Linux system leaving the system unable to boot
with SELinux in enforcing mode.
Acked-by: Paul Moore
> diff --git a/crypto/af_alg.c b/crypto/af_alg.c
> index 966f893..6a3ad80 100644
> --- a/crypto/af_alg.c
> +++ b/crypto/af_alg.c
> @@ -21,6 +21,7 @@
> #include
> #inc
On Fri, Dec 15, 2023 at 6:07 AM David Gstir wrote:
>
> This is a revival of the previous patch set submitted by Richard Weinberger:
> https://lore.kernel.org/linux-integrity/20210614201620.30451-1-rich...@nod.at/
>
> v4 is here:
> https://lore.kernel.org/keyrings/20231024162024.51260-1-da...@sigma
On Fri, Jan 3, 2025 at 6:14 PM Eric Snowberg wrote:
> > On Dec 23, 2024, at 5:09 AM, Mimi Zohar wrote:
...
> > My main concern is not with Clavis per-se, but that the LSM
> > infrastructure allows configuring all the LSMs, but enabling at build time
> > and
> > modifying at runtime a subset of
On Thu, Mar 20, 2025 at 12:29 PM Eric Snowberg wrote:
> > On Mar 6, 2025, at 7:46 PM, Paul Moore wrote:
> > On March 6, 2025 5:29:36 PM Eric Snowberg wrote:
...
> >> Does this mean Microsoft will begin signing shims in the future without
> >> the lockdown req
On Fri, Mar 21, 2025 at 12:45 PM Blaise Boscaccy
wrote:
>
> This patch series introduces the Hornet LSM.
>
> Hornet takes a simple approach to light-skeleton-based eBPF signature
> verification. Signature data can be easily generated for the binary
> data that is generated via bpftool gen -L. This
On Sat, Mar 22, 2025 at 4:44 PM Paul Moore wrote:
>
> On Sat, Mar 22, 2025 at 1:22 PM Jarkko Sakkinen wrote:
> > On Fri, Mar 21, 2025 at 09:45:02AM -0700, Blaise Boscaccy wrote:
> > > This patch series introduces the Hornet LSM.
> > >
> > > Hornet takes a
On Sat, Mar 22, 2025 at 1:22 PM Jarkko Sakkinen wrote:
> On Fri, Mar 21, 2025 at 09:45:02AM -0700, Blaise Boscaccy wrote:
> > This patch series introduces the Hornet LSM.
> >
> > Hornet takes a simple approach to light-skeleton-based eBPF signature
>
> Can you define "light-skeleton-based" before
On Fri, Mar 21, 2025 at 5:21 PM Eric Snowberg wrote:
> > On Mar 21, 2025, at 12:57 PM, Paul Moore wrote:
> ...
> > , but I will note that I don't recall you offering to step
> > up and maintain Lockdown anywhere in this thread.
>
> I didn't realize that try
On Fri, Mar 21, 2025 at 12:37 PM Eric Snowberg wrote:
> > On Mar 20, 2025, at 3:36 PM, Paul Moore wrote:
> > On Thu, Mar 20, 2025 at 12:29 PM Eric Snowberg
> > wrote:
> >>> On Mar 6, 2025, at 7:46 PM, Paul Moore wrote:
> >>> On March 6, 2
On Apr 4, 2025 Blaise Boscaccy wrote:
>
> This adds the Hornet Linux Security Module which provides signature
> verification of eBPF programs. This allows users to continue to
> maintain an invariant that all code running inside of the kernel has
> been signed.
>
> The primary target for signat
On Mon, Apr 14, 2025 at 4:46 PM Blaise Boscaccy
wrote:
> Paul Moore writes:
> > On Apr 4, 2025 Blaise Boscaccy wrote:
...
> >> +static int hornet_check_binary(struct bpf_prog *prog, union bpf_attr
> >> *attr,
> >> +
On Mon, Apr 21, 2025 at 7:48 PM Alexei Starovoitov
wrote:
> On Mon, Apr 21, 2025 at 3:04 PM Paul Moore wrote:
> > On Mon, Apr 21, 2025 at 4:13 PM Alexei Starovoitov
> > wrote:
> > > On Wed, Apr 16, 2025 at 10:31 AM Blaise Boscaccy
> > > wrote:
> >
On Wed, Apr 23, 2025 at 10:12 AM James Bottomley
wrote:
> On Mon, 2025-04-21 at 13:12 -0700, Alexei Starovoitov wrote:
> [...]
> > Calling bpf_map_get() and
> > map->ops->map_lookup_elem() from a module is not ok either.
>
> I don't understand this objection. The program just got passed in to
> b
On Sat, Apr 12, 2025 at 9:58 AM Blaise Boscaccy
wrote:
> Alexei Starovoitov writes:
> > On Fri, Apr 4, 2025 at 2:56 PM Blaise Boscaccy
> > wrote:
...
> > Above are serious layering violations.
> > LSMs should not be looking that deep into bpf instructions.
>
> These aren't BPF internals; this
On Sun, May 4, 2025 at 7:25 PM KP Singh wrote:
> On Sun, May 4, 2025 at 7:36 PM Paul Moore wrote:
> > On Fri, May 2, 2025 at 5:00 PM KP Singh wrote:
...
> > > ... here's how we think it should be done:
> > >
> > > * The core signing logic and the
On Fri, May 2, 2025 at 5:00 PM KP Singh wrote:
>
> > This patch series introduces the Hornet LSM. The goal of Hornet is to
> > provide
> > a signature verification mechanism for eBPF programs.
> >
>
> [...]
>
> >
> > References: [1]
> > https://lore.kernel.org/bpf/20220209054315.73833-1-alexei.st
On Fri, May 2, 2025 at 2:44 PM Blaise Boscaccy
wrote:
>
> This adds the Hornet Linux Security Module which provides signature
> verification of eBPF programs. This allows users to continue to
> maintain an invariant that all code running inside of the kernel has
> been signed.
>
> The primary targ
On Mon, May 5, 2025 at 4:41 PM KP Singh wrote:
> On Mon, May 5, 2025 at 7:30 PM Blaise Boscaccy
> wrote:
> >
> > KP Singh writes:
> >
> > [...]
> >
> > > Now if you really care about the use-case and want to work with the
> > > maintainers
> > > and implement signing for the community, here's h
On Tue, Apr 15, 2025 at 3:08 PM Blaise Boscaccy
wrote:
> ... would you be ammenable to a simple patch in
> skel_internal.h that freezes maps? e.g
I have limited network access at the moment, so it is possible I've
missed it, but I think it would be helpful to get a verdict on the
RFC-esque patch
On Mon, Apr 21, 2025 at 4:13 PM Alexei Starovoitov
wrote:
> On Wed, Apr 16, 2025 at 10:31 AM Blaise Boscaccy
> wrote:
> >
> > > Hacking into bpf internal objects like maps is not acceptable.
> >
> > We've heard your concerns about kern_sys_bpf and we agree that the LSM
> > should not be calling i
On Sat, Apr 19, 2025 at 2:43 PM James Bottomley
wrote:
> On Fri, 2025-04-04 at 14:54 -0700, Blaise Boscaccy wrote:
> [...]
> > diff --git a/include/linux/kernel_read_file.h
> > b/include/linux/kernel_read_file.h
> > index 90451e2e12bd..7ed9337be542 100644
> > --- a/include/linux/kernel_read_file.h
On Fri, Feb 28, 2025 at 12:19 PM Mimi Zohar wrote:
> On Fri, 2025-02-28 at 11:14 -0500, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 9:09 AM Mimi Zohar wrote:
> > > On Thu, 2025-02-27 at 17:22 -0500, Paul Moore wrote:
...
> Ok, let's go through different scenario
On Fri, Feb 28, 2025 at 12:52 PM Eric Snowberg wrote:
> > On Feb 28, 2025, at 9:14 AM, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 9:09 AM Mimi Zohar wrote:
> >> On Thu, 2025-02-27 at 17:22 -0500, Paul Moore wrote:
> >>>
> >>> I'd still als
On Tue, Mar 4, 2025 at 7:54 AM Mimi Zohar wrote:
> On Mon, 2025-03-03 at 17:38 -0500, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 12:19 PM Mimi Zohar wrote:
> > > On Fri, 2025-02-28 at 11:14 -0500, Paul Moore wrote:
> > > > On Fri, Feb 28, 2025 at 9:09 AM Mimi
On Tue, Mar 4, 2025 at 9:47 AM Eric Snowberg wrote:
> > On Mar 3, 2025, at 3:40 PM, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 12:52 PM Eric Snowberg
> > wrote:
> >>> On Feb 28, 2025, at 9:14 AM, Paul Moore wrote:
> >>> On Fri, Feb 28, 2025 at 9:09
On Wed, Mar 5, 2025 at 4:30 PM Eric Snowberg wrote:
> > On Mar 4, 2025, at 5:23 PM, Paul Moore wrote:
> > On Tue, Mar 4, 2025 at 9:47 AM Eric Snowberg
> > wrote:
> >>> On Mar 3, 2025, at 3:40 PM, Paul Moore wrote:
> >>> On Fri, Feb 28, 2025 at 12:52
On March 6, 2025 5:29:36 PM Eric Snowberg wrote:
On Mar 5, 2025, at 6:12 PM, Paul Moore wrote:
On Wed, Mar 5, 2025 at 4:30 PM Eric Snowberg wrote:
On Mar 4, 2025, at 5:23 PM, Paul Moore wrote:
On Tue, Mar 4, 2025 at 9:47 AM Eric Snowberg wrote:
On Mar 3, 2025, at 3:40 PM, Paul Moore
On Thu, Feb 27, 2025 at 3:41 PM Mimi Zohar wrote:
> On Mon, 2025-01-06 at 17:15 +, Eric Snowberg wrote:
> > > On Jan 5, 2025, at 8:40 PM, Paul Moore wrote:
> > > On Fri, Jan 3, 2025 at 11:48 PM Paul Moore wrote:
> > > >
> > > > Regardless, b
On Fri, Feb 28, 2025 at 9:09 AM Mimi Zohar wrote:
> On Thu, 2025-02-27 at 17:22 -0500, Paul Moore wrote:
> >
> > I'd still also like to see some discussion about moving towards the
> > addition of keyrings oriented towards usage instead of limiting
> > ourselves
On Tue, Mar 4, 2025 at 9:20 PM Mimi Zohar wrote:
> On Tue, 2025-03-04 at 21:09 -0500, Paul Moore wrote:
> > On Tue, Mar 4, 2025 at 8:50 PM Mimi Zohar wrote:
> > > On Tue, 2025-03-04 at 19:19 -0500, Paul Moore wrote:
> > > > On Tue, Mar 4, 2025 at 7:54 AM Mimi Zohar
On Tue, Mar 4, 2025 at 8:50 PM Mimi Zohar wrote:
> On Tue, 2025-03-04 at 19:19 -0500, Paul Moore wrote:
> > On Tue, Mar 4, 2025 at 7:54 AM Mimi Zohar wrote:
> > > On Mon, 2025-03-03 at 17:38 -0500, Paul Moore wrote:
> > > > On Fri, Feb 28, 2025 at 12:19 PM Mimi
On Tue, Mar 4, 2025 at 5:25 PM Jarkko Sakkinen wrote:
> On Mon, Mar 03, 2025 at 05:40:54PM -0500, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 12:52 PM Eric Snowberg
> > wrote:
> > > > On Feb 28, 2025, at 9:14 AM, Paul Moore wrote:
> > > > On Fri, Fe
On Fri, Mar 21, 2025 at 1:22 PM Jarkko Sakkinen wrote:
> On Thu, Mar 20, 2025 at 05:36:41PM -0400, Paul Moore wrote:
...
> > I want to address two things, the first, and most important, is that
> > while I am currently employed by Microsoft, I do not speak for
> > Micros
On March 21, 2025 6:56:53 PM Eric Snowberg wrote:
On Mar 21, 2025, at 4:13 PM, Paul Moore wrote:
On Fri, Mar 21, 2025 at 5:21 PM Eric Snowberg wrote:
On Mar 21, 2025, at 12:57 PM, Paul Moore wrote:
...
, but I will note that I don't recall you offering to step
up and maintain Loc
On Fri, Mar 21, 2025 at 12:46 PM Blaise Boscaccy
wrote:
>
> This adds the Hornet Linux Security Module which provides signature
> verification of eBPF programs.
>
> Hornet uses a similar signature verification scheme similar to that of
> kernel modules. A pkcs#7 signature is appended to the end of
On Wed, May 7, 2025 at 1:48 PM James Bottomley
wrote:
>
> I'm with Paul on this: if you could share your design ideas more fully
> than you have above that would help make this debate way more
> technical.
I think it would also help some of us, at the very least me, put your
objections into conte
On Thu, May 8, 2025 at 1:45 PM Alexei Starovoitov
wrote:
> On Wed, May 7, 2025 at 4:24 PM Paul Moore wrote:
> > On Wed, May 7, 2025 at 1:48 PM James Bottomley
> > wrote:
> > >
> > > I'm with Paul on this: if you could share your design ideas more fully
>
On Sat, May 10, 2025 at 10:01 PM KP Singh wrote:
>
...
> The signature check in the verifier (during BPF_PROG_LOAD):
>
> verify_pkcs7_signature(prog->aux->sha, sizeof(prog->aux->sha),
> sig_from_bpf_attr, …);
I think we still need to clarify the authorization aspect of your
proposed design.
On Wed, May 14, 2025 at 2:48 PM KP Singh wrote:
> On Wed, May 14, 2025 at 5:06 AM Paul Moore wrote:
> > On Sat, May 10, 2025 at 10:01 PM KP Singh wrote:
> > >
> >
> > ...
> >
> > > The signature check in the verifier (during BPF_PROG_LOAD):
> >
On Fri, May 16, 2025 at 7:49 PM Alexei Starovoitov
wrote:
> On Fri, May 16, 2025 at 12:49 PM Paul Moore wrote:
> >
> > I think we need some clarification on a few of these details, it would
> > be good if you could answer the questions below about the
> > authoriza
On May 17, 2025 12:13:50 PM Alexei Starovoitov
wrote:
On Sat, May 17, 2025 at 8:03 AM Paul Moore wrote:
On Fri, May 16, 2025 at 7:49 PM Alexei Starovoitov
wrote:
On Fri, May 16, 2025 at 12:49 PM Paul Moore wrote:
I think we need some clarification on a few of these details, it would
be
On Mon, May 19, 2025 at 6:20 PM KP Singh wrote:
> On Sun, May 18, 2025 at 11:34 PM Paul Moore wrote:
> > On Sun, May 18, 2025 at 11:52 AM Alexei Starovoitov
> > wrote:
> > > On Sat, May 17, 2025 at 10:49 PM Paul Moore wrote:
> > > > On May 17, 2025 12:13:50
On Sun, May 18, 2025 at 11:52 AM Alexei Starovoitov
wrote:
> On Sat, May 17, 2025 at 10:49 PM Paul Moore wrote:
> > On May 17, 2025 12:13:50 PM Alexei Starovoitov
> > wrote:
> > > On Sat, May 17, 2025 at 8:03 AM Paul Moore wrote:
> > >> On Fri, May 16
On Mon, May 19, 2025 at 6:58 PM Paul Moore wrote:
>
> When the kernel performs a security relevant operation, such as
> verifying the signature on a BPF program, where the result of the
> operation serves as input to a policy decision, system measurement,
> audit event, etc. the LS
On Wed, May 28, 2025 at 8:19 AM David Howells wrote:
>
> Hi Linus,
>
> Could you apply this, please? There shouldn't be any functional change,
> rather it's a switch to using combined bit-barrier ops and lesser barriers.
> A better way to do this might be to provide set_bit_release(), but the end
On Wed, Jun 11, 2025 at 5:12 AM Herbert Xu wrote:
> On Tue, Jun 10, 2025 at 08:22:59PM -0400, Paul Moore wrote:
> >
> > It doesn't look like this has made its way to Linus. David or Jarkko,
> > do one of you want to pick this up into a tree and send this to Linus
>
46 matches
Mail list logo
