Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Janne Karhunen <janne.karhunen@gmail.com>
Cc: linux-integrity@vger.kernel.org,
	linux-security-module <linux-security-module@vger.kernel.org>,
	Ken Goldman <kgold@linux.ibm.com>,
	david.safford@gmail.com, monty.wiseman@ge.com,
	"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH v2] ima: export the measurement list when needed
Date: Sun, 26 Jan 2020 12:01:09 -0500
Message-ID: <1580058069.5990.36.camel@linux.ibm.com> (raw)
In-Reply-To: <CAE=NcraSfo0fwxCnFQd08Ga59DsvxPTch-n_iN7fxt+3RdmP+A@mail.gmail.com>

On Thu, 2020-01-23 at 10:41 +0200, Janne Karhunen wrote:
> On Wed, Jan 22, 2020 at 5:56 PM Mimi Zohar <zohar@linux.ibm.com> wrote:
> 
> > > While it can now be argued that since this is an admin-driven event,
> > > kernel does not need to write the file. However, the intention is to
> > > bring out a second patch a bit later that adds a variable to define
> > > the max number of entries to be kept in the kernel memory and
> > > workqueue based automatic flushing. In those cases the kernel has to
> > > be able to write the file without any help from the admin..
> >
> > I don't think it is common, and probably not acceptable, for the
> > kernel to open a file for writing.
> 
> Ok. It just means that the kernel cannot do its own memory management
> and will depend on the user flushing the memory often enough to
> prevent something bad from happening. Is this more common in the
> kernel than writing out a file?

Ok, there are examples of both passing a file descriptor and passing a
pathname from userspace, but even in the case of passing a pathname,
userspace normally creates the file.

There's been discussion in the past of defining an integrity
capability.  Are we at that point where we really do need to define an
integrity capability or is everyone comfortable with relying on
CAP_SYS_ADMIN?

When implementing this feature of exporting and truncating the
measurement list, please keep in mind how this would work in the
context of IMA namespaces.

thanks,

Mimi


  reply index

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-08 11:17 Janne Karhunen
2020-01-10  8:48 ` Janne Karhunen
2020-01-22 15:56   ` Mimi Zohar
2020-01-23  8:41     ` Janne Karhunen
2020-01-26 17:01       ` Mimi Zohar [this message]
2020-01-27  9:03         ` Janne Karhunen
2020-02-06 14:13   ` Mimi Zohar
2020-02-10  8:04     ` Janne Karhunen
2020-02-10 15:26       ` Mimi Zohar
2020-02-10 18:18     ` david.safford
2020-02-10 20:24       ` Mimi Zohar
2020-02-11  8:06         ` Janne Karhunen
2020-02-11 16:10         ` david.safford
2020-02-11 23:10           ` Mimi Zohar
2020-02-12 21:08             ` david.safford
2020-02-13  1:03               ` Mimi Zohar
2020-02-13  6:41                 ` Janne Karhunen
2020-02-18 15:36                   ` Mimi Zohar
2020-02-13 20:11           ` Ken Goldman
2020-02-18 14:50             ` david.safford
2020-01-24 14:46 ` david.safford
2020-01-27  8:48   ` Janne Karhunen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1580058069.5990.36.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=david.safford@gmail.com \
    --cc=janne.karhunen@gmail.com \
    --cc=kgold@linux.ibm.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=monty.wiseman@ge.com \
    --cc=serge@hallyn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git