From: Mimi Zohar <zohar@linux.ibm.com>
To: "Theodore Y. Ts'o" <tytso@mit.edu>,
Janne Karhunen <janne.karhunen@gmail.com>
Cc: Chuck Lever <chuck.lever@oracle.com>, linux-integrity@vger.kernel.org
Subject: Re: IMA on remote file systems
Date: Tue, 17 Sep 2019 10:18:30 -0400 [thread overview]
Message-ID: <1568729910.4975.200.camel@linux.ibm.com> (raw)
In-Reply-To: <20190917124533.GD6762@mit.edu>
On Tue, 2019-09-17 at 08:45 -0400, Theodore Y. Ts'o wrote:
> On Tue, Sep 17, 2019 at 09:30:31AM +0300, Janne Karhunen wrote:
> > Could the fs-verity be plugged in as a measurement mechanism in the
> > IMA? So rather than calling a hash function, call verity to measure
> > and add new set of IMA hooks to report violations that arise after
> > execution? IMA policy logic and functionality would be pretty much
> > unchanged.
>
> That is the plan, and it's not hard to do. The question which I've
> raised is when should we do it, given that some people believe that
> pulling the entire file into memory and checksumming it at exec or
> open time is a feature, not a bug.
>
> Should we use the fs-verity merkel tree root hash as the measurement
> function unconditionally if it is present? Or does IMA want to have
> some kind of tuning knob; and if so, should it be on a per-file system
> basis, or globally, etc. etc. Those are IMA design questions, and
> I'll let the IMA folks decide what they want to do.
IMA doesn't hard code policy in the kernel, but is based on a single,
centralized policy, which contains measurement, appraisal, and audit
rules. Just as the new IMA appended signature support (kernel module
signature format)[1] contains a new "appraise_type=imasig|modsig"
option, there would be a similar option for fs-verity.
Mimi
[1] Included in the v5.4 pull request.
next prev parent reply other threads:[~2019-09-17 14:18 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-28 17:36 IMA on remote file systems Chuck Lever
2019-09-13 14:50 ` Chuck Lever
2019-09-15 21:42 ` Mimi Zohar
2019-09-16 16:10 ` Theodore Y. Ts'o
2019-09-16 18:16 ` Chuck Lever
2019-09-16 13:16 ` Janne Karhunen
2019-09-16 14:47 ` Chuck Lever
2019-09-17 6:30 ` Janne Karhunen
2019-09-17 12:45 ` Theodore Y. Ts'o
2019-09-17 14:18 ` Mimi Zohar [this message]
2019-09-17 14:56 ` James Bottomley
2019-09-18 5:27 ` Janne Karhunen
2019-09-18 12:50 ` Theodore Y. Ts'o
2019-09-18 15:52 ` James Bottomley
2019-09-19 6:47 ` Janne Karhunen
2019-09-18 12:37 ` Theodore Y. Ts'o
2019-09-18 14:40 ` Mimi Zohar
2019-09-18 15:49 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1568729910.4975.200.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=chuck.lever@oracle.com \
--cc=janne.karhunen@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.