From: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Christoph Hellwig <hch@lst.de>, Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org,
linux-ima-devel <linux-ima-devel@lists.sourceforge.net>,
linux-security-module <linux-security-module@vger.kernel.org>
Subject: Re: [Linux-ima-devel] [PATCH v4 4/5] ima: define "fs_unsafe" builtin policy
Date: Tue, 22 Aug 2017 12:36:54 +0300 [thread overview]
Message-ID: <CACE9dm86O8TCHG19k5rw9W-SmfLmvRJCZ0VPwqRrFZNx9CTX+g@mail.gmail.com> (raw)
In-Reply-To: <1501075375-29469-5-git-send-email-zohar@linux.vnet.ibm.com>
Looks good to me.
On Wed, Jul 26, 2017 at 4:22 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> Permit normally denied access/execute permission for files in policy
> on IMA unsupported filesystems. This patch defines "fs_unsafe", a
> builtin policy.
>
> Mimi Zohar <zohar@linux.vnet.ibm.com>
>
> ---
> Changelog v3:
> - include dont_failsafe rule when displaying policy
>
> Documentation/admin-guide/kernel-parameters.txt | 8 +++++++-
> security/integrity/ima/ima_policy.c | 12 ++++++++++++
> 2 files changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index d9c171ce4190..4e303be83df6 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -1502,7 +1502,7 @@
>
> ima_policy= [IMA]
> The builtin policies to load during IMA setup.
> - Format: "tcb | appraise_tcb | secure_boot"
> + Format: "tcb | appraise_tcb | secure_boot | fs_unsafe"
>
> The "tcb" policy measures all programs exec'd, files
> mmap'd for exec, and all files opened with the read
> @@ -1517,6 +1517,12 @@
> of files (eg. kexec kernel image, kernel modules,
> firmware, policy, etc) based on file signatures.
>
> + The "fs_unsafe" policy permits normally denied
> + access/execute permission for files in policy on IMA
> + unsupported filesystems. Note this option, as the
> + name implies, is not safe and not recommended for
> + any environments other than testing.
> +
> ima_tcb [IMA] Deprecated. Use ima_policy= instead.
> Load a policy which meets the needs of the Trusted
> Computing Base. This means IMA will measure all
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 43b85a4fb8e8..cddd9dfb01e1 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -169,6 +169,10 @@ static struct ima_rule_entry secure_boot_rules[] __ro_after_init = {
> .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
> };
>
> +static struct ima_rule_entry dont_failsafe_rules[] __ro_after_init = {
> + {.action = DONT_FAILSAFE}
> +};
> +
> static LIST_HEAD(ima_default_rules);
> static LIST_HEAD(ima_policy_rules);
> static LIST_HEAD(ima_temp_rules);
> @@ -188,6 +192,7 @@ __setup("ima_tcb", default_measure_policy_setup);
>
> static bool ima_use_appraise_tcb __initdata;
> static bool ima_use_secure_boot __initdata;
> +static bool ima_use_dont_failsafe __initdata;
> static int __init policy_setup(char *str)
> {
> char *p;
> @@ -201,6 +206,10 @@ static int __init policy_setup(char *str)
> ima_use_appraise_tcb = 1;
> else if (strcmp(p, "secure_boot") == 0)
> ima_use_secure_boot = 1;
> + else if (strcmp(p, "fs_unsafe") == 0) {
> + ima_use_dont_failsafe = 1;
> + set_failsafe(0);
> + }
> }
>
> return 1;
> @@ -470,6 +479,9 @@ void __init ima_init_policy(void)
> temp_ima_appraise |= IMA_APPRAISE_POLICY;
> }
>
> + if (ima_use_dont_failsafe)
> + list_add_tail(&dont_failsafe_rules[0].list, &ima_default_rules);
> +
> ima_rules = &ima_default_rules;
> ima_update_policy_flag();
> }
> --
> 2.7.4
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Linux-ima-devel mailing list
> Linux-ima-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-ima-devel
--
Thanks,
Dmitry
WARNING: multiple messages have this Message-ID (diff)
From: dmitry.kasatkin@gmail.com (Dmitry Kasatkin)
To: linux-security-module@vger.kernel.org
Subject: [Linux-ima-devel] [PATCH v4 4/5] ima: define "fs_unsafe" builtin policy
Date: Tue, 22 Aug 2017 12:36:54 +0300 [thread overview]
Message-ID: <CACE9dm86O8TCHG19k5rw9W-SmfLmvRJCZ0VPwqRrFZNx9CTX+g@mail.gmail.com> (raw)
In-Reply-To: <1501075375-29469-5-git-send-email-zohar@linux.vnet.ibm.com>
Looks good to me.
On Wed, Jul 26, 2017 at 4:22 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> Permit normally denied access/execute permission for files in policy
> on IMA unsupported filesystems. This patch defines "fs_unsafe", a
> builtin policy.
>
> Mimi Zohar <zohar@linux.vnet.ibm.com>
>
> ---
> Changelog v3:
> - include dont_failsafe rule when displaying policy
>
> Documentation/admin-guide/kernel-parameters.txt | 8 +++++++-
> security/integrity/ima/ima_policy.c | 12 ++++++++++++
> 2 files changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index d9c171ce4190..4e303be83df6 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -1502,7 +1502,7 @@
>
> ima_policy= [IMA]
> The builtin policies to load during IMA setup.
> - Format: "tcb | appraise_tcb | secure_boot"
> + Format: "tcb | appraise_tcb | secure_boot | fs_unsafe"
>
> The "tcb" policy measures all programs exec'd, files
> mmap'd for exec, and all files opened with the read
> @@ -1517,6 +1517,12 @@
> of files (eg. kexec kernel image, kernel modules,
> firmware, policy, etc) based on file signatures.
>
> + The "fs_unsafe" policy permits normally denied
> + access/execute permission for files in policy on IMA
> + unsupported filesystems. Note this option, as the
> + name implies, is not safe and not recommended for
> + any environments other than testing.
> +
> ima_tcb [IMA] Deprecated. Use ima_policy= instead.
> Load a policy which meets the needs of the Trusted
> Computing Base. This means IMA will measure all
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 43b85a4fb8e8..cddd9dfb01e1 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -169,6 +169,10 @@ static struct ima_rule_entry secure_boot_rules[] __ro_after_init = {
> .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
> };
>
> +static struct ima_rule_entry dont_failsafe_rules[] __ro_after_init = {
> + {.action = DONT_FAILSAFE}
> +};
> +
> static LIST_HEAD(ima_default_rules);
> static LIST_HEAD(ima_policy_rules);
> static LIST_HEAD(ima_temp_rules);
> @@ -188,6 +192,7 @@ __setup("ima_tcb", default_measure_policy_setup);
>
> static bool ima_use_appraise_tcb __initdata;
> static bool ima_use_secure_boot __initdata;
> +static bool ima_use_dont_failsafe __initdata;
> static int __init policy_setup(char *str)
> {
> char *p;
> @@ -201,6 +206,10 @@ static int __init policy_setup(char *str)
> ima_use_appraise_tcb = 1;
> else if (strcmp(p, "secure_boot") == 0)
> ima_use_secure_boot = 1;
> + else if (strcmp(p, "fs_unsafe") == 0) {
> + ima_use_dont_failsafe = 1;
> + set_failsafe(0);
> + }
> }
>
> return 1;
> @@ -470,6 +479,9 @@ void __init ima_init_policy(void)
> temp_ima_appraise |= IMA_APPRAISE_POLICY;
> }
>
> + if (ima_use_dont_failsafe)
> + list_add_tail(&dont_failsafe_rules[0].list, &ima_default_rules);
> +
> ima_rules = &ima_default_rules;
> ima_update_policy_flag();
> }
> --
> 2.7.4
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Linux-ima-devel mailing list
> Linux-ima-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-ima-devel
--
Thanks,
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-08-22 9:36 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-26 13:22 [PATCH v4 0/5] define new fs integrity_read method Mimi Zohar
2017-07-26 13:22 ` Mimi Zohar
2017-07-26 13:22 ` [PATCH v4 1/5] ima: always measure and audit files in policy Mimi Zohar
2017-07-26 13:22 ` Mimi Zohar
2017-08-22 9:24 ` [Linux-ima-devel] " Dmitry Kasatkin
2017-08-22 9:24 ` Dmitry Kasatkin
2017-07-26 13:22 ` [PATCH v4 2/5] ima: use fs method to read integrity data Mimi Zohar
2017-07-26 13:22 ` Mimi Zohar
2017-07-31 7:01 ` Jan Kara
2017-07-31 7:01 ` Jan Kara
2017-07-31 19:08 ` Mimi Zohar
2017-07-31 19:08 ` Mimi Zohar
2017-08-01 10:42 ` Jan Kara
2017-08-01 10:42 ` Jan Kara
2017-08-01 15:38 ` Mimi Zohar
2017-08-01 15:38 ` Mimi Zohar
2017-08-01 20:24 ` [PATCH v4 2/5] ima: use fs method to read integrity data [updated] Mimi Zohar
2017-08-01 20:24 ` Mimi Zohar
2017-08-02 8:01 ` Jan Kara
2017-08-02 8:01 ` Jan Kara
2017-08-02 17:11 ` Mimi Zohar
2017-08-02 17:11 ` Mimi Zohar
2017-08-03 10:56 ` Jan Kara
2017-08-03 10:56 ` Jan Kara
2017-08-04 21:07 ` Mimi Zohar
2017-08-04 21:07 ` Mimi Zohar
2017-08-07 10:04 ` Jan Kara
2017-08-07 10:04 ` Jan Kara
2017-08-07 20:12 ` Mimi Zohar
2017-08-07 20:12 ` Mimi Zohar
2017-08-08 11:17 ` Jan Kara
2017-08-08 11:17 ` Jan Kara
2017-08-22 9:59 ` [PATCH v4 2/5] ima: use fs method to read integrity data Dmitry Kasatkin
2017-08-22 9:59 ` Dmitry Kasatkin
2017-07-26 13:22 ` [PATCH v4 3/5] ima: define "dont_failsafe" policy action rule Mimi Zohar
2017-07-26 13:22 ` Mimi Zohar
2017-08-22 9:34 ` [Linux-ima-devel] " Dmitry Kasatkin
2017-08-22 9:34 ` Dmitry Kasatkin
2017-08-22 9:39 ` Dmitry Kasatkin
2017-08-22 9:39 ` Dmitry Kasatkin
2017-07-26 13:22 ` [PATCH v4 4/5] ima: define "fs_unsafe" builtin policy Mimi Zohar
2017-07-26 13:22 ` Mimi Zohar
2017-08-22 9:36 ` Dmitry Kasatkin [this message]
2017-08-22 9:36 ` [Linux-ima-devel] " Dmitry Kasatkin
2017-07-26 13:22 ` [PATCH v4 5/5] ima: remove permit_directio policy option Mimi Zohar
2017-07-26 13:22 ` Mimi Zohar
2017-08-22 9:27 ` [Linux-ima-devel] " Dmitry Kasatkin
2017-08-22 9:27 ` Dmitry Kasatkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACE9dm86O8TCHG19k5rw9W-SmfLmvRJCZ0VPwqRrFZNx9CTX+g@mail.gmail.com \
--to=dmitry.kasatkin@gmail.com \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-security-module@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.