From: Casey Schaufler <casey@schaufler-ca.com>
To: Kees Cook <keescook@chromium.org>,
Alexander Popov <alex.popov@linux.com>
Cc: Steven Rostedt <rostedt@goodmis.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Lukas Bulwahn <lukas.bulwahn@gmail.com>,
Jonathan Corbet <corbet@lwn.net>,
Paul McKenney <paulmck@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
Joerg Roedel <jroedel@suse.de>,
Maciej Rozycki <macro@orcam.me.uk>,
Muchun Song <songmuchun@bytedance.com>,
Viresh Kumar <viresh.kumar@linaro.org>,
Robin Murphy <robin.murphy@arm.com>,
Randy Dunlap <rdunlap@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Petr Mladek <pmladek@suse.com>,
Luis Chamberlain <mcgrof@kernel.org>, Wei Liu <wl@xen.org>,
John Ogness <john.ogness@linutronix.de>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Alexey Kardashevskiy <aik@ozlabs.ru>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Jann Horn <jannh@google.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Mark Rutland <mark.rutland@arm.com>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Will Deacon <will@kernel.org>, Ard Biesheuvel <ardb@kernel.org>,
Laura Abbott <labbott@kernel.org>,
David S Miller <davem@davemloft.net>,
Borislav Petkov <bp@alien8.de>, Arnd Bergmann <arnd@arndb.de>,
Andrew Scull <ascull@google.com>, Marc Zyngier <maz@kernel.org>,
Jessica Yu <jeyu@kernel.org>, Iurii Zaikin <yzaikin@google.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Wang Qing <wangqing@vivo.com>, Mel Gorman <mgorman@suse.de>,
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
Andrew Klychkov <andrew.a.klychkov@gmail.com>,
Mathieu Chouquet-Stringer <me@mathieu.digital>,
Daniel Borkmann <daniel@iogearbox.net>,
Stephen Kitt <steve@sk2.org>, Stephen Boyd <sboyd@kernel.org>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Mike Rapoport <rppt@kernel.org>,
Bjorn Andersson <bjorn.andersson@linaro.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
linux-hardening@vger.kernel.org,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
notify@kernel.org, main@lists.elisa.tech,
safety-architecture@lists.elisa.tech, devel@lists.elisa.tech,
Shuah Khan <shuah@kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH v2 0/2] Introduce the pkill_on_warn parameter
Date: Tue, 16 Nov 2021 11:00:23 -0800 [thread overview]
Message-ID: <fd86a05b-feca-c0a9-c6b0-b2e69c650021@schaufler-ca.com> (raw)
In-Reply-To: <202111161037.7456C981@keescook>
On 11/16/2021 10:41 AM, Kees Cook wrote:
> On Tue, Nov 16, 2021 at 12:12:16PM +0300, Alexander Popov wrote:
>> What if the Linux kernel had a LSM module responsible for error handling policy?
>> That would require adding LSM hooks to BUG*(), WARN*(), KERN_EMERG, etc.
>> In such LSM policy we can decide immediately how to react on the kernel error.
>> We can even decide depending on the subsystem and things like that.
> That would solve the "atomicity" issue the WARN tracepoint solution has,
> and it would allow for very flexible userspace policy.
>
> I actually wonder if the existing panic_on_* sites should serve as a
> guide for where to put the hooks. The current sysctls could be replaced
> by the hooks and a simple LSM.
Do you really want to make error handling a "security" issue?
If you add security_bug(), security_warn_on() and the like
you're begging that they be included in SELinux (AppArmor) policy.
BPF, too, come to think of it. Is that what you want?
next prev parent reply other threads:[~2021-11-16 19:00 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-27 23:32 [PATCH v2 0/2] Introduce the pkill_on_warn parameter Alexander Popov
2021-10-27 23:32 ` [PATCH v2 1/2] bug: do refactoring allowing to add a warning handling action Alexander Popov
2021-10-27 23:32 ` [PATCH v2 2/2] sysctl: introduce kernel.pkill_on_warn Alexander Popov
2021-11-12 21:24 ` Steven Rostedt
2021-11-12 18:52 ` [PATCH v2 0/2] Introduce the pkill_on_warn parameter Alexander Popov
2021-11-12 21:26 ` Linus Torvalds
2021-11-13 18:14 ` Alexander Popov
2021-11-13 19:58 ` Linus Torvalds
2021-11-14 14:21 ` Marco Elver
2021-11-15 13:59 ` Lukas Bulwahn
2021-11-15 15:51 ` [ELISA Safety Architecture WG] " Gabriele Paoloni
2021-11-16 7:52 ` Alexander Popov
2021-11-16 8:01 ` Lukas Bulwahn
2021-11-16 8:41 ` Petr Mladek
2021-11-16 9:19 ` Lukas Bulwahn
2021-11-16 13:20 ` James Bottomley
2021-11-15 16:06 ` Steven Rostedt
2021-11-15 22:06 ` Kees Cook
2021-11-16 9:12 ` Alexander Popov
2021-11-16 18:41 ` Kees Cook
2021-11-16 19:00 ` Casey Schaufler [this message]
2021-11-18 17:32 ` Kees Cook
2021-11-18 18:30 ` Casey Schaufler
2021-11-18 20:29 ` Kees Cook
2021-11-16 13:07 ` James Bottomley
2021-11-20 12:17 ` Marco Elver
2021-11-22 16:21 ` Steven Rostedt
2021-11-16 6:37 ` Christophe Leroy
2021-11-16 8:34 ` Alexander Popov
2021-11-16 8:57 ` Lukas Bulwahn
2021-11-15 8:12 ` Kaiwan N Billimoria
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fd86a05b-feca-c0a9-c6b0-b2e69c650021@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=aik@ozlabs.ru \
--cc=akpm@linux-foundation.org \
--cc=alex.popov@linux.com \
--cc=andrew.a.klychkov@gmail.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=ascull@google.com \
--cc=baolu.lu@linux.intel.com \
--cc=bjorn.andersson@linaro.org \
--cc=bp@alien8.de \
--cc=christophe.leroy@csgroup.eu \
--cc=corbet@lwn.net \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=devel@lists.elisa.tech \
--cc=gregkh@linuxfoundation.org \
--cc=jannh@google.com \
--cc=jeyu@kernel.org \
--cc=john.ogness@linutronix.de \
--cc=jroedel@suse.de \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=lukas.bulwahn@gmail.com \
--cc=luto@kernel.org \
--cc=macro@orcam.me.uk \
--cc=main@lists.elisa.tech \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mchehab+huawei@kernel.org \
--cc=me@mathieu.digital \
--cc=mgorman@suse.de \
--cc=notify@kernel.org \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=pmladek@suse.com \
--cc=rdunlap@infradead.org \
--cc=robin.murphy@arm.com \
--cc=rostedt@goodmis.org \
--cc=rppt@kernel.org \
--cc=safety-architecture@lists.elisa.tech \
--cc=sboyd@kernel.org \
--cc=shuah@kernel.org \
--cc=songmuchun@bytedance.com \
--cc=steve@sk2.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tsbogend@alpha.franken.de \
--cc=viresh.kumar@linaro.org \
--cc=wangqing@vivo.com \
--cc=will@kernel.org \
--cc=wl@xen.org \
--cc=yzaikin@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).