linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Martin Steigerwald <martin@lichtvoll.de>
Cc: James Morris <jmorris@namei.org>,
	Casey Schaufler <casey@schaufler-ca.com>,
	John Johansen <john.johansen@canonical.com>,
	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	Paul Moore <paul@paul-moore.com>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	"Schaufler, Casey" <casey.schaufler@intel.com>,
	LSM <linux-security-module@vger.kernel.org>,
	Jonathan Corbet <corbet@lwn.net>,
	"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
	linux-arch <linux-arch@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH security-next v2 00/26] LSM: Explict LSM ordering
Date: Thu, 20 Sep 2018 14:55:52 -0700	[thread overview]
Message-ID: <CAGXu5jJfp2ezmODaQgj_gROdpr=_Dc4_h=ujPeR-ggTZ8AUciQ@mail.gmail.com> (raw)
In-Reply-To: <1898403.NNy4ELVaME@merkaba>

On Thu, Sep 20, 2018 at 1:14 PM, Martin Steigerwald <martin@lichtvoll.de> wrote:
> Kees Cook - 20.09.18, 18:23:
>> v2:
>> - add "lsm.order=" and CONFIG_LSM_ORDER instead of overloading
>> "security=" - reorganize introduction of ordering logic code
>>
>> Updated cover letter:
>>
>> This refactors the LSM registration and initialization infrastructure
>> to more centrally support different LSM types. What was considered a
>> "major" LSM is kept for legacy use of the "security=" boot parameter,
>> and now overlaps with the new class of "exclusive" LSMs for the future
>> blob sharing (to be added later). The "minor" LSMs become more well
>> defined as a result of the refactoring.
>>
>> Instead of continuing to (somewhat improperly) overload the kernel's
>> initcall system, this changes the LSM infrastructure to store a
>> registration structure (struct lsm_info) table instead, where metadata
>> about each LSM can be recorded (name, flags, order, enable flag, init
>> function). This can be extended in the future to include things like
>> required blob size for the coming "blob sharing" LSMs.
>
> I read the cover letter and still don´t know what this is about. Now I
> am certainly not engaged deeply with LSM. I bet my main missing piece
> is: What is a "blob sharing" LSM.
>
> I think it would improve the cover letter greatly if it explains briefly
> what is a major LSM, what is a minor LSM and what is a "blob sharing"
> LSM.
>
> Why those are all needed? What is the actual security or end user
> benefit of this work? The questions are not to question your work. I bet
> it makes all perfect sense. I just did not understand its sense from
> reading the cover letter.

Sure, thanks! I'll include more details for any later versions. This
is mainly related to some internal refactoring the LSM is doing to
support additional LSM that need more extensive "stacking" of the
kernel internals. I aimed this at linux-doc@ and linux-arch@ to get
feedback on the Documentation/ and linker script changes,
respectively. In theory, users don't need to know anything about
minor/major nor blob-sharing, as that should normally be all an
internal issue.

Thanks!

-Kees

-- 
Kees Cook
Pixel Security

      reply	other threads:[~2018-09-20 21:55 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-20 16:23 [PATCH security-next v2 00/26] LSM: Explict LSM ordering Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 01/26] LSM: Correctly announce start of LSM initialization Kees Cook
2018-09-20 23:39   ` Casey Schaufler
2018-09-20 16:23 ` [PATCH security-next v2 02/26] vmlinux.lds.h: Avoid copy/paste of security_init section Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 03/26] LSM: Rename .security_initcall section to .lsm_info Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 04/26] LSM: Remove initcall tracing Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 05/26] LSM: Convert from initcall to struct lsm_info Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 06/26] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 07/26] LSM: Convert security_initcall() into DEFINE_LSM() Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 08/26] LSM: Record LSM name in struct lsm_info Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 09/26] LSM: Provide init debugging infrastructure Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 10/26] LSM: Don't ignore initialization failures Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 11/26] LSM: Introduce LSM_FLAG_LEGACY_MAJOR Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 12/26] LSM: Provide separate ordered initialization Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 13/26] LSM: Plumb visibility into optional "enabled" state Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 14/26] LSM: Lift LSM selection out of individual LSMs Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 15/26] LSM: Introduce lsm.enable= and lsm.disable= Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 16/26] LSM: Prepare for reorganizing "security=" logic Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 17/26] LSM: Refactor "security=" in terms of enable/disable Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 18/26] LSM: Build ordered list of ordered LSMs for init Kees Cook
2018-09-21  0:04   ` Casey Schaufler
2018-09-21  0:37     ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 19/26] LSM: Introduce CONFIG_LSM_ORDER Kees Cook
2018-09-21  0:10   ` Casey Schaufler
2018-09-21  0:14     ` Casey Schaufler
2018-09-20 16:23 ` [PATCH security-next v2 20/26] LSM: Introduce "lsm.order=" for boottime ordering Kees Cook
2018-09-21  0:12   ` Casey Schaufler
2018-09-21  0:40     ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 21/26] LoadPin: Initialize as ordered LSM Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 22/26] Yama: " Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 23/26] LSM: Introduce enum lsm_order Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 24/26] capability: Mark as LSM_ORDER_FIRST Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 25/26] LSM: Separate idea of "major" LSM from "exclusive" LSM Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization Kees Cook
2018-09-21  0:25   ` Casey Schaufler
2018-09-21  0:45     ` Kees Cook
2018-09-21  1:10       ` Casey Schaufler
2018-09-21  1:39         ` John Johansen
2018-09-21  2:05           ` Kees Cook
2018-09-21  2:14             ` John Johansen
2018-09-21  3:02               ` Kees Cook
2018-09-21 13:19                 ` John Johansen
2018-09-21 14:57                   ` Casey Schaufler
2018-09-20 20:14 ` [PATCH security-next v2 00/26] LSM: Explict LSM ordering Martin Steigerwald
2018-09-20 21:55   ` Kees Cook [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGXu5jJfp2ezmODaQgj_gROdpr=_Dc4_h=ujPeR-ggTZ8AUciQ@mail.gmail.com' \
    --to=keescook@chromium.org \
    --cc=casey.schaufler@intel.com \
    --cc=casey@schaufler-ca.com \
    --cc=corbet@lwn.net \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=martin@lichtvoll.de \
    --cc=paul@paul-moore.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=sds@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).