From: Paul Moore <paul@paul-moore.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Kees Cook <keescook@chromium.org>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
Eric Biederman <ebiederm@xmission.com>,
kexec@lists.infradead.org, Andres Rodriguez <andresx7@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jeff Vander Stoep <jeffv@google.com>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH v4a 8/8] module: replace the existing LSM hook in init_module
Date: Fri, 1 Jun 2018 18:28:30 -0400 [thread overview]
Message-ID: <CAHC9VhSjeruk_EM3DZ0fu8aq8_qbhD9BtfhtJ0Ery8mOMu2wrw@mail.gmail.com> (raw)
In-Reply-To: <1527780226.3427.20.camel@linux.vnet.ibm.com>
On Thu, May 31, 2018 at 11:23 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> Both the init_module and finit_module syscalls call either directly
> or indirectly the security_kernel_read_file LSM hook. This patch
> replaces the direct call in init_module with a call to the new
> security_kernel_load_data hook and makes the corresponding changes
> in SELinux, LoadPin, and IMA.
>
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> Cc: Jeff Vander Stoep <jeffv@google.com>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Casey Schaufler <casey@schaufler-ca.com>
> Cc: Kees Cook <keescook@chromium.org>
>
> ---
> Changelog:
> - For SELinux, have both the security_kernel_read_file and
> security_kernel_load_data LSM hooks call selinux_kernel_read_file().
> - LoadPin: replace existing init_module LSM hook support with
> new security_kernel_load_data hook.
>
> kernel/module.c | 2 +-
> security/integrity/ima/ima_main.c | 24 ++++++++++--------------
> security/loadpin/loadpin.c | 15 +++++++++++++++
> security/selinux/hooks.c | 15 +++++++++++++++
> 4 files changed, 41 insertions(+), 15 deletions(-)
As mentioned in the previous iteration, I have no strong opinion on
the question of the LSM hooks, but the SELinux bits look okay to me.
Acked-by: Paul Moore <paul@paul-moore.com>
> diff --git a/kernel/module.c b/kernel/module.c
> index ce8066b88178..b97c642b5b4d 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2879,7 +2879,7 @@ static int copy_module_from_user(const void __user *umod, unsigned long len,
> if (info->len < sizeof(*(info->hdr)))
> return -ENOEXEC;
>
> - err = security_kernel_read_file(NULL, READING_MODULE);
> + err = security_kernel_load_data(LOADING_MODULE);
> if (err)
> return err;
>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 5a7696152982..cd33a2eff496 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -438,17 +438,6 @@ static int read_idmap[READING_MAX_ID] = {
> */
> int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
> {
> - bool sig_enforce = is_module_sig_enforced();
> -
> - if (!file && read_id == READING_MODULE) {
> - if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES) &&
> - (ima_appraise & IMA_APPRAISE_ENFORCE)) {
> - pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n");
> - return -EACCES; /* INTEGRITY_UNKNOWN */
> - }
> - return 0; /* We rely on module signature checking */
> - }
> -
> if (read_id == READING_FIRMWARE_PREALLOC_BUFFER) {
> if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
> (ima_appraise & IMA_APPRAISE_ENFORCE)) {
> @@ -487,9 +476,6 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
> return 0;
> }
>
> - if (!file && read_id == READING_MODULE) /* MODULE_SIG_FORCE enabled */
> - return 0;
> -
> /* permit signed certs */
> if (!file && read_id == READING_X509_CERTIFICATE)
> return 0;
> @@ -518,6 +504,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
> */
> int ima_load_data(enum kernel_load_data_id id)
> {
> + bool sig_enforce;
> +
> if ((ima_appraise & IMA_APPRAISE_ENFORCE) != IMA_APPRAISE_ENFORCE)
> return 0;
>
> @@ -533,6 +521,14 @@ int ima_load_data(enum kernel_load_data_id id)
> pr_err("Prevent firmware sysfs fallback loading.\n");
> return -EACCES; /* INTEGRITY_UNKNOWN */
> }
> + break;
> + case LOADING_MODULE:
> + sig_enforce = is_module_sig_enforced();
> +
> + if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES)) {
> + pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n");
> + return -EACCES; /* INTEGRITY_UNKNOWN */
> + }
> default:
> break;
> }
> diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
> index 5fa191252c8f..a9c07bfbc338 100644
> --- a/security/loadpin/loadpin.c
> +++ b/security/loadpin/loadpin.c
> @@ -173,9 +173,24 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id)
> return 0;
> }
>
> +static int loadpin_load_data(enum kernel_load_data_id id)
> +{
> + int rc = 0;
> +
> + switch (id) {
> + case LOADING_MODULE:
> + rc = loadpin_read_file(NULL, READING_MODULE);
> + default:
> + break;
> + }
> +
> + return rc;
> +}
> +
> static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
> LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security),
> LSM_HOOK_INIT(kernel_read_file, loadpin_read_file),
> + LSM_HOOK_INIT(kernel_load_data, loadpin_load_data),
> };
>
> void __init loadpin_add_hooks(void)
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 02ebd1585eaf..475aed9ee2c7 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -4059,6 +4059,20 @@ static int selinux_kernel_read_file(struct file *file,
> return rc;
> }
>
> +static int selinux_kernel_load_data(enum kernel_load_data_id id)
> +{
> + int rc = 0;
> +
> + switch (id) {
> + case LOADING_MODULE:
> + rc = selinux_kernel_module_from_file(NULL);
> + default:
> + break;
> + }
> +
> + return rc;
> +}
> +
> static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
> {
> return avc_has_perm(&selinux_state,
> @@ -6950,6 +6964,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
> LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
> LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
> LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
> + LSM_HOOK_INIT(kernel_load_data, selinux_kernel_load_data),
> LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
> LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
> LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
> --
> 2.7.5
>
--
paul moore
www.paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: paul@paul-moore.com (Paul Moore)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v4a 8/8] module: replace the existing LSM hook in init_module
Date: Fri, 1 Jun 2018 18:28:30 -0400 [thread overview]
Message-ID: <CAHC9VhSjeruk_EM3DZ0fu8aq8_qbhD9BtfhtJ0Ery8mOMu2wrw@mail.gmail.com> (raw)
In-Reply-To: <1527780226.3427.20.camel@linux.vnet.ibm.com>
On Thu, May 31, 2018 at 11:23 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> Both the init_module and finit_module syscalls call either directly
> or indirectly the security_kernel_read_file LSM hook. This patch
> replaces the direct call in init_module with a call to the new
> security_kernel_load_data hook and makes the corresponding changes
> in SELinux, LoadPin, and IMA.
>
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> Cc: Jeff Vander Stoep <jeffv@google.com>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Casey Schaufler <casey@schaufler-ca.com>
> Cc: Kees Cook <keescook@chromium.org>
>
> ---
> Changelog:
> - For SELinux, have both the security_kernel_read_file and
> security_kernel_load_data LSM hooks call selinux_kernel_read_file().
> - LoadPin: replace existing init_module LSM hook support with
> new security_kernel_load_data hook.
>
> kernel/module.c | 2 +-
> security/integrity/ima/ima_main.c | 24 ++++++++++--------------
> security/loadpin/loadpin.c | 15 +++++++++++++++
> security/selinux/hooks.c | 15 +++++++++++++++
> 4 files changed, 41 insertions(+), 15 deletions(-)
As mentioned in the previous iteration, I have no strong opinion on
the question of the LSM hooks, but the SELinux bits look okay to me.
Acked-by: Paul Moore <paul@paul-moore.com>
> diff --git a/kernel/module.c b/kernel/module.c
> index ce8066b88178..b97c642b5b4d 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2879,7 +2879,7 @@ static int copy_module_from_user(const void __user *umod, unsigned long len,
> if (info->len < sizeof(*(info->hdr)))
> return -ENOEXEC;
>
> - err = security_kernel_read_file(NULL, READING_MODULE);
> + err = security_kernel_load_data(LOADING_MODULE);
> if (err)
> return err;
>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 5a7696152982..cd33a2eff496 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -438,17 +438,6 @@ static int read_idmap[READING_MAX_ID] = {
> */
> int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
> {
> - bool sig_enforce = is_module_sig_enforced();
> -
> - if (!file && read_id == READING_MODULE) {
> - if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES) &&
> - (ima_appraise & IMA_APPRAISE_ENFORCE)) {
> - pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n");
> - return -EACCES; /* INTEGRITY_UNKNOWN */
> - }
> - return 0; /* We rely on module signature checking */
> - }
> -
> if (read_id == READING_FIRMWARE_PREALLOC_BUFFER) {
> if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
> (ima_appraise & IMA_APPRAISE_ENFORCE)) {
> @@ -487,9 +476,6 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
> return 0;
> }
>
> - if (!file && read_id == READING_MODULE) /* MODULE_SIG_FORCE enabled */
> - return 0;
> -
> /* permit signed certs */
> if (!file && read_id == READING_X509_CERTIFICATE)
> return 0;
> @@ -518,6 +504,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
> */
> int ima_load_data(enum kernel_load_data_id id)
> {
> + bool sig_enforce;
> +
> if ((ima_appraise & IMA_APPRAISE_ENFORCE) != IMA_APPRAISE_ENFORCE)
> return 0;
>
> @@ -533,6 +521,14 @@ int ima_load_data(enum kernel_load_data_id id)
> pr_err("Prevent firmware sysfs fallback loading.\n");
> return -EACCES; /* INTEGRITY_UNKNOWN */
> }
> + break;
> + case LOADING_MODULE:
> + sig_enforce = is_module_sig_enforced();
> +
> + if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES)) {
> + pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n");
> + return -EACCES; /* INTEGRITY_UNKNOWN */
> + }
> default:
> break;
> }
> diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
> index 5fa191252c8f..a9c07bfbc338 100644
> --- a/security/loadpin/loadpin.c
> +++ b/security/loadpin/loadpin.c
> @@ -173,9 +173,24 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id)
> return 0;
> }
>
> +static int loadpin_load_data(enum kernel_load_data_id id)
> +{
> + int rc = 0;
> +
> + switch (id) {
> + case LOADING_MODULE:
> + rc = loadpin_read_file(NULL, READING_MODULE);
> + default:
> + break;
> + }
> +
> + return rc;
> +}
> +
> static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
> LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security),
> LSM_HOOK_INIT(kernel_read_file, loadpin_read_file),
> + LSM_HOOK_INIT(kernel_load_data, loadpin_load_data),
> };
>
> void __init loadpin_add_hooks(void)
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 02ebd1585eaf..475aed9ee2c7 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -4059,6 +4059,20 @@ static int selinux_kernel_read_file(struct file *file,
> return rc;
> }
>
> +static int selinux_kernel_load_data(enum kernel_load_data_id id)
> +{
> + int rc = 0;
> +
> + switch (id) {
> + case LOADING_MODULE:
> + rc = selinux_kernel_module_from_file(NULL);
> + default:
> + break;
> + }
> +
> + return rc;
> +}
> +
> static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
> {
> return avc_has_perm(&selinux_state,
> @@ -6950,6 +6964,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
> LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
> LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
> LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
> + LSM_HOOK_INIT(kernel_load_data, selinux_kernel_load_data),
> LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
> LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
> LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
> --
> 2.7.5
>
--
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul@paul-moore.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Kees Cook <keescook@chromium.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
kexec@lists.infradead.org,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
linux-security-module@vger.kernel.org,
Eric Biederman <ebiederm@xmission.com>,
Jeff Vander Stoep <jeffv@google.com>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-integrity@vger.kernel.org,
Andres Rodriguez <andresx7@gmail.com>
Subject: Re: [PATCH v4a 8/8] module: replace the existing LSM hook in init_module
Date: Fri, 1 Jun 2018 18:28:30 -0400 [thread overview]
Message-ID: <CAHC9VhSjeruk_EM3DZ0fu8aq8_qbhD9BtfhtJ0Ery8mOMu2wrw@mail.gmail.com> (raw)
In-Reply-To: <1527780226.3427.20.camel@linux.vnet.ibm.com>
On Thu, May 31, 2018 at 11:23 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> Both the init_module and finit_module syscalls call either directly
> or indirectly the security_kernel_read_file LSM hook. This patch
> replaces the direct call in init_module with a call to the new
> security_kernel_load_data hook and makes the corresponding changes
> in SELinux, LoadPin, and IMA.
>
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> Cc: Jeff Vander Stoep <jeffv@google.com>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Casey Schaufler <casey@schaufler-ca.com>
> Cc: Kees Cook <keescook@chromium.org>
>
> ---
> Changelog:
> - For SELinux, have both the security_kernel_read_file and
> security_kernel_load_data LSM hooks call selinux_kernel_read_file().
> - LoadPin: replace existing init_module LSM hook support with
> new security_kernel_load_data hook.
>
> kernel/module.c | 2 +-
> security/integrity/ima/ima_main.c | 24 ++++++++++--------------
> security/loadpin/loadpin.c | 15 +++++++++++++++
> security/selinux/hooks.c | 15 +++++++++++++++
> 4 files changed, 41 insertions(+), 15 deletions(-)
As mentioned in the previous iteration, I have no strong opinion on
the question of the LSM hooks, but the SELinux bits look okay to me.
Acked-by: Paul Moore <paul@paul-moore.com>
> diff --git a/kernel/module.c b/kernel/module.c
> index ce8066b88178..b97c642b5b4d 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2879,7 +2879,7 @@ static int copy_module_from_user(const void __user *umod, unsigned long len,
> if (info->len < sizeof(*(info->hdr)))
> return -ENOEXEC;
>
> - err = security_kernel_read_file(NULL, READING_MODULE);
> + err = security_kernel_load_data(LOADING_MODULE);
> if (err)
> return err;
>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 5a7696152982..cd33a2eff496 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -438,17 +438,6 @@ static int read_idmap[READING_MAX_ID] = {
> */
> int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
> {
> - bool sig_enforce = is_module_sig_enforced();
> -
> - if (!file && read_id == READING_MODULE) {
> - if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES) &&
> - (ima_appraise & IMA_APPRAISE_ENFORCE)) {
> - pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n");
> - return -EACCES; /* INTEGRITY_UNKNOWN */
> - }
> - return 0; /* We rely on module signature checking */
> - }
> -
> if (read_id == READING_FIRMWARE_PREALLOC_BUFFER) {
> if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
> (ima_appraise & IMA_APPRAISE_ENFORCE)) {
> @@ -487,9 +476,6 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
> return 0;
> }
>
> - if (!file && read_id == READING_MODULE) /* MODULE_SIG_FORCE enabled */
> - return 0;
> -
> /* permit signed certs */
> if (!file && read_id == READING_X509_CERTIFICATE)
> return 0;
> @@ -518,6 +504,8 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
> */
> int ima_load_data(enum kernel_load_data_id id)
> {
> + bool sig_enforce;
> +
> if ((ima_appraise & IMA_APPRAISE_ENFORCE) != IMA_APPRAISE_ENFORCE)
> return 0;
>
> @@ -533,6 +521,14 @@ int ima_load_data(enum kernel_load_data_id id)
> pr_err("Prevent firmware sysfs fallback loading.\n");
> return -EACCES; /* INTEGRITY_UNKNOWN */
> }
> + break;
> + case LOADING_MODULE:
> + sig_enforce = is_module_sig_enforced();
> +
> + if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES)) {
> + pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n");
> + return -EACCES; /* INTEGRITY_UNKNOWN */
> + }
> default:
> break;
> }
> diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
> index 5fa191252c8f..a9c07bfbc338 100644
> --- a/security/loadpin/loadpin.c
> +++ b/security/loadpin/loadpin.c
> @@ -173,9 +173,24 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id)
> return 0;
> }
>
> +static int loadpin_load_data(enum kernel_load_data_id id)
> +{
> + int rc = 0;
> +
> + switch (id) {
> + case LOADING_MODULE:
> + rc = loadpin_read_file(NULL, READING_MODULE);
> + default:
> + break;
> + }
> +
> + return rc;
> +}
> +
> static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
> LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security),
> LSM_HOOK_INIT(kernel_read_file, loadpin_read_file),
> + LSM_HOOK_INIT(kernel_load_data, loadpin_load_data),
> };
>
> void __init loadpin_add_hooks(void)
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 02ebd1585eaf..475aed9ee2c7 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -4059,6 +4059,20 @@ static int selinux_kernel_read_file(struct file *file,
> return rc;
> }
>
> +static int selinux_kernel_load_data(enum kernel_load_data_id id)
> +{
> + int rc = 0;
> +
> + switch (id) {
> + case LOADING_MODULE:
> + rc = selinux_kernel_module_from_file(NULL);
> + default:
> + break;
> + }
> +
> + return rc;
> +}
> +
> static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
> {
> return avc_has_perm(&selinux_state,
> @@ -6950,6 +6964,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
> LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
> LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
> LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
> + LSM_HOOK_INIT(kernel_load_data, selinux_kernel_load_data),
> LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
> LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
> LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
> --
> 2.7.5
>
--
paul moore
www.paul-moore.com
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2018-06-01 22:28 UTC|newest]
Thread overview: 139+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-29 18:01 [PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` [PATCH v4 1/8] security: define new LSM hook named security_kernel_load_data Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-06-04 19:59 ` Serge E. Hallyn
2018-06-04 19:59 ` Serge E. Hallyn
2018-06-04 19:59 ` Serge E. Hallyn
2018-05-29 18:01 ` [PATCH v4 2/8] kexec: add call to LSM hook in original kexec_load syscall Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-06-04 20:00 ` Serge E. Hallyn
2018-06-04 20:00 ` Serge E. Hallyn
2018-06-04 20:00 ` Serge E. Hallyn
2018-05-29 18:01 ` [PATCH v4 3/8] ima: based on policy require signed kexec kernel images Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` [PATCH v4 4/8] firmware: add call to LSM hook before firmware sysfs fallback Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-06-01 18:19 ` Luis R. Rodriguez
2018-06-01 18:19 ` Luis R. Rodriguez
2018-06-01 18:19 ` Luis R. Rodriguez
2018-05-29 18:01 ` [PATCH v4 5/8] ima: based on policy require signed firmware (sysfs fallback) Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-06-01 18:21 ` Luis R. Rodriguez
2018-06-01 18:21 ` Luis R. Rodriguez
2018-06-01 18:21 ` Luis R. Rodriguez
2018-06-01 22:39 ` Mimi Zohar
2018-06-01 22:39 ` Mimi Zohar
2018-06-01 22:39 ` Mimi Zohar
2018-06-01 22:39 ` Mimi Zohar
2018-06-01 22:46 ` Luis R. Rodriguez
2018-06-01 22:46 ` Luis R. Rodriguez
2018-06-01 22:46 ` Luis R. Rodriguez
2018-06-01 22:46 ` Luis R. Rodriguez
2018-06-01 23:04 ` Mimi Zohar
2018-06-01 23:04 ` Mimi Zohar
2018-06-01 23:04 ` Mimi Zohar
2018-06-01 23:04 ` Mimi Zohar
2018-05-29 18:01 ` [PATCH v4 6/8] ima: add build time policy Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` [RFC PATCH v4 7/8] ima: based on policy prevent loading firmware (pre-allocated buffer) Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-05-29 18:01 ` Mimi Zohar
2018-06-01 19:15 ` Luis R. Rodriguez
2018-06-01 19:15 ` Luis R. Rodriguez
2018-06-01 19:15 ` Luis R. Rodriguez
2018-06-01 19:25 ` Luis R. Rodriguez
2018-06-01 19:25 ` Luis R. Rodriguez
2018-06-01 19:25 ` Luis R. Rodriguez
2018-06-05 22:37 ` Kees Cook
2018-06-05 22:37 ` Kees Cook
2018-06-05 22:37 ` Kees Cook
2018-06-06 6:20 ` Ard Biesheuvel
2018-06-06 6:20 ` Ard Biesheuvel
2018-06-06 6:20 ` Ard Biesheuvel
2018-06-06 22:06 ` Luis R. Rodriguez
2018-06-06 22:06 ` Luis R. Rodriguez
2018-06-06 22:06 ` Luis R. Rodriguez
2018-05-29 18:02 ` [PATCH v4 8/8] module: replace the existing LSM hook in init_module Mimi Zohar
2018-05-29 18:02 ` Mimi Zohar
2018-05-29 18:02 ` Mimi Zohar
2018-05-29 22:39 ` Paul Moore
2018-05-29 22:39 ` Paul Moore
2018-05-29 22:39 ` Paul Moore
2018-05-29 23:14 ` Mimi Zohar
2018-05-29 23:14 ` Mimi Zohar
2018-05-29 23:14 ` Mimi Zohar
2018-05-29 23:14 ` Mimi Zohar
2018-05-30 21:00 ` Paul Moore
2018-05-30 21:00 ` Paul Moore
2018-05-30 21:00 ` Paul Moore
2018-05-31 15:23 ` [PATCH v4a " Mimi Zohar
2018-05-31 15:23 ` Mimi Zohar
2018-05-31 15:23 ` Mimi Zohar
2018-06-01 22:28 ` Paul Moore [this message]
2018-06-01 22:28 ` Paul Moore
2018-06-01 22:28 ` Paul Moore
2018-06-04 9:19 ` Jessica Yu
2018-06-04 9:19 ` Jessica Yu
2018-06-04 9:19 ` Jessica Yu
2018-06-05 19:45 ` Kees Cook
2018-06-05 19:45 ` Kees Cook
2018-06-05 19:45 ` Kees Cook
2018-06-05 21:35 ` Mimi Zohar
2018-06-05 21:35 ` Mimi Zohar
2018-06-05 21:35 ` Mimi Zohar
2018-06-05 21:35 ` Mimi Zohar
2018-06-05 22:26 ` Kees Cook
2018-06-05 22:26 ` Kees Cook
2018-06-05 22:26 ` Kees Cook
2018-06-05 22:40 ` Mimi Zohar
2018-06-05 22:40 ` Mimi Zohar
2018-06-05 22:40 ` Mimi Zohar
2018-06-05 22:40 ` Mimi Zohar
2018-05-29 23:25 ` [PATCH v4 " Mimi Zohar
2018-05-29 23:25 ` Mimi Zohar
2018-05-29 23:25 ` Mimi Zohar
2018-05-29 23:25 ` Mimi Zohar
2018-05-30 2:25 ` Eric W. Biederman
2018-05-30 2:25 ` Eric W. Biederman
2018-05-30 2:25 ` Eric W. Biederman
2018-05-30 21:09 ` Paul Moore
2018-05-30 21:09 ` Paul Moore
2018-05-30 21:09 ` Paul Moore
2018-06-04 14:03 ` [PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures Mimi Zohar
2018-06-04 14:03 ` Mimi Zohar
2018-06-04 14:03 ` Mimi Zohar
2018-06-04 14:03 ` Mimi Zohar
2018-06-04 19:32 ` Serge E. Hallyn
2018-06-04 19:32 ` Serge E. Hallyn
2018-06-04 19:32 ` Serge E. Hallyn
2018-06-04 19:32 ` Serge E. Hallyn
2018-06-04 19:53 ` Mimi Zohar
2018-06-04 19:53 ` Mimi Zohar
2018-06-04 19:53 ` Mimi Zohar
2018-06-04 19:53 ` Mimi Zohar
2018-06-04 22:03 ` Kees Cook
2018-06-04 22:03 ` Kees Cook
2018-06-04 22:03 ` Kees Cook
2018-06-05 4:09 ` Serge E. Hallyn
2018-06-05 4:09 ` Serge E. Hallyn
2018-06-05 4:09 ` Serge E. Hallyn
2018-06-05 12:19 ` Kees Cook
2018-06-05 12:19 ` Kees Cook
2018-06-05 12:19 ` Kees Cook
2018-06-05 13:25 ` Serge E. Hallyn
2018-06-05 13:25 ` Serge E. Hallyn
2018-06-05 13:25 ` Serge E. Hallyn
2018-06-05 13:43 ` Kees Cook
2018-06-05 13:43 ` Kees Cook
2018-06-05 13:43 ` Kees Cook
2018-06-05 14:05 ` Mimi Zohar
2018-06-05 14:05 ` Mimi Zohar
2018-06-05 14:05 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhSjeruk_EM3DZ0fu8aq8_qbhD9BtfhtJ0Ery8mOMu2wrw@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=andresx7@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=gregkh@linuxfoundation.org \
--cc=jeffv@google.com \
--cc=keescook@chromium.org \
--cc=kexec@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.