f@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=tyhicks@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.