Re: Linux IMA documentation

2023-09-13 Thread Roberto Sassu
On Wed, 2023-09-06 at 16:54 -0400, Ken Goldman wrote: > Jonathan: What should be my next step? > > On 9/4/2023 5:52 PM, Jarkko Sakkinen wrote: > > On Fri Sep 1, 2023 at 12:46 AM EEST, Ken Goldman wrote: > > > Thank you. > > > > > > Do you know the process for getting this accepted into the kerne

Re: [PATCH v3 25/25] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache

2023-09-15 Thread Roberto Sassu
On Tue, 2023-09-12 at 12:19 -0400, Stefan Berger wrote: > On 9/4/23 09:40, Roberto Sassu wrote: > > From: Roberto Sassu > > > > Before the security field of kernel objects could be shared among LSMs with > > the LSM stacking feature, IMA and EVM had to rely on an alter

Re: [PATCH v3 12/25] security: Introduce inode_post_setattr hook

2023-09-26 Thread Roberto Sassu
On Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote: > From: Roberto Sassu > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the inode_post_setattr hook. > > It is useful for EVM to recalculate the HMAC on modified file attributes > an

Re: [PATCH v3 20/25] security: Introduce key_post_create_or_update hook

2023-09-26 Thread Roberto Sassu
On Mon, 2023-09-04 at 15:40 +0200, Roberto Sassu wrote: > From: Roberto Sassu > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the key_post_create_or_update hook. > > It is useful for IMA to measure the key content after creation or update

Re: [PATCH v3 04/25] ima: Align ima_file_mprotect() definition with LSM infrastructure

2023-10-11 Thread Roberto Sassu
On Wed, 2023-10-11 at 10:51 -0400, Mimi Zohar wrote: > On Mon, 2023-09-04 at 15:33 +0200, Roberto Sassu wrote: > > From: Roberto Sassu > > > > Change ima_file_mprotect() definition, so that it can be registered > > as implementation of the file_mprotect hook. >

Re: [PATCH v3 02/25] ima: Align ima_post_path_mknod() definition with LSM infrastructure

2023-10-11 Thread Roberto Sassu
On Wed, 2023-10-11 at 10:38 -0400, Mimi Zohar wrote: > On Mon, 2023-09-04 at 15:33 +0200, Roberto Sassu wrote: > > From: Roberto Sassu > > > > Change ima_post_path_mknod() definition, so that it can be registered as > > implementation of the path_post_mknod hook. Sinc

Re: [PATCH v3 02/25] ima: Align ima_post_path_mknod() definition with LSM infrastructure

2023-10-12 Thread Roberto Sassu
On Wed, 2023-10-11 at 15:01 -0400, Mimi Zohar wrote: > On Wed, 2023-10-11 at 18:02 +0200, Roberto Sassu wrote: > > On Wed, 2023-10-11 at 10:38 -0400, Mimi Zohar wrote: > > > On Mon, 2023-09-04 at 15:33 +0200, Roberto Sassu wrote: > > > > From: Roberto

Re: [PATCH v3 12/25] security: Introduce inode_post_setattr hook

2023-10-12 Thread Roberto Sassu
On Wed, 2023-10-11 at 20:08 -0400, Mimi Zohar wrote: > gOn Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote: > > From: Roberto Sassu > > > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > > the inode_post_setattr hook. > > > &

Re: [PATCH v3 02/25] ima: Align ima_post_path_mknod() definition with LSM infrastructure

2023-10-12 Thread Roberto Sassu
On Thu, 2023-10-12 at 07:42 -0400, Mimi Zohar wrote: > On Thu, 2023-10-12 at 09:29 +0200, Roberto Sassu wrote: > > On Wed, 2023-10-11 at 15:01 -0400, Mimi Zohar wrote: > > > On Wed, 2023-10-11 at 18:02 +0200, Roberto Sassu wrote: > > > > On Wed, 2023-10-11 at

Re: [PATCH v3 12/25] security: Introduce inode_post_setattr hook

2023-10-12 Thread Roberto Sassu
On Thu, 2023-10-12 at 07:43 -0400, Mimi Zohar wrote: > On Thu, 2023-10-12 at 09:42 +0200, Roberto Sassu wrote: > > On Wed, 2023-10-11 at 20:08 -0400, Mimi Zohar wrote: > > > gOn Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote: > > > > From: Roberto Sassu >

Re: [PATCH v3 14/25] security: Introduce file_post_open hook

2023-10-12 Thread Roberto Sassu
On Thu, 2023-10-12 at 08:36 -0400, Mimi Zohar wrote: > On Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote: > > From: Roberto Sassu > > > > In preparation to move IMA and EVM to the LSM infrastructure, introduce the > > file_post_open hook. Also, export securi

Re: [PATCH v3 02/25] ima: Align ima_post_path_mknod() definition with LSM infrastructure

2023-10-12 Thread Roberto Sassu
On Thu, 2023-10-12 at 09:25 -0400, Mimi Zohar wrote: > On Thu, 2023-10-12 at 14:19 +0200, Roberto Sassu wrote: > > On Thu, 2023-10-12 at 07:42 -0400, Mimi Zohar wrote: > > > On Thu, 2023-10-12 at 09:29 +0200, Roberto Sassu wrote: > > > > On Wed, 2023-10-11 at

Re: [PATCH v3 14/25] security: Introduce file_post_open hook

2023-10-12 Thread Roberto Sassu
On Thu, 2023-10-12 at 09:35 -0400, Mimi Zohar wrote: > On Thu, 2023-10-12 at 14:45 +0200, Roberto Sassu wrote: > > On Thu, 2023-10-12 at 08:36 -0400, Mimi Zohar wrote: > > > On Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote: > > > > From: Roberto Sassu > >

Re: [PATCH v3 02/25] ima: Align ima_post_path_mknod() definition with LSM infrastructure

2023-10-13 Thread Roberto Sassu
On Thu, 2023-10-12 at 13:10 -0400, Mimi Zohar wrote: > > > > > > We need to make sure that ima_post_path_mknod() has the > > > > > > same parameters > > > > > > as the LSM hook at the time we register it to the LSM > > > > > > infrastructure. > > > > > > > > > > I'm trying to understand why the pr

Re: [PATCH v3 25/25] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache

2023-10-13 Thread Roberto Sassu
On Fri, 2023-09-15 at 11:39 +0200, Roberto Sassu wrote: > On Tue, 2023-09-12 at 12:19 -0400, Stefan Berger wrote: > > On 9/4/23 09:40, Roberto Sassu wrote: > > > From: Roberto Sassu > > > > > > Before the security field of kernel objects could be shared

Re: [PATCH v15 00/11] LSM: Three basic syscalls

2023-10-17 Thread Roberto Sassu
On Tue, 2023-10-17 at 11:58 -0400, Paul Moore wrote: > On Tue, Oct 17, 2023 at 3:01 AM Roberto Sassu > wrote: > > On Mon, 2023-10-16 at 11:06 -0400, Paul Moore wrote: > > > On Mon, Oct 16, 2023 at 8:05 AM Roberto Sassu > > > wrote: > > > > > > >

Re: [PATCH v15 00/11] LSM: Three basic syscalls

2023-10-18 Thread Roberto Sassu
On Tue, 2023-10-17 at 18:07 +0200, Roberto Sassu wrote: > On Tue, 2023-10-17 at 11:58 -0400, Paul Moore wrote: > > On Tue, Oct 17, 2023 at 3:01 AM Roberto Sassu > > wrote: > > > On Mon, 2023-10-16 at 11:06 -0400, Paul Moore wrote: > > > > On Mon, O

Re: [PATCH v15 00/11] LSM: Three basic syscalls

2023-10-18 Thread Roberto Sassu
On 10/18/2023 3:09 PM, Mimi Zohar wrote: On Wed, 2023-10-18 at 11:31 +0200, Roberto Sassu wrote: On Tue, 2023-10-17 at 18:07 +0200, Roberto Sassu wrote: On Tue, 2023-10-17 at 11:58 -0400, Paul Moore wrote: On Tue, Oct 17, 2023 at 3:01 AM Roberto Sassu wrote: On Mon, 2023-10-16 at 11:06

Re: [PATCH v15 00/11] LSM: Three basic syscalls

2023-10-19 Thread Roberto Sassu
On Wed, 2023-10-18 at 16:40 -0400, Paul Moore wrote: > On Wed, Oct 18, 2023 at 4:23 PM Mimi Zohar wrote: > > On Wed, 2023-10-18 at 12:35 -0400, Paul Moore wrote: > > > On Wed, Oct 18, 2023 at 10:15 AM Roberto Sassu > > > wrote: > > > >

Re: [PATCH v15 00/11] LSM: Three basic syscalls

2023-10-19 Thread Roberto Sassu
On Wed, 2023-10-18 at 16:14 +0200, Roberto Sassu wrote: > On 10/18/2023 3:09 PM, Mimi Zohar wrote: > > On Wed, 2023-10-18 at 11:31 +0200, Roberto Sassu wrote: > > > On Tue, 2023-10-17 at 18:07 +0200, Roberto Sassu wrote: > > > > On Tue, 2023-10-17 at 11:58 -0400, Paul

Re: RFC: New LSM to control usage of x509 certificates

2023-10-20 Thread Roberto Sassu
On Fri, 2023-10-20 at 17:05 +0200, Mickaël Salaün wrote: > On Thu, Oct 19, 2023 at 11:08:38PM +, Eric Snowberg wrote: > > > > > > > On Oct 19, 2023, at 3:12 AM, Mickaël Salaün wrote: > > > > > > On Wed, Oct 18, 2023 at 11:12:45PM +, Eric Snowberg wrote: > > > > > > > > > > > > > On Oc

[PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation

2023-10-26 Thread Roberto Sassu
From: Roberto Sassu Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT calculation, used to limit how many LSMs can invoke security_add_hooks(). Signed-off-by: Roberto Sassu --- security/security.c | 1 - 1 file changed, 1 deletion(-) diff --git a/security/securit

Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation

2023-10-26 Thread Roberto Sassu
On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote: > On Oct 26, 2023 Roberto Sassu wrote: > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > > calculation, used to limit how many LSMs can invoke security_add_hooks(). > >

[PATCH v4 00/23] security: Move IMA and EVM to the LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu IMA and EVM are not effectively LSMs, especially due to the fact that in the past they could not provide a security blob while there is another LSM active. That changed in the recent years, the LSM stacking feature now makes it possible to stack together multiple LSMs, and

[PATCH v4 01/23] ima: Align ima_inode_post_setattr() definition with LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Change ima_inode_post_setattr() definition, so that it can be registered as implementation of the inode_post_setattr hook (to be introduced). Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- fs/attr.c | 2 +- include/linux/ima.h

[PATCH v4 02/23] ima: Align ima_file_mprotect() definition with LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Change ima_file_mprotect() definition, so that it can be registered as implementation of the file_mprotect hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- include/linux/ima.h | 5 +++-- security/integrity/ima/ima_main.c | 6 -- security

[PATCH v4 03/23] ima: Align ima_inode_setxattr() definition with LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Change ima_inode_setxattr() definition, so that it can be registered as implementation of the inode_setxattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar --- include/linux/ima.h | 11 +++ security

[PATCH v4 06/23] evm: Align evm_inode_post_setattr() definition with LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Change evm_inode_post_setattr() definition, so that it can be registered as implementation of the inode_post_setattr hook (to be introduced). Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- fs/attr.c | 2 +- include/linux/evm.h

[PATCH v4 05/23] ima: Align ima_post_read_file() definition with LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Change ima_post_read_file() definition, by making "void *buf" a "char *buf", so that it can be registered as implementation of the post_read_file hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- include/linux/ima.h

[PATCH v4 04/23] ima: Align ima_inode_removexattr() definition with LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Change ima_inode_removexattr() definition, so that it can be registered as implementation of the inode_removexattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- include/linux/ima.h | 7 +-- security/integrity/ima/ima_appraise.c

[PATCH v4 08/23] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Change evm_inode_post_setxattr() definition, so that it can be registered as implementation of the inode_post_setxattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar --- include/linux/evm.h | 8 +--- security

[PATCH v4 09/23] security: Align inode_setattr hook definition with EVM

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Add the idmap parameter to the definition, so that evm_inode_setattr() can be registered as this hook implementation. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Acked-by: Casey Schaufler Reviewed-by: Mimi Zohar --- include/linux/lsm_hook_defs.h | 3

[PATCH v4 07/23] evm: Align evm_inode_setxattr() definition with LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Change evm_inode_setxattr() definition, so that it can be registered as implementation of the inode_setxattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar --- include/linux/evm.h | 4 ++-- security/integrity/evm

[PATCH v4 10/23] security: Introduce inode_post_setattr hook

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_setattr hook. At inode_setattr hook, EVM verifies the file's existing HMAC value. At inode_post_setattr, EVM re-calculates the file's HMAC based on the modified file attr

[PATCH v4 11/23] security: Introduce inode_post_removexattr hook

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_removexattr hook. At inode_removexattr hook, EVM verifies the file's existing HMAC value. At inode_post_removexattr, EVM re-calculates the file's HMAC with the passed xattr r

[PATCH v4 12/23] security: Introduce file_post_open hook

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu In preparation to move IMA and EVM to the LSM infrastructure, introduce the file_post_open hook. Also, export security_file_post_open() for NFS. Based on policy, IMA calculates the digest of the file content, and decides based on that digest whether the file should be made

[PATCH v4 13/23] security: Introduce file_pre_free_security hook

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the file_pre_free_security hook. IMA calculates at file close the new digest of the file content and writes it to security.ima, so that appraisal at next file access succeeds. LSMs could also take

[PATCH v4 14/23] security: Introduce path_post_mknod hook

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the path_post_mknod hook. IMA-appraisal requires all existing files in policy to have a file hash/signature stored in security.ima. An exception is made for empty files created by mknod, by tagging

[PATCH v4 15/23] security: Introduce inode_post_create_tmpfile hook

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_create_tmpfile hook. As temp files can be made persistent, treat new temp files like other new files, so that the file hash is calculated and stored in the security xattr. LSMs could

[PATCH v4 16/23] security: Introduce inode_post_set_acl hook

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_set_acl hook. At inode_set_acl hook, EVM verifies the file's existing HMAC value. At inode_post_set_acl, EVM re-calculates the file's HMAC based on the modified POSIX ACL and

[PATCH v4 17/23] security: Introduce inode_post_remove_acl hook

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_remove_acl hook. At inode_remove_acl hook, EVM verifies the file's existing HMAC value. At inode_post_remove_acl, EVM re-calculates the file's HMAC with the passed POSIX ACL r

[PATCH v4 18/23] security: Introduce key_post_create_or_update hook

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the key_post_create_or_update hook. Depending on policy, IMA measures the key content after creation or update, so that remote verifiers are aware of the operation. Other LSMs could similarly take

[PATCH v4 19/23] ima: Move to LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Move hardcoded IMA function calls (not for appraisal) from various places in the kernel to the LSM infrastructure, by introducing a new LSM named 'ima' (at the end of the LSM list and always enabled like 'integrity'). Make moved functio

[PATCH v4 20/23] ima: Move IMA-Appraisal to LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Do the registration of IMA-Appraisal functions separately from the rest of IMA functions, as appraisal is a separate feature not necessarily enabled in the kernel configuration. Reuse the same approach as for other IMA functions, move hardcoded calls from various places in

[PATCH v4 21/23] evm: Move to LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu As for IMA, move hardcoded EVM function calls from various places in the kernel to the LSM infrastructure, by introducing a new LSM named 'evm' (at the end of the LSM list and always enabled, like 'ima' and 'integrity'). Make EVM f

[PATCH v4 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Before the security field of kernel objects could be shared among LSMs with the LSM stacking feature, IMA and EVM had to rely on an alternative storage of inode metadata. The association between inode metadata and inode is maintained through an rbtree. Because of this

[PATCH v4 22/23] integrity: Move integrity functions to the LSM infrastructure

2023-10-27 Thread Roberto Sassu
From: Roberto Sassu Remove hardcoded calls to integrity functions from the LSM infrastructure and, instead, register them in integrity_lsm_init() with the IMA or EVM LSM ID (the first non-NULL returned by ima_get_lsm_id() and evm_get_lsm_id()). Also move the global declaration of

[PATCH v5 00/23] security: Move IMA and EVM to the LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu IMA and EVM are not effectively LSMs, especially due to the fact that in the past they could not provide a security blob while there is another LSM active. That changed in the recent years, the LSM stacking feature now makes it possible to stack together multiple LSMs, and

[PATCH v5 01/23] ima: Align ima_inode_post_setattr() definition with LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Change ima_inode_post_setattr() definition, so that it can be registered as implementation of the inode_post_setattr hook (to be introduced). Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- fs/attr.c | 2 +- include/linux/ima.h

[PATCH v5 02/23] ima: Align ima_file_mprotect() definition with LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Change ima_file_mprotect() definition, so that it can be registered as implementation of the file_mprotect hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- include/linux/ima.h | 5 +++-- security/integrity/ima/ima_main.c | 6 -- security

[PATCH v5 03/23] ima: Align ima_inode_setxattr() definition with LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Change ima_inode_setxattr() definition, so that it can be registered as implementation of the inode_setxattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar --- include/linux/ima.h | 11 +++ security

[PATCH v5 04/23] ima: Align ima_inode_removexattr() definition with LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Change ima_inode_removexattr() definition, so that it can be registered as implementation of the inode_removexattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- include/linux/ima.h | 7 +-- security/integrity/ima/ima_appraise.c

[PATCH v5 06/23] evm: Align evm_inode_post_setattr() definition with LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Change evm_inode_post_setattr() definition, so that it can be registered as implementation of the inode_post_setattr hook (to be introduced). Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- fs/attr.c | 2 +- include/linux/evm.h

[PATCH v5 07/23] evm: Align evm_inode_setxattr() definition with LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Change evm_inode_setxattr() definition, so that it can be registered as implementation of the inode_setxattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar --- include/linux/evm.h | 4 ++-- security/integrity/evm

[PATCH v5 08/23] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Change evm_inode_post_setxattr() definition, so that it can be registered as implementation of the inode_post_setxattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar --- include/linux/evm.h | 8 +--- security

[PATCH v5 09/23] security: Align inode_setattr hook definition with EVM

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Add the idmap parameter to the definition, so that evm_inode_setattr() can be registered as this hook implementation. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Acked-by: Casey Schaufler Reviewed-by: Mimi Zohar --- include/linux/lsm_hook_defs.h | 3

[PATCH v5 10/23] security: Introduce inode_post_setattr hook

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_setattr hook. At inode_setattr hook, EVM verifies the file's existing HMAC value. At inode_post_setattr, EVM re-calculates the file's HMAC based on the modified file attr

[PATCH v5 11/23] security: Introduce inode_post_removexattr hook

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_removexattr hook. At inode_removexattr hook, EVM verifies the file's existing HMAC value. At inode_post_removexattr, EVM re-calculates the file's HMAC with the passed xattr r

[PATCH v5 12/23] security: Introduce file_post_open hook

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu In preparation to move IMA and EVM to the LSM infrastructure, introduce the file_post_open hook. Also, export security_file_post_open() for NFS. Based on policy, IMA calculates the digest of the file content and extends the TPM with the digest, verifies the file's inte

[PATCH v5 13/23] security: Introduce file_pre_free_security hook

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the file_pre_free_security hook. IMA calculates at file close the new digest of the file content and writes it to security.ima, so that appraisal at next file access succeeds. LSMs could also take

[PATCH v5 16/23] security: Introduce inode_post_set_acl hook

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_set_acl hook. At inode_set_acl hook, EVM verifies the file's existing HMAC value. At inode_post_set_acl, EVM re-calculates the file's HMAC based on the modified POSIX ACL and

[PATCH v5 15/23] security: Introduce inode_post_create_tmpfile hook

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_create_tmpfile hook. As temp files can be made persistent, treat new temp files like other new files, so that the file hash is calculated and stored in the security xattr. LSMs could

[PATCH v5 14/23] security: Introduce path_post_mknod hook

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the path_post_mknod hook. IMA-appraisal requires all existing files in policy to have a file hash/signature stored in security.ima. An exception is made for empty files created by mknod, by tagging

[PATCH v5 17/23] security: Introduce inode_post_remove_acl hook

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_remove_acl hook. At inode_remove_acl hook, EVM verifies the file's existing HMAC value. At inode_post_remove_acl, EVM re-calculates the file's HMAC with the passed POSIX ACL r

[PATCH v5 18/23] security: Introduce key_post_create_or_update hook

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the key_post_create_or_update hook. Depending on policy, IMA measures the key content after creation or update, so that remote verifiers are aware of the operation. Other LSMs could similarly take

[PATCH v5 19/23] ima: Move to LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Move hardcoded IMA function calls (not appraisal-specific functions) from various places in the kernel to the LSM infrastructure, by introducing a new LSM named 'ima' (at the end of the LSM list and always enabled like 'integrity'). Make moved functio

[PATCH v5 05/23] ima: Align ima_post_read_file() definition with LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Change ima_post_read_file() definition, by making "void *buf" a "char *buf", so that it can be registered as implementation of the post_read_file hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger --- include/linux/ima.h

[PATCH v5 20/23] ima: Move IMA-Appraisal to LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Do the registration of IMA-Appraisal only functions separately from the rest of IMA functions, as appraisal is a separate feature not necessarily enabled in the kernel configuration. Reuse the same approach as for other IMA functions, move hardcoded calls from various places

[PATCH v5 22/23] integrity: Move integrity functions to the LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Remove hardcoded calls to integrity functions from the LSM infrastructure and, instead, register them in integrity_lsm_init() with the IMA or EVM LSM ID (the first non-NULL returned by ima_get_lsm_id() and evm_get_lsm_id()). Also move the global declaration of

[PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu Before the security field of kernel objects could be shared among LSMs with the LSM stacking feature, IMA and EVM had to rely on an alternative storage of inode metadata. The association between inode metadata and inode is maintained through an rbtree. Because of this

[PATCH v5 21/23] evm: Move to LSM infrastructure

2023-11-07 Thread Roberto Sassu
From: Roberto Sassu As for IMA, move hardcoded EVM function calls from various places in the kernel to the LSM infrastructure, by introducing a new LSM named 'evm' (at the end of the LSM list and always enabled, like 'ima' and 'integrity'). Make EVM f

Re: [PATCH v5 00/23] security: Move IMA and EVM to the LSM infrastructure

2023-11-07 Thread Roberto Sassu
On Tue, 2023-11-07 at 14:39 +0100, Roberto Sassu wrote: > From: Roberto Sassu Hi everyone I kindly ask your support to add the missing reviewed-by/acked-by. I summarize what is missing below: - @Mimi: patches 1, 2, 4, 5, 6, 19, 21, 22, 23 (IMA/EVM-specific patches) - @Al/@Christ

Re: [PATCH v5 11/23] security: Introduce inode_post_removexattr hook

2023-11-07 Thread Roberto Sassu
On Tue, 2023-11-07 at 09:33 -0800, Casey Schaufler wrote: > On 11/7/2023 5:40 AM, Roberto Sassu wrote: > > From: Roberto Sassu > > > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > > the inode_post_removexattr hook. > > > >

Re: [ima-evm-utils PATCH 14/14] tests: Address issues raised by shellcheck SC2003

2023-11-13 Thread Roberto Sassu
t; in "check_evm_revalidate" in $TST_LIST but to find the word > "check_evm_revalidate" in $TST_LIST. Therefore, use grep -w to determine > whether the word is there. > > Signed-off-by: Stefan Berger > Cc: Roberto Sassu Reviewed-by: Roberto Sassu Thanks Roberto > --- >

Re: [PATCH v5 10/23] security: Introduce inode_post_setattr hook

2023-11-16 Thread Roberto Sassu
On Wed, 2023-11-15 at 23:33 -0500, Paul Moore wrote: > On Nov 7, 2023 Roberto Sassu wrote: > > > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > > the inode_post_setattr hook. > > > > At inode_setattr hook, EVM verifies t

Re: [PATCH v5 13/23] security: Introduce file_pre_free_security hook

2023-11-16 Thread Roberto Sassu
On Wed, 2023-11-15 at 23:33 -0500, Paul Moore wrote: > On Nov 7, 2023 Roberto Sassu wrote: > > > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > > the file_pre_free_security hook. > > > > IMA calculates at file close the new dige

Re: [PATCH v5 22/23] integrity: Move integrity functions to the LSM infrastructure

2023-11-16 Thread Roberto Sassu
On Wed, 2023-11-15 at 23:33 -0500, Paul Moore wrote: > On Nov 7, 2023 Roberto Sassu wrote: > > > > Remove hardcoded calls to integrity functions from the LSM infrastructure > > and, instead, register them in integrity_lsm_init() with the IMA or EVM > > LSM ID (the

Re: [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache

2023-11-20 Thread Roberto Sassu
On Fri, 2023-11-17 at 15:57 -0500, Paul Moore wrote: > On Nov 7, 2023 Roberto Sassu wrote: > > > > Before the security field of kernel objects could be shared among LSMs with > > the LSM stacking feature, IMA and EVM had to rely on an alternative storage > > of inod

Re: [PATCH v5 22/23] integrity: Move integrity functions to the LSM infrastructure

2023-11-20 Thread Roberto Sassu
On Fri, 2023-11-17 at 16:22 -0500, Paul Moore wrote: > On Thu, Nov 16, 2023 at 5:08 AM Roberto Sassu > wrote: > > On Wed, 2023-11-15 at 23:33 -0500, Paul Moore wrote: > > > On Nov 7, 2023 Roberto Sassu wrote: > > ... > > > > > +/* > > >

Re: [PATCH v5 11/23] security: Introduce inode_post_removexattr hook

2023-11-20 Thread Roberto Sassu
On Tue, 2023-11-07 at 09:33 -0800, Casey Schaufler wrote: > On 11/7/2023 5:40 AM, Roberto Sassu wrote: > > From: Roberto Sassu > > > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > > the inode_post_removexattr hook. > > > >

[PATCH v6 00/25] security: Move IMA and EVM to the LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu ~ Note: this version is EXPERIMENTAL, I quickly tried to overcome outstanding issues (use disjoint metadata, enforce LSM ordering), to see if it is possible; tests pass, but a more careful review is still needed. ~ IMA and EVM are not effectively LSMs

[PATCH v6 01/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Change ima_inode_post_setattr() definition, so that it can be registered as implementation of the inode_post_setattr hook (to be introduced). Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar --- fs/attr.c

[PATCH v6 02/25] ima: Align ima_file_mprotect() definition with LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Change ima_file_mprotect() definition, so that it can be registered as implementation of the file_mprotect hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar --- include/linux/ima.h | 5

[PATCH v6 03/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Change ima_inode_setxattr() definition, so that it can be registered as implementation of the inode_setxattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar Reviewed-by: Casey Schaufler --- include/linux/ima.h | 11

[PATCH v6 04/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Change ima_inode_removexattr() definition, so that it can be registered as implementation of the inode_removexattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar --- include/linux/ima.h

[PATCH v6 05/25] ima: Align ima_post_read_file() definition with LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Change ima_post_read_file() definition, by making "void *buf" a "char *buf", so that it can be registered as implementation of the post_read_file hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar Reviewed

[PATCH v6 06/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Change evm_inode_post_setattr() definition, so that it can be registered as implementation of the inode_post_setattr hook (to be introduced). Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar --- fs/attr.c

[PATCH v6 07/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Change evm_inode_setxattr() definition, so that it can be registered as implementation of the inode_setxattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar Reviewed-by: Casey Schaufler --- include/linux/evm.h | 4

[PATCH v6 08/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Change evm_inode_post_setxattr() definition, so that it can be registered as implementation of the inode_post_setxattr hook. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar Reviewed-by: Casey Schaufler --- include/linux/evm.h

[PATCH v6 09/25] security: Align inode_setattr hook definition with EVM

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Add the idmap parameter to the definition, so that evm_inode_setattr() can be registered as this hook implementation. Signed-off-by: Roberto Sassu Reviewed-by: Stefan Berger Acked-by: Casey Schaufler Reviewed-by: Mimi Zohar --- include/linux/lsm_hook_defs.h | 3

[PATCH v6 10/25] security: Introduce inode_post_setattr hook

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_setattr hook. At inode_setattr hook, EVM verifies the file's existing HMAC value. At inode_post_setattr, EVM re-calculates the file's HMAC based on the modified file attr

[PATCH v6 11/25] security: Introduce inode_post_removexattr hook

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_removexattr hook. At inode_removexattr hook, EVM verifies the file's existing HMAC value. At inode_post_removexattr, EVM re-calculates the file's HMAC with the passed xattr r

[PATCH v6 12/25] security: Introduce file_post_open hook

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu In preparation to move IMA and EVM to the LSM infrastructure, introduce the file_post_open hook. Also, export security_file_post_open() for NFS. Based on policy, IMA calculates the digest of the file content and extends the TPM with the digest, verifies the file's inte

[PATCH v6 13/25] security: Introduce file_release hook

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the file_release hook. IMA calculates at file close the new digest of the file content and writes it to security.ima, so that appraisal at next file access succeeds. LSMs could also take some action

[PATCH v6 14/25] security: Introduce path_post_mknod hook

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the path_post_mknod hook. IMA-appraisal requires all existing files in policy to have a file hash/signature stored in security.ima. An exception is made for empty files created by mknod, by tagging

[PATCH v6 15/25] security: Introduce inode_post_create_tmpfile hook

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_create_tmpfile hook. As temp files can be made persistent, treat new temp files like other new files, so that the file hash is calculated and stored in the security xattr. LSMs could

[PATCH v6 16/25] security: Introduce inode_post_set_acl hook

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_set_acl hook. At inode_set_acl hook, EVM verifies the file's existing HMAC value. At inode_post_set_acl, EVM re-calculates the file's HMAC based on the modified POSIX ACL and

[PATCH v6 17/25] security: Introduce inode_post_remove_acl hook

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the inode_post_remove_acl hook. At inode_remove_acl hook, EVM verifies the file's existing HMAC value. At inode_post_remove_acl, EVM re-calculates the file's HMAC with the passed POSIX ACL r

[PATCH v6 18/25] security: Introduce key_post_create_or_update hook

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the key_post_create_or_update hook. Depending on policy, IMA measures the key content after creation or update, so that remote verifiers are aware of the operation. Other LSMs could similarly take

[PATCH v6 19/25] ima: Move to LSM infrastructure

2023-11-20 Thread Roberto Sassu
From: Roberto Sassu Move hardcoded IMA function calls (not appraisal-specific functions) from various places in the kernel to the LSM infrastructure, by introducing a new LSM named 'ima' (at the end of the LSM list and always enabled like 'integrity'). Make moved functio

  1   2   3   >