From: "Lev R. Oshvang ." <levonshe@gmail.com>
To: Stephen Smalley <stephen.smalley@gmail.com>
Cc: Tushar Sugandhi <tusharsu@linux.microsoft.com>,
linux-integrity@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
LSM List <linux-security-module@vger.kernel.org>,
SELinux <selinux@vger.kernel.org>,
dm-devel@redhat.com, James Morris <jmorris@namei.org>,
chpebeni@linux.microsoft.com, nramas@linux.microsoft.com,
balajib@microsoft.com, sashal@kernel.org, suredd@microsoft.com
Subject: Re: [RFC] IMA: New IMA measurements for dm-crypt and selinux
Date: Sun, 12 Apr 2020 11:15:06 +0300 [thread overview]
Message-ID: <CAP22eLGJbSvUU=W0Jp=gvOFv-nxLC8YTnta3OU2PKbh746MCkQ@mail.gmail.com> (raw)
In-Reply-To: <CAB9W1A1=JyOV3-+6jn3xX-M+GKWBB2cCNh-VWB_kzf+YiR_d2Q@mail.gmail.com>
On Sat, Apr 11, 2020 at 10:07 PM Stephen Smalley
<stephen.smalley@gmail.com> wrote:
>
> On Wed, Apr 8, 2020 at 6:28 AM Tushar Sugandhi
> <tusharsu@linux.microsoft.com> wrote:
> > Measuring SELinux status and various SELinux policies can help ensure
> > mandatory access control of the system is not compromised.
> <snip>
> > B. Measuring selinux constructs:
> > We propose to add an IMA hook in enforcing_set() present under
> > security/selinux/include/security.h.
> > enforcing_set() sets the selinux state to enforcing/permissive etc.
> > and is called from key places like selinux_init(),
> > sel_write_enforce() etc.
> > The hook will measure various attributes related to selinux status.
> > Majority of the attributes are present in the struct selinux_state
> > present in security/selinux/include/security.h
> > e.g.
> > $sestatus
> > SELinux status: enabled
> > SELinuxfs mount: /sys/fs/selinux
> > SELinux root directory: /etc/selinux
> > Loaded policy name: default
> > Current mode: permissive
> > Mode from config file: permissive
> > Policy MLS status: enabled
> > Policy deny_unknown status: allowed
> > Memory protection checking: requested (insecure)
> > Max kernel policy version: 32
> >
> > The above attributes will be serialized into a set of key=value
> > pairs when passed to IMA for measurement.
> >
> > Proposed Function Signature of the IMA hook:
> > void ima_selinux_status(void *selinux_status, int len);
>
> This won't detect changes to any of these state variables via a kernel
> write vulnerability,
> so it would be good to provide a way to trigger measurement of the
> current values on
> demand.
> You'll also likely want to measure parts of the child structures of
> selinux_state, e.g. selinux_ss,
> especially selinux_map and policydb. You can simplify measurement of
> the policydb by
> serializing it first via policydb_write() and hashing the result. I
> suppose one question is whether you can do all of this
> already from userspace by just having userspace read
> /sys/fs/selinux/enforce, /sys/fs/selinux/policy, etc.
It sees to me that LKRG (kernel run time guard) takes the role of
measuring kernel structures. Perhaps you need to consult with LKRG
guys.
Lev.
next prev parent reply other threads:[~2020-04-12 8:15 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-08 10:19 [RFC] IMA: New IMA measurements for dm-crypt and selinux Tushar Sugandhi
2020-04-08 16:28 ` Milan Broz
2020-04-17 0:46 ` Tushar Sugandhi
2020-04-08 16:34 ` Casey Schaufler
2020-04-17 0:49 ` Tushar Sugandhi
2020-04-11 19:05 ` Stephen Smalley
2020-04-12 8:15 ` Lev R. Oshvang . [this message]
2020-04-14 1:11 ` Mimi Zohar
2020-04-14 10:06 ` Lev R. Oshvang .
2020-04-17 0:53 ` Tushar Sugandhi
2020-04-17 0:52 ` Tushar Sugandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAP22eLGJbSvUU=W0Jp=gvOFv-nxLC8YTnta3OU2PKbh746MCkQ@mail.gmail.com' \
--to=levonshe@gmail.com \
--cc=balajib@microsoft.com \
--cc=chpebeni@linux.microsoft.com \
--cc=dm-devel@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=sashal@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley@gmail.com \
--cc=suredd@microsoft.com \
--cc=tusharsu@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).