From: James Morris <jmorris@namei.org>
To: deven.desai@linux.microsoft.com
Cc: agk@redhat.com, axboe@kernel.dk, snitzer@redhat.com,
"Serge E. Hallyn" <serge@hallyn.com>,
zohar@linux.ibm.com, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, dm-devel@redhat.com,
linux-block@vger.kernel.org, jannh@google.com,
tyhicks@linux.microsoft.com, pasha.tatashin@soleen.com,
sashal@kernel.org, jaskarankhurana@linux.microsoft.com,
nramas@linux.microsoft.com, mdsakib@linux.microsoft.com,
linux-kernel@vger.kernel.org, Jonathan Corbet <corbet@lwn.net>,
Stephen Smalley <sds@tycho.nsa.gov>,
Chad Sellers <csellers@tresys.com>,
John Johansen <john.johansen@canonical.com>
Subject: Re: [RFC PATCH v3 05/12] fs: add security blob and hooks for block_device
Date: Thu, 23 Apr 2020 02:42:49 +1000 (AEST) [thread overview]
Message-ID: <alpine.LRH.2.21.2004230234420.12318@namei.org> (raw)
In-Reply-To: <20200415162550.2324-6-deven.desai@linux.microsoft.com>
On Wed, 15 Apr 2020, deven.desai@linux.microsoft.com wrote:
> From: Deven Bowers <deven.desai@linux.microsoft.com>
>
> Add a security blob and associated allocation, deallocation and set hooks
> for a block_device structure.
>
> Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Is there any feedback from block or LSM folk on the addition of a security
blob for block_device here?
IPE uses this is to track the status of integrity verification of e.g.
DM-Verity devices, per this code from a subsequent patch:
+ ret = security_bdev_setsecurity(dm_table_get_md(v->ti->table)->bdev,
+ DM_VERITY_SIGNATURE_SEC_NAME,
+ v->sig->sig, v->sig->sig_size);
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2020-04-22 16:43 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-15 16:25 [RFC PATCH v3 00/12] Integrity Policy Enforcement LSM (IPE) deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 01/12] scripts: add ipe tooling to generate boot policy deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 02/12] security: add ipe lsm evaluation loop and audit system deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 03/12] security: add ipe lsm policy parser and policy loading deven.desai
2020-07-15 19:16 ` Tyler Hicks
2020-04-15 16:25 ` [RFC PATCH v3 04/12] ipe: add property for trust of boot volume deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 05/12] fs: add security blob and hooks for block_device deven.desai
2020-04-22 16:42 ` James Morris [this message]
2020-04-22 16:55 ` Casey Schaufler
2020-04-15 16:25 ` [RFC PATCH v3 06/12] dm-verity: move signature check after tree validation deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 07/12] dm-verity: add bdev_setsecurity hook for dm-verity signature deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 08/12] ipe: add property for signed dmverity volumes deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 09/12] dm-verity: add bdev_setsecurity hook for root-hash deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 10/12] ipe: add property for dmverity roothash deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 11/12] documentation: add ipe documentation deven.desai
2020-04-15 16:25 ` [RFC PATCH v3 12/12] cleanup: uapi/linux/audit.h deven.desai
2020-05-10 9:28 ` [RFC PATCH v3 00/12] Integrity Policy Enforcement LSM (IPE) Mickaël Salaün
2020-05-11 18:03 ` Deven Bowers
2020-05-12 20:46 ` Deven Bowers
2020-05-14 19:28 ` Mickaël Salaün
2020-05-16 22:14 ` Jaskaran Singh Khurana
2020-05-26 20:44 ` Jaskaran Singh Khurana
2020-05-29 8:18 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.21.2004230234420.12318@namei.org \
--to=jmorris@namei.org \
--cc=agk@redhat.com \
--cc=axboe@kernel.dk \
--cc=corbet@lwn.net \
--cc=csellers@tresys.com \
--cc=deven.desai@linux.microsoft.com \
--cc=dm-devel@redhat.com \
--cc=jannh@google.com \
--cc=jaskarankhurana@linux.microsoft.com \
--cc=john.johansen@canonical.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mdsakib@linux.microsoft.com \
--cc=nramas@linux.microsoft.com \
--cc=pasha.tatashin@soleen.com \
--cc=sashal@kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=serge@hallyn.com \
--cc=snitzer@redhat.com \
--cc=tyhicks@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).