From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC350C433E4 for ; Sun, 2 Aug 2020 14:03:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CB70920738 for ; Sun, 2 Aug 2020 14:03:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596376984; bh=MfDHqqMit+hSKntxVK7N8UOl+i+Xf4TOcn3dkPfEHKU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=2lCLHSCIXTezPbP4dpWc1WU0DdRn4pfdpCz1TAjLy0Ema0eGuD9KfloIRutlCwSKy WAuyvF5sFFjExOX+Bt1f1GsxgF1+b/5DuWSsTCNd2CuPaDpf0QwoAXcWKCpquiejFw O6rKPB5TAvL1iTuO8zUybtoJ8RXHrBeVRbGgA7eE= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725907AbgHBODC (ORCPT ); Sun, 2 Aug 2020 10:03:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:33006 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725290AbgHBODC (ORCPT ); Sun, 2 Aug 2020 10:03:02 -0400 Received: from localhost (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9C47E206DA; Sun, 2 Aug 2020 14:03:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596376981; bh=MfDHqqMit+hSKntxVK7N8UOl+i+Xf4TOcn3dkPfEHKU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=KCCoZzei4YlvGLCmLc3F1NM+BrofKE3kQF8HLCrDkY2lDxQxTw63qkeOGAHmCRD76 GVUrM5QtLJnVKiPvc7hYGcIT3AdB0B0ALUf7lporEw3MmHSSbo4UmpFVUge1Ch2cLu O6MjbhBEky6VmkG385W9qB/PYFp2LofpLD5oHFF0= Date: Sun, 2 Aug 2020 10:03:00 -0400 From: Sasha Levin To: Pavel Machek Cc: Deven Bowers , agk@redhat.com, axboe@kernel.dk, snitzer@redhat.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, viro@zeniv.linux.org.uk, paul@paul-moore.com, eparis@redhat.com, jannh@google.com, dm-devel@redhat.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-audit@redhat.com, tyhicks@linux.microsoft.com, linux-kernel@vger.kernel.org, corbet@lwn.net, jaskarankhurana@linux.microsoft.com, mdsakib@microsoft.com, nramas@linux.microsoft.com, pasha.tatashin@soleen.com Subject: Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE) Message-ID: <20200802140300.GA2975990@sasha-vm> References: <20200728213614.586312-1-deven.desai@linux.microsoft.com> <20200802115545.GA1162@bug> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20200802115545.GA1162@bug> Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org On Sun, Aug 02, 2020 at 01:55:45PM +0200, Pavel Machek wrote: >Hi! > >> IPE is a Linux Security Module which allows for a configurable >> policy to enforce integrity requirements on the whole system. It >> attempts to solve the issue of Code Integrity: that any code being >> executed (or files being read), are identical to the version that >> was built by a trusted source. > >How is that different from security/integrity/ima? Maybe if you would have read the cover letter all the way down to the 5th paragraph which explains how IPE is different from IMA we could avoided this mail exchange... -- Thanks, Sasha From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC732C433DF for ; Sun, 2 Aug 2020 18:42:04 +0000 (UTC) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 743932075B for ; Sun, 2 Aug 2020 18:42:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 743932075B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-250-ODtWyndTN_aLu06CBUzRow-1; Sun, 02 Aug 2020 14:42:01 -0400 X-MC-Unique: ODtWyndTN_aLu06CBUzRow-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4560A8064AB; Sun, 2 Aug 2020 18:41:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 30C1A60C05; Sun, 2 Aug 2020 18:41:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 121DA1800C9A; Sun, 2 Aug 2020 18:41:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 072EAPOc009199 for ; Sun, 2 Aug 2020 10:10:26 -0400 Received: by smtp.corp.redhat.com (Postfix) id B806D2166BA3; Sun, 2 Aug 2020 14:10:25 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B32C02166BA2 for ; Sun, 2 Aug 2020 14:10:23 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4C69686C601 for ; Sun, 2 Aug 2020 14:10:23 +0000 (UTC) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-452-Z3AyKDNHP7-fuFzJ0iZoNw-1; Sun, 02 Aug 2020 10:10:19 -0400 X-MC-Unique: Z3AyKDNHP7-fuFzJ0iZoNw-1 Received: from localhost (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9C47E206DA; Sun, 2 Aug 2020 14:03:01 +0000 (UTC) Date: Sun, 2 Aug 2020 10:03:00 -0400 From: Sasha Levin To: Pavel Machek Subject: Re: [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE) Message-ID: <20200802140300.GA2975990@sasha-vm> References: <20200728213614.586312-1-deven.desai@linux.microsoft.com> <20200802115545.GA1162@bug> MIME-Version: 1.0 In-Reply-To: <20200802115545.GA1162@bug> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false; X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Sun, 02 Aug 2020 14:41:38 -0400 Cc: snitzer@redhat.com, Deven Bowers , zohar@linux.ibm.com, dm-devel@redhat.com, tyhicks@linux.microsoft.com, agk@redhat.com, mdsakib@microsoft.com, jmorris@namei.org, nramas@linux.microsoft.com, serge@hallyn.com, pasha.tatashin@soleen.com, jannh@google.com, linux-block@vger.kernel.org, viro@zeniv.linux.org.uk, axboe@kernel.dk, corbet@lwn.net, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-audit@redhat.com, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, jaskarankhurana@linux.microsoft.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Content-Disposition: inline On Sun, Aug 02, 2020 at 01:55:45PM +0200, Pavel Machek wrote: >Hi! > >> IPE is a Linux Security Module which allows for a configurable >> policy to enforce integrity requirements on the whole system. It >> attempts to solve the issue of Code Integrity: that any code being >> executed (or files being read), are identical to the version that >> was built by a trusted source. > >How is that different from security/integrity/ima? Maybe if you would have read the cover letter all the way down to the 5th paragraph which explains how IPE is different from IMA we could avoided this mail exchange... -- Thanks, Sasha -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit