From: deven.desai@linux.microsoft.com
To: corbet@lwn.net, axboe@kernel.dk, agk@redhat.com,
snitzer@redhat.com, ebiggers@kernel.org, tytso@mit.edu,
paul@paul-moore.com, eparis@redhat.com, jmorris@namei.org,
serge@hallyn.com
Cc: jannh@google.com, dm-devel@redhat.com, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-audit@redhat.com,
linux-security-module@vger.kernel.org
Subject: [RFC PATCH v7 14/16] scripts: add boot policy generation program
Date: Wed, 13 Oct 2021 12:06:33 -0700 [thread overview]
Message-ID: <1634151995-16266-15-git-send-email-deven.desai@linux.microsoft.com> (raw)
In-Reply-To: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com>
From: Deven Bowers <deven.desai@linux.microsoft.com>
Enables an IPE policy to be enforced from kernel start, enabling access
control based on trust from kernel startup. This is accomplished by
transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a
c-string literal that is parsed at kernel startup as an unsigned policy.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
---
Relevant changes since v6:
* Move patch 01/12 to [14/16] of the series
---
MAINTAINERS | 1 +
scripts/Makefile | 1 +
scripts/ipe/Makefile | 2 +
scripts/ipe/polgen/.gitignore | 1 +
scripts/ipe/polgen/Makefile | 6 ++
scripts/ipe/polgen/polgen.c | 145 ++++++++++++++++++++++++++++++++++
security/ipe/.gitignore | 1 +
security/ipe/Kconfig | 10 +++
security/ipe/Makefile | 13 +++
security/ipe/ctx.c | 18 +++++
10 files changed, 198 insertions(+)
create mode 100644 scripts/ipe/Makefile
create mode 100644 scripts/ipe/polgen/.gitignore
create mode 100644 scripts/ipe/polgen/Makefile
create mode 100644 scripts/ipe/polgen/polgen.c
create mode 100644 security/ipe/.gitignore
diff --git a/MAINTAINERS b/MAINTAINERS
index f1e76f791d47..a84ca781199b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9283,6 +9283,7 @@ INTEGRITY POLICY ENFORCEMENT (IPE)
M: Deven Bowers <deven.desai@linux.microsoft.com>
M: Fan Wu <wufan@linux.microsoft.com>
S: Supported
+F: scripts/ipe/
F: security/ipe/
INTEL 810/815 FRAMEBUFFER DRIVER
diff --git a/scripts/Makefile b/scripts/Makefile
index 9adb6d247818..a31da6d57a36 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -41,6 +41,7 @@ targets += module.lds
subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins
subdir-$(CONFIG_MODVERSIONS) += genksyms
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
+subdir-$(CONFIG_SECURITY_IPE) += ipe
# Let clean descend into subdirs
subdir- += basic dtc gdb kconfig mod
diff --git a/scripts/ipe/Makefile b/scripts/ipe/Makefile
new file mode 100644
index 000000000000..e87553fbb8d6
--- /dev/null
+++ b/scripts/ipe/Makefile
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: GPL-2.0-only
+subdir-y := polgen
diff --git a/scripts/ipe/polgen/.gitignore b/scripts/ipe/polgen/.gitignore
new file mode 100644
index 000000000000..80f32f25d200
--- /dev/null
+++ b/scripts/ipe/polgen/.gitignore
@@ -0,0 +1 @@
+polgen
diff --git a/scripts/ipe/polgen/Makefile b/scripts/ipe/polgen/Makefile
new file mode 100644
index 000000000000..066060c22b4a
--- /dev/null
+++ b/scripts/ipe/polgen/Makefile
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0
+hostprogs-always-y := polgen
+HOST_EXTRACFLAGS += \
+ -I$(srctree)/include \
+ -I$(srctree)/include/uapi \
+
diff --git a/scripts/ipe/polgen/polgen.c b/scripts/ipe/polgen/polgen.c
new file mode 100644
index 000000000000..73cf13e743f7
--- /dev/null
+++ b/scripts/ipe/polgen/polgen.c
@@ -0,0 +1,145 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) Microsoft Corporation. All rights reserved.
+ */
+
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <errno.h>
+
+static void usage(const char *const name)
+{
+ printf("Usage: %s OutputFile (PolicyFile)\n", name);
+ exit(EINVAL);
+}
+
+static int policy_to_buffer(const char *pathname, char **buffer, size_t *size)
+{
+ int rc = 0;
+ FILE *fd;
+ char *lbuf;
+ size_t fsize;
+ size_t read;
+
+ fd = fopen(pathname, "r");
+ if (!fd) {
+ rc = errno;
+ goto out;
+ }
+
+ fseek(fd, 0, SEEK_END);
+ fsize = ftell(fd);
+ rewind(fd);
+
+ lbuf = malloc(fsize);
+ if (!lbuf) {
+ rc = ENOMEM;
+ goto out_close;
+ }
+
+ read = fread((void *)lbuf, sizeof(*lbuf), fsize, fd);
+ if (read != fsize) {
+ rc = -1;
+ goto out_free;
+ }
+
+ *buffer = lbuf;
+ *size = fsize;
+ fclose(fd);
+
+ return rc;
+
+out_free:
+ free(lbuf);
+out_close:
+ fclose(fd);
+out:
+ return rc;
+}
+
+static int write_boot_policy(const char *pathname, const char *buf, size_t size)
+{
+ int rc = 0;
+ FILE *fd;
+ size_t i;
+
+ fd = fopen(pathname, "w");
+ if (!fd) {
+ rc = errno;
+ goto err;
+ }
+
+ fprintf(fd, "/* This file is automatically generated.");
+ fprintf(fd, " Do not edit. */\n");
+ fprintf(fd, "#include <stddef.h>\n");
+ fprintf(fd, "\nextern const char *const ipe_boot_policy;\n\n");
+ fprintf(fd, "const char *const ipe_boot_policy =\n");
+
+ if (!buf || size == 0) {
+ fprintf(fd, "\tNULL;\n");
+ fclose(fd);
+ return 0;
+ }
+
+ fprintf(fd, "\t\"");
+
+ for (i = 0; i < size; ++i) {
+ switch (buf[i]) {
+ case '"':
+ fprintf(fd, "\\\"");
+ break;
+ case '\'':
+ fprintf(fd, "'");
+ break;
+ case '\n':
+ fprintf(fd, "\\n\"\n\t\"");
+ break;
+ case '\\':
+ fprintf(fd, "\\\\");
+ break;
+ case '\t':
+ fprintf(fd, "\\t");
+ break;
+ case '\?':
+ fprintf(fd, "\\?");
+ break;
+ default:
+ fprintf(fd, "%c", buf[i]);
+ }
+ }
+ fprintf(fd, "\";\n");
+ fclose(fd);
+
+ return 0;
+
+err:
+ if (fd)
+ fclose(fd);
+ return rc;
+}
+
+int main(int argc, const char *const argv[])
+{
+ int rc = 0;
+ size_t len = 0;
+ char *policy = NULL;
+
+ if (argc < 2)
+ usage(argv[0]);
+
+ if (argc > 2) {
+ rc = policy_to_buffer(argv[2], &policy, &len);
+ if (rc != 0)
+ goto cleanup;
+ }
+
+ rc = write_boot_policy(argv[1], policy, len);
+cleanup:
+ if (policy)
+ free(policy);
+ if (rc != 0)
+ perror("An error occurred during policy conversion: ");
+ return rc;
+}
diff --git a/security/ipe/.gitignore b/security/ipe/.gitignore
new file mode 100644
index 000000000000..eca22ad5ed22
--- /dev/null
+++ b/security/ipe/.gitignore
@@ -0,0 +1 @@
+boot-policy.c
\ No newline at end of file
diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
index fcf82a8152ec..39df680b67a2 100644
--- a/security/ipe/Kconfig
+++ b/security/ipe/Kconfig
@@ -20,6 +20,16 @@ menuconfig SECURITY_IPE
if SECURITY_IPE
+config IPE_BOOT_POLICY
+ string "Integrity policy to apply on system startup"
+ help
+ This option specifies a filepath to a IPE policy that is compiled
+ into the kernel. This policy will be enforced until a policy update
+ is deployed via the $securityfs/ipe/policies/$policy_name/active
+ interface.
+
+ If unsure, leave blank.
+
choice
prompt "Hash algorithm used in auditing policies"
default IPE_AUDIT_HASH_SHA1
diff --git a/security/ipe/Makefile b/security/ipe/Makefile
index 1e7b2d7fcd9e..89fec670f954 100644
--- a/security/ipe/Makefile
+++ b/security/ipe/Makefile
@@ -7,7 +7,18 @@
ccflags-y := -I$(srctree)/security/ipe/modules
+quiet_cmd_polgen = IPE_POL $(2)
+ cmd_polgen = scripts/ipe/polgen/polgen security/ipe/boot-policy.c $(2)
+
+$(eval $(call config_filename,IPE_BOOT_POLICY))
+
+targets += boot-policy.c
+
+$(obj)/boot-policy.c: scripts/ipe/polgen/polgen $(IPE_BOOT_POLICY_FILENAME) FORCE
+ $(call if_changed,polgen,$(IPE_BOOT_POLICY_FILENAME))
+
obj-$(CONFIG_SECURITY_IPE) += \
+ boot-policy.o \
ctx.o \
eval.o \
fs.o \
@@ -21,3 +32,5 @@ obj-$(CONFIG_SECURITY_IPE) += \
policyfs.o \
obj-$(CONFIG_AUDIT) += audit.o
+
+clean-files := boot-policy.c \
diff --git a/security/ipe/ctx.c b/security/ipe/ctx.c
index fc9b8e467bc9..879acf4ceac5 100644
--- a/security/ipe/ctx.c
+++ b/security/ipe/ctx.c
@@ -15,6 +15,7 @@
#include <linux/spinlock.h>
#include <linux/moduleparam.h>
+extern const char *const ipe_boot_policy;
static bool success_audit;
static bool enforce = true;
@@ -329,6 +330,7 @@ void ipe_put_ctx(struct ipe_context *ctx)
int __init ipe_init_ctx(void)
{
int rc = 0;
+ struct ipe_policy *p = NULL;
struct ipe_context *lns = NULL;
lns = create_ctx();
@@ -342,10 +344,26 @@ int __init ipe_init_ctx(void)
WRITE_ONCE(lns->enforce, enforce);
spin_unlock(&lns->lock);
+ if (ipe_boot_policy) {
+ p = ipe_new_policy(ipe_boot_policy, strlen(ipe_boot_policy),
+ NULL, 0);
+ if (IS_ERR(p)) {
+ rc = PTR_ERR(lns);
+ goto err;
+ }
+
+ ipe_add_policy(lns, p);
+ rc = ipe_set_active_pol(p);
+ if (!rc)
+ goto err;
+ }
+
rcu_assign_pointer(*ipe_tsk_ctx(current), lns);
+ ipe_put_policy(p);
return 0;
err:
+ ipe_put_policy(p);
ipe_put_ctx(lns);
return rc;
}
--
2.33.0
WARNING: multiple messages have this Message-ID (diff)
From: deven.desai@linux.microsoft.com
To: corbet@lwn.net, axboe@kernel.dk, agk@redhat.com,
snitzer@redhat.com, ebiggers@kernel.org, tytso@mit.edu,
paul@paul-moore.com, eparis@redhat.com, jmorris@namei.org,
serge@hallyn.com
Cc: linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org,
jannh@google.com, linux-fscrypt@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
dm-devel@redhat.com, linux-audit@redhat.com
Subject: [dm-devel] [RFC PATCH v7 14/16] scripts: add boot policy generation program
Date: Wed, 13 Oct 2021 12:06:33 -0700 [thread overview]
Message-ID: <1634151995-16266-15-git-send-email-deven.desai@linux.microsoft.com> (raw)
In-Reply-To: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com>
From: Deven Bowers <deven.desai@linux.microsoft.com>
Enables an IPE policy to be enforced from kernel start, enabling access
control based on trust from kernel startup. This is accomplished by
transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a
c-string literal that is parsed at kernel startup as an unsigned policy.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
---
Relevant changes since v6:
* Move patch 01/12 to [14/16] of the series
---
MAINTAINERS | 1 +
scripts/Makefile | 1 +
scripts/ipe/Makefile | 2 +
scripts/ipe/polgen/.gitignore | 1 +
scripts/ipe/polgen/Makefile | 6 ++
scripts/ipe/polgen/polgen.c | 145 ++++++++++++++++++++++++++++++++++
security/ipe/.gitignore | 1 +
security/ipe/Kconfig | 10 +++
security/ipe/Makefile | 13 +++
security/ipe/ctx.c | 18 +++++
10 files changed, 198 insertions(+)
create mode 100644 scripts/ipe/Makefile
create mode 100644 scripts/ipe/polgen/.gitignore
create mode 100644 scripts/ipe/polgen/Makefile
create mode 100644 scripts/ipe/polgen/polgen.c
create mode 100644 security/ipe/.gitignore
diff --git a/MAINTAINERS b/MAINTAINERS
index f1e76f791d47..a84ca781199b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9283,6 +9283,7 @@ INTEGRITY POLICY ENFORCEMENT (IPE)
M: Deven Bowers <deven.desai@linux.microsoft.com>
M: Fan Wu <wufan@linux.microsoft.com>
S: Supported
+F: scripts/ipe/
F: security/ipe/
INTEL 810/815 FRAMEBUFFER DRIVER
diff --git a/scripts/Makefile b/scripts/Makefile
index 9adb6d247818..a31da6d57a36 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -41,6 +41,7 @@ targets += module.lds
subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins
subdir-$(CONFIG_MODVERSIONS) += genksyms
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
+subdir-$(CONFIG_SECURITY_IPE) += ipe
# Let clean descend into subdirs
subdir- += basic dtc gdb kconfig mod
diff --git a/scripts/ipe/Makefile b/scripts/ipe/Makefile
new file mode 100644
index 000000000000..e87553fbb8d6
--- /dev/null
+++ b/scripts/ipe/Makefile
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: GPL-2.0-only
+subdir-y := polgen
diff --git a/scripts/ipe/polgen/.gitignore b/scripts/ipe/polgen/.gitignore
new file mode 100644
index 000000000000..80f32f25d200
--- /dev/null
+++ b/scripts/ipe/polgen/.gitignore
@@ -0,0 +1 @@
+polgen
diff --git a/scripts/ipe/polgen/Makefile b/scripts/ipe/polgen/Makefile
new file mode 100644
index 000000000000..066060c22b4a
--- /dev/null
+++ b/scripts/ipe/polgen/Makefile
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0
+hostprogs-always-y := polgen
+HOST_EXTRACFLAGS += \
+ -I$(srctree)/include \
+ -I$(srctree)/include/uapi \
+
diff --git a/scripts/ipe/polgen/polgen.c b/scripts/ipe/polgen/polgen.c
new file mode 100644
index 000000000000..73cf13e743f7
--- /dev/null
+++ b/scripts/ipe/polgen/polgen.c
@@ -0,0 +1,145 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) Microsoft Corporation. All rights reserved.
+ */
+
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <errno.h>
+
+static void usage(const char *const name)
+{
+ printf("Usage: %s OutputFile (PolicyFile)\n", name);
+ exit(EINVAL);
+}
+
+static int policy_to_buffer(const char *pathname, char **buffer, size_t *size)
+{
+ int rc = 0;
+ FILE *fd;
+ char *lbuf;
+ size_t fsize;
+ size_t read;
+
+ fd = fopen(pathname, "r");
+ if (!fd) {
+ rc = errno;
+ goto out;
+ }
+
+ fseek(fd, 0, SEEK_END);
+ fsize = ftell(fd);
+ rewind(fd);
+
+ lbuf = malloc(fsize);
+ if (!lbuf) {
+ rc = ENOMEM;
+ goto out_close;
+ }
+
+ read = fread((void *)lbuf, sizeof(*lbuf), fsize, fd);
+ if (read != fsize) {
+ rc = -1;
+ goto out_free;
+ }
+
+ *buffer = lbuf;
+ *size = fsize;
+ fclose(fd);
+
+ return rc;
+
+out_free:
+ free(lbuf);
+out_close:
+ fclose(fd);
+out:
+ return rc;
+}
+
+static int write_boot_policy(const char *pathname, const char *buf, size_t size)
+{
+ int rc = 0;
+ FILE *fd;
+ size_t i;
+
+ fd = fopen(pathname, "w");
+ if (!fd) {
+ rc = errno;
+ goto err;
+ }
+
+ fprintf(fd, "/* This file is automatically generated.");
+ fprintf(fd, " Do not edit. */\n");
+ fprintf(fd, "#include <stddef.h>\n");
+ fprintf(fd, "\nextern const char *const ipe_boot_policy;\n\n");
+ fprintf(fd, "const char *const ipe_boot_policy =\n");
+
+ if (!buf || size == 0) {
+ fprintf(fd, "\tNULL;\n");
+ fclose(fd);
+ return 0;
+ }
+
+ fprintf(fd, "\t\"");
+
+ for (i = 0; i < size; ++i) {
+ switch (buf[i]) {
+ case '"':
+ fprintf(fd, "\\\"");
+ break;
+ case '\'':
+ fprintf(fd, "'");
+ break;
+ case '\n':
+ fprintf(fd, "\\n\"\n\t\"");
+ break;
+ case '\\':
+ fprintf(fd, "\\\\");
+ break;
+ case '\t':
+ fprintf(fd, "\\t");
+ break;
+ case '\?':
+ fprintf(fd, "\\?");
+ break;
+ default:
+ fprintf(fd, "%c", buf[i]);
+ }
+ }
+ fprintf(fd, "\";\n");
+ fclose(fd);
+
+ return 0;
+
+err:
+ if (fd)
+ fclose(fd);
+ return rc;
+}
+
+int main(int argc, const char *const argv[])
+{
+ int rc = 0;
+ size_t len = 0;
+ char *policy = NULL;
+
+ if (argc < 2)
+ usage(argv[0]);
+
+ if (argc > 2) {
+ rc = policy_to_buffer(argv[2], &policy, &len);
+ if (rc != 0)
+ goto cleanup;
+ }
+
+ rc = write_boot_policy(argv[1], policy, len);
+cleanup:
+ if (policy)
+ free(policy);
+ if (rc != 0)
+ perror("An error occurred during policy conversion: ");
+ return rc;
+}
diff --git a/security/ipe/.gitignore b/security/ipe/.gitignore
new file mode 100644
index 000000000000..eca22ad5ed22
--- /dev/null
+++ b/security/ipe/.gitignore
@@ -0,0 +1 @@
+boot-policy.c
\ No newline at end of file
diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
index fcf82a8152ec..39df680b67a2 100644
--- a/security/ipe/Kconfig
+++ b/security/ipe/Kconfig
@@ -20,6 +20,16 @@ menuconfig SECURITY_IPE
if SECURITY_IPE
+config IPE_BOOT_POLICY
+ string "Integrity policy to apply on system startup"
+ help
+ This option specifies a filepath to a IPE policy that is compiled
+ into the kernel. This policy will be enforced until a policy update
+ is deployed via the $securityfs/ipe/policies/$policy_name/active
+ interface.
+
+ If unsure, leave blank.
+
choice
prompt "Hash algorithm used in auditing policies"
default IPE_AUDIT_HASH_SHA1
diff --git a/security/ipe/Makefile b/security/ipe/Makefile
index 1e7b2d7fcd9e..89fec670f954 100644
--- a/security/ipe/Makefile
+++ b/security/ipe/Makefile
@@ -7,7 +7,18 @@
ccflags-y := -I$(srctree)/security/ipe/modules
+quiet_cmd_polgen = IPE_POL $(2)
+ cmd_polgen = scripts/ipe/polgen/polgen security/ipe/boot-policy.c $(2)
+
+$(eval $(call config_filename,IPE_BOOT_POLICY))
+
+targets += boot-policy.c
+
+$(obj)/boot-policy.c: scripts/ipe/polgen/polgen $(IPE_BOOT_POLICY_FILENAME) FORCE
+ $(call if_changed,polgen,$(IPE_BOOT_POLICY_FILENAME))
+
obj-$(CONFIG_SECURITY_IPE) += \
+ boot-policy.o \
ctx.o \
eval.o \
fs.o \
@@ -21,3 +32,5 @@ obj-$(CONFIG_SECURITY_IPE) += \
policyfs.o \
obj-$(CONFIG_AUDIT) += audit.o
+
+clean-files := boot-policy.c \
diff --git a/security/ipe/ctx.c b/security/ipe/ctx.c
index fc9b8e467bc9..879acf4ceac5 100644
--- a/security/ipe/ctx.c
+++ b/security/ipe/ctx.c
@@ -15,6 +15,7 @@
#include <linux/spinlock.h>
#include <linux/moduleparam.h>
+extern const char *const ipe_boot_policy;
static bool success_audit;
static bool enforce = true;
@@ -329,6 +330,7 @@ void ipe_put_ctx(struct ipe_context *ctx)
int __init ipe_init_ctx(void)
{
int rc = 0;
+ struct ipe_policy *p = NULL;
struct ipe_context *lns = NULL;
lns = create_ctx();
@@ -342,10 +344,26 @@ int __init ipe_init_ctx(void)
WRITE_ONCE(lns->enforce, enforce);
spin_unlock(&lns->lock);
+ if (ipe_boot_policy) {
+ p = ipe_new_policy(ipe_boot_policy, strlen(ipe_boot_policy),
+ NULL, 0);
+ if (IS_ERR(p)) {
+ rc = PTR_ERR(lns);
+ goto err;
+ }
+
+ ipe_add_policy(lns, p);
+ rc = ipe_set_active_pol(p);
+ if (!rc)
+ goto err;
+ }
+
rcu_assign_pointer(*ipe_tsk_ctx(current), lns);
+ ipe_put_policy(p);
return 0;
err:
+ ipe_put_policy(p);
ipe_put_ctx(lns);
return rc;
}
--
2.33.0
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
WARNING: multiple messages have this Message-ID (diff)
From: deven.desai@linux.microsoft.com
To: corbet@lwn.net, axboe@kernel.dk, agk@redhat.com,
snitzer@redhat.com, ebiggers@kernel.org, tytso@mit.edu,
paul@paul-moore.com, eparis@redhat.com, jmorris@namei.org,
serge@hallyn.com
Cc: linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org,
jannh@google.com, linux-fscrypt@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
dm-devel@redhat.com, linux-audit@redhat.com
Subject: [RFC PATCH v7 14/16] scripts: add boot policy generation program
Date: Wed, 13 Oct 2021 12:06:33 -0700 [thread overview]
Message-ID: <1634151995-16266-15-git-send-email-deven.desai@linux.microsoft.com> (raw)
In-Reply-To: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com>
From: Deven Bowers <deven.desai@linux.microsoft.com>
Enables an IPE policy to be enforced from kernel start, enabling access
control based on trust from kernel startup. This is accomplished by
transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a
c-string literal that is parsed at kernel startup as an unsigned policy.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
---
Relevant changes since v6:
* Move patch 01/12 to [14/16] of the series
---
MAINTAINERS | 1 +
scripts/Makefile | 1 +
scripts/ipe/Makefile | 2 +
scripts/ipe/polgen/.gitignore | 1 +
scripts/ipe/polgen/Makefile | 6 ++
scripts/ipe/polgen/polgen.c | 145 ++++++++++++++++++++++++++++++++++
security/ipe/.gitignore | 1 +
security/ipe/Kconfig | 10 +++
security/ipe/Makefile | 13 +++
security/ipe/ctx.c | 18 +++++
10 files changed, 198 insertions(+)
create mode 100644 scripts/ipe/Makefile
create mode 100644 scripts/ipe/polgen/.gitignore
create mode 100644 scripts/ipe/polgen/Makefile
create mode 100644 scripts/ipe/polgen/polgen.c
create mode 100644 security/ipe/.gitignore
diff --git a/MAINTAINERS b/MAINTAINERS
index f1e76f791d47..a84ca781199b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9283,6 +9283,7 @@ INTEGRITY POLICY ENFORCEMENT (IPE)
M: Deven Bowers <deven.desai@linux.microsoft.com>
M: Fan Wu <wufan@linux.microsoft.com>
S: Supported
+F: scripts/ipe/
F: security/ipe/
INTEL 810/815 FRAMEBUFFER DRIVER
diff --git a/scripts/Makefile b/scripts/Makefile
index 9adb6d247818..a31da6d57a36 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -41,6 +41,7 @@ targets += module.lds
subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins
subdir-$(CONFIG_MODVERSIONS) += genksyms
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
+subdir-$(CONFIG_SECURITY_IPE) += ipe
# Let clean descend into subdirs
subdir- += basic dtc gdb kconfig mod
diff --git a/scripts/ipe/Makefile b/scripts/ipe/Makefile
new file mode 100644
index 000000000000..e87553fbb8d6
--- /dev/null
+++ b/scripts/ipe/Makefile
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: GPL-2.0-only
+subdir-y := polgen
diff --git a/scripts/ipe/polgen/.gitignore b/scripts/ipe/polgen/.gitignore
new file mode 100644
index 000000000000..80f32f25d200
--- /dev/null
+++ b/scripts/ipe/polgen/.gitignore
@@ -0,0 +1 @@
+polgen
diff --git a/scripts/ipe/polgen/Makefile b/scripts/ipe/polgen/Makefile
new file mode 100644
index 000000000000..066060c22b4a
--- /dev/null
+++ b/scripts/ipe/polgen/Makefile
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0
+hostprogs-always-y := polgen
+HOST_EXTRACFLAGS += \
+ -I$(srctree)/include \
+ -I$(srctree)/include/uapi \
+
diff --git a/scripts/ipe/polgen/polgen.c b/scripts/ipe/polgen/polgen.c
new file mode 100644
index 000000000000..73cf13e743f7
--- /dev/null
+++ b/scripts/ipe/polgen/polgen.c
@@ -0,0 +1,145 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) Microsoft Corporation. All rights reserved.
+ */
+
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <errno.h>
+
+static void usage(const char *const name)
+{
+ printf("Usage: %s OutputFile (PolicyFile)\n", name);
+ exit(EINVAL);
+}
+
+static int policy_to_buffer(const char *pathname, char **buffer, size_t *size)
+{
+ int rc = 0;
+ FILE *fd;
+ char *lbuf;
+ size_t fsize;
+ size_t read;
+
+ fd = fopen(pathname, "r");
+ if (!fd) {
+ rc = errno;
+ goto out;
+ }
+
+ fseek(fd, 0, SEEK_END);
+ fsize = ftell(fd);
+ rewind(fd);
+
+ lbuf = malloc(fsize);
+ if (!lbuf) {
+ rc = ENOMEM;
+ goto out_close;
+ }
+
+ read = fread((void *)lbuf, sizeof(*lbuf), fsize, fd);
+ if (read != fsize) {
+ rc = -1;
+ goto out_free;
+ }
+
+ *buffer = lbuf;
+ *size = fsize;
+ fclose(fd);
+
+ return rc;
+
+out_free:
+ free(lbuf);
+out_close:
+ fclose(fd);
+out:
+ return rc;
+}
+
+static int write_boot_policy(const char *pathname, const char *buf, size_t size)
+{
+ int rc = 0;
+ FILE *fd;
+ size_t i;
+
+ fd = fopen(pathname, "w");
+ if (!fd) {
+ rc = errno;
+ goto err;
+ }
+
+ fprintf(fd, "/* This file is automatically generated.");
+ fprintf(fd, " Do not edit. */\n");
+ fprintf(fd, "#include <stddef.h>\n");
+ fprintf(fd, "\nextern const char *const ipe_boot_policy;\n\n");
+ fprintf(fd, "const char *const ipe_boot_policy =\n");
+
+ if (!buf || size == 0) {
+ fprintf(fd, "\tNULL;\n");
+ fclose(fd);
+ return 0;
+ }
+
+ fprintf(fd, "\t\"");
+
+ for (i = 0; i < size; ++i) {
+ switch (buf[i]) {
+ case '"':
+ fprintf(fd, "\\\"");
+ break;
+ case '\'':
+ fprintf(fd, "'");
+ break;
+ case '\n':
+ fprintf(fd, "\\n\"\n\t\"");
+ break;
+ case '\\':
+ fprintf(fd, "\\\\");
+ break;
+ case '\t':
+ fprintf(fd, "\\t");
+ break;
+ case '\?':
+ fprintf(fd, "\\?");
+ break;
+ default:
+ fprintf(fd, "%c", buf[i]);
+ }
+ }
+ fprintf(fd, "\";\n");
+ fclose(fd);
+
+ return 0;
+
+err:
+ if (fd)
+ fclose(fd);
+ return rc;
+}
+
+int main(int argc, const char *const argv[])
+{
+ int rc = 0;
+ size_t len = 0;
+ char *policy = NULL;
+
+ if (argc < 2)
+ usage(argv[0]);
+
+ if (argc > 2) {
+ rc = policy_to_buffer(argv[2], &policy, &len);
+ if (rc != 0)
+ goto cleanup;
+ }
+
+ rc = write_boot_policy(argv[1], policy, len);
+cleanup:
+ if (policy)
+ free(policy);
+ if (rc != 0)
+ perror("An error occurred during policy conversion: ");
+ return rc;
+}
diff --git a/security/ipe/.gitignore b/security/ipe/.gitignore
new file mode 100644
index 000000000000..eca22ad5ed22
--- /dev/null
+++ b/security/ipe/.gitignore
@@ -0,0 +1 @@
+boot-policy.c
\ No newline at end of file
diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
index fcf82a8152ec..39df680b67a2 100644
--- a/security/ipe/Kconfig
+++ b/security/ipe/Kconfig
@@ -20,6 +20,16 @@ menuconfig SECURITY_IPE
if SECURITY_IPE
+config IPE_BOOT_POLICY
+ string "Integrity policy to apply on system startup"
+ help
+ This option specifies a filepath to a IPE policy that is compiled
+ into the kernel. This policy will be enforced until a policy update
+ is deployed via the $securityfs/ipe/policies/$policy_name/active
+ interface.
+
+ If unsure, leave blank.
+
choice
prompt "Hash algorithm used in auditing policies"
default IPE_AUDIT_HASH_SHA1
diff --git a/security/ipe/Makefile b/security/ipe/Makefile
index 1e7b2d7fcd9e..89fec670f954 100644
--- a/security/ipe/Makefile
+++ b/security/ipe/Makefile
@@ -7,7 +7,18 @@
ccflags-y := -I$(srctree)/security/ipe/modules
+quiet_cmd_polgen = IPE_POL $(2)
+ cmd_polgen = scripts/ipe/polgen/polgen security/ipe/boot-policy.c $(2)
+
+$(eval $(call config_filename,IPE_BOOT_POLICY))
+
+targets += boot-policy.c
+
+$(obj)/boot-policy.c: scripts/ipe/polgen/polgen $(IPE_BOOT_POLICY_FILENAME) FORCE
+ $(call if_changed,polgen,$(IPE_BOOT_POLICY_FILENAME))
+
obj-$(CONFIG_SECURITY_IPE) += \
+ boot-policy.o \
ctx.o \
eval.o \
fs.o \
@@ -21,3 +32,5 @@ obj-$(CONFIG_SECURITY_IPE) += \
policyfs.o \
obj-$(CONFIG_AUDIT) += audit.o
+
+clean-files := boot-policy.c \
diff --git a/security/ipe/ctx.c b/security/ipe/ctx.c
index fc9b8e467bc9..879acf4ceac5 100644
--- a/security/ipe/ctx.c
+++ b/security/ipe/ctx.c
@@ -15,6 +15,7 @@
#include <linux/spinlock.h>
#include <linux/moduleparam.h>
+extern const char *const ipe_boot_policy;
static bool success_audit;
static bool enforce = true;
@@ -329,6 +330,7 @@ void ipe_put_ctx(struct ipe_context *ctx)
int __init ipe_init_ctx(void)
{
int rc = 0;
+ struct ipe_policy *p = NULL;
struct ipe_context *lns = NULL;
lns = create_ctx();
@@ -342,10 +344,26 @@ int __init ipe_init_ctx(void)
WRITE_ONCE(lns->enforce, enforce);
spin_unlock(&lns->lock);
+ if (ipe_boot_policy) {
+ p = ipe_new_policy(ipe_boot_policy, strlen(ipe_boot_policy),
+ NULL, 0);
+ if (IS_ERR(p)) {
+ rc = PTR_ERR(lns);
+ goto err;
+ }
+
+ ipe_add_policy(lns, p);
+ rc = ipe_set_active_pol(p);
+ if (!rc)
+ goto err;
+ }
+
rcu_assign_pointer(*ipe_tsk_ctx(current), lns);
+ ipe_put_policy(p);
return 0;
err:
+ ipe_put_policy(p);
ipe_put_ctx(lns);
return rc;
}
--
2.33.0
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2021-10-13 19:07 UTC|newest]
Thread overview: 193+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-13 19:06 [RFC PATCH v7 00/16] Integrity Policy Enforcement (IPE) deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-13 19:06 ` [RFC PATCH v7 01/16] security: add ipe lsm & initial context creation deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-27 4:10 ` kernel test robot
2021-10-13 19:06 ` [RFC PATCH v7 02/16] ipe: add policy parser deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-27 5:58 ` kernel test robot
2021-10-13 19:06 ` [RFC PATCH v7 03/16] ipe: add evaluation loop deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-27 8:17 ` kernel test robot
2021-10-13 19:06 ` [RFC PATCH v7 04/16] ipe: add userspace interface deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-11-03 9:42 ` Roberto Sassu
2021-11-03 9:42 ` Roberto Sassu
2021-11-03 9:42 ` [dm-devel] " Roberto Sassu
2021-11-04 16:50 ` Deven Bowers
2021-11-04 16:50 ` Deven Bowers
2021-11-04 16:50 ` [dm-devel] " Deven Bowers
2021-10-13 19:06 ` [RFC PATCH v7 05/16] ipe: add LSM hooks on execution and kernel read deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-13 20:04 ` Casey Schaufler
2021-10-13 20:04 ` [dm-devel] " Casey Schaufler
2021-10-13 20:04 ` Casey Schaufler
2021-10-15 19:25 ` Deven Bowers
2021-10-15 19:25 ` Deven Bowers
2021-10-15 19:25 ` [dm-devel] " Deven Bowers
2021-10-25 12:22 ` Roberto Sassu
2021-10-25 12:22 ` Roberto Sassu
2021-10-25 12:22 ` [dm-devel] " Roberto Sassu
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` [dm-devel] " Deven Bowers
2021-10-27 8:56 ` Roberto Sassu
2021-10-27 8:56 ` Roberto Sassu
2021-10-27 8:56 ` [dm-devel] " Roberto Sassu
2021-10-13 19:06 ` [RFC PATCH v7 06/16] uapi|audit: add trust audit message definitions deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-13 19:06 ` [RFC PATCH v7 07/16] ipe: add auditing support deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-13 20:02 ` Steve Grubb
2021-10-13 20:02 ` [dm-devel] " Steve Grubb
2021-10-13 20:02 ` Steve Grubb
2021-10-15 19:25 ` Deven Bowers
2021-10-15 19:25 ` Deven Bowers
2021-10-15 19:25 ` [dm-devel] " Deven Bowers
2021-11-02 19:44 ` Steve Grubb
2021-11-02 19:44 ` [dm-devel] " Steve Grubb
2021-11-02 19:44 ` Steve Grubb
2021-11-04 16:59 ` Deven Bowers
2021-11-04 16:59 ` Deven Bowers
2021-11-04 16:59 ` [dm-devel] " Deven Bowers
2021-10-13 22:54 ` Randy Dunlap
2021-10-13 22:54 ` Randy Dunlap
2021-10-13 22:54 ` [dm-devel] " Randy Dunlap
2021-10-15 19:25 ` Deven Bowers
2021-10-15 19:25 ` Deven Bowers
2021-10-15 19:25 ` [dm-devel] " Deven Bowers
2021-10-15 19:50 ` Randy Dunlap
2021-10-15 19:50 ` Randy Dunlap
2021-10-15 19:50 ` [dm-devel] " Randy Dunlap
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` [dm-devel] " Deven Bowers
2021-10-13 19:06 ` [RFC PATCH v7 08/16] ipe: add permissive toggle deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-13 19:06 ` [RFC PATCH v7 09/16] ipe: introduce 'boot_verified' as a trust provider deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-13 19:06 ` [RFC PATCH v7 10/16] fs|dm-verity: add block_dev LSM blob and submit dm-verity data deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-13 19:06 ` [RFC PATCH v7 11/16] ipe: add support for dm-verity as a trust provider deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-11-25 9:37 ` Roberto Sassu
2021-11-25 9:37 ` Roberto Sassu
2021-11-25 9:37 ` [dm-devel] " Roberto Sassu
2021-11-30 18:55 ` Deven Bowers
2021-11-30 18:55 ` Deven Bowers
2021-11-30 18:55 ` [dm-devel] " Deven Bowers
2021-12-01 16:37 ` [RFC][PATCH] device mapper: Add builtin function dm_get_status() Roberto Sassu
2021-12-01 16:37 ` Roberto Sassu
2021-12-01 16:37 ` [dm-devel] " Roberto Sassu
2021-12-01 16:43 ` Roberto Sassu
2021-12-01 16:43 ` Roberto Sassu
2021-12-01 16:43 ` [dm-devel] " Roberto Sassu
2021-12-02 7:20 ` Christoph Hellwig
2021-12-02 7:20 ` Christoph Hellwig
2021-12-02 7:20 ` [dm-devel] " Christoph Hellwig
2021-12-02 7:59 ` Roberto Sassu
2021-12-02 7:59 ` Roberto Sassu
2021-12-02 7:59 ` [dm-devel] " Roberto Sassu
2021-12-02 8:44 ` Christoph Hellwig
2021-12-02 8:44 ` Christoph Hellwig
2021-12-02 8:44 ` [dm-devel] " Christoph Hellwig
2021-12-02 9:29 ` Roberto Sassu
2021-12-02 9:29 ` Roberto Sassu
2021-12-02 9:29 ` [dm-devel] " Roberto Sassu
2021-12-03 6:52 ` Christoph Hellwig
2021-12-03 6:52 ` Christoph Hellwig
2021-12-03 6:52 ` [dm-devel] " Christoph Hellwig
2021-12-03 10:20 ` Roberto Sassu
2021-12-03 10:20 ` Roberto Sassu
2021-12-03 10:20 ` [dm-devel] " Roberto Sassu
2021-12-06 10:57 ` Roberto Sassu
2021-12-06 10:57 ` Roberto Sassu
2021-12-06 10:57 ` [dm-devel] " Roberto Sassu
2021-10-13 19:06 ` [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-13 19:24 ` Eric Biggers
2021-10-13 19:24 ` Eric Biggers
2021-10-13 19:24 ` [dm-devel] " Eric Biggers
2021-10-15 19:25 ` Deven Bowers
2021-10-15 19:25 ` Deven Bowers
2021-10-15 19:25 ` [dm-devel] " Deven Bowers
2021-10-15 20:11 ` Eric Biggers
2021-10-15 20:11 ` Eric Biggers
2021-10-15 20:11 ` [dm-devel] " Eric Biggers
2021-10-20 15:08 ` Roberto Sassu
2021-10-20 15:08 ` [dm-devel] " Roberto Sassu
2021-10-20 15:08 ` Roberto Sassu
2021-10-22 16:31 ` Roberto Sassu
2021-10-22 16:31 ` Roberto Sassu
2021-10-22 16:31 ` [dm-devel] " Roberto Sassu
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` [dm-devel] " Deven Bowers
2021-10-27 8:41 ` Roberto Sassu
2021-10-27 8:41 ` Roberto Sassu
2021-10-27 8:41 ` [dm-devel] " Roberto Sassu
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` [dm-devel] " Deven Bowers
2021-10-27 9:34 ` Roberto Sassu
2021-10-27 9:34 ` Roberto Sassu
2021-10-27 9:34 ` [dm-devel] " Roberto Sassu
2021-10-28 3:48 ` Eric Biggers
2021-10-28 3:48 ` Eric Biggers
2021-10-28 3:48 ` [dm-devel] " Eric Biggers
2021-10-28 18:11 ` Deven Bowers
2021-10-28 18:11 ` Deven Bowers
2021-10-28 18:11 ` [dm-devel] " Deven Bowers
2021-11-03 12:28 ` Roberto Sassu
2021-11-03 12:28 ` Roberto Sassu
2021-11-03 12:28 ` [dm-devel] " Roberto Sassu
2021-11-04 17:12 ` Deven Bowers
2021-11-04 17:12 ` [dm-devel] " Deven Bowers
2021-11-04 17:12 ` Deven Bowers
2021-10-13 19:06 ` [RFC PATCH v7 13/16] ipe: enable support for fs-verity as a trust provider deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-27 11:55 ` kernel test robot
2021-10-13 19:06 ` deven.desai [this message]
2021-10-13 19:06 ` [RFC PATCH v7 14/16] scripts: add boot policy generation program deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-11-03 16:43 ` Roberto Sassu
2021-11-03 16:43 ` Roberto Sassu
2021-11-03 16:43 ` [dm-devel] " Roberto Sassu
2021-11-03 16:53 ` Roberto Sassu
2021-11-03 16:53 ` Roberto Sassu
2021-11-03 16:53 ` [dm-devel] " Roberto Sassu
2021-11-04 16:52 ` Deven Bowers
2021-11-04 16:52 ` Deven Bowers
2021-11-04 16:52 ` [dm-devel] " Deven Bowers
2021-10-13 19:06 ` [RFC PATCH v7 15/16] ipe: kunit tests deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-13 19:06 ` [RFC PATCH v7 16/16] documentation: add ipe documentation deven.desai
2021-10-13 19:06 ` deven.desai
2021-10-13 19:06 ` [dm-devel] " deven.desai
2021-10-25 11:30 ` [RFC PATCH v7 00/16] Integrity Policy Enforcement (IPE) Roberto Sassu
2021-10-25 11:30 ` Roberto Sassu
2021-10-25 11:30 ` [dm-devel] " Roberto Sassu
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` Deven Bowers
2021-10-26 19:03 ` [dm-devel] " Deven Bowers
2021-10-27 8:26 ` Roberto Sassu
2021-10-27 8:26 ` Roberto Sassu
2021-10-27 8:26 ` [dm-devel] " Roberto Sassu
2021-10-28 20:36 ` Deven Bowers
2021-10-28 20:36 ` Deven Bowers
2021-10-28 20:36 ` [dm-devel] " Deven Bowers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1634151995-16266-15-git-send-email-deven.desai@linux.microsoft.com \
--to=deven.desai@linux.microsoft.com \
--cc=agk@redhat.com \
--cc=axboe@kernel.dk \
--cc=corbet@lwn.net \
--cc=dm-devel@redhat.com \
--cc=ebiggers@kernel.org \
--cc=eparis@redhat.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=linux-audit@redhat.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=snitzer@redhat.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.