On Wed, 2023-09-06 at 16:54 -0400, Ken Goldman wrote:
> Jonathan: What should be my next step?
>
> On 9/4/2023 5:52 PM, Jarkko Sakkinen wrote:
> > On Fri Sep 1, 2023 at 12:46 AM EEST, Ken Goldman wrote:
> > > Thank you.
> > >
> > > Do you know the process for getting this accepted into the kerne
On Tue, 2023-09-12 at 12:19 -0400, Stefan Berger wrote:
> On 9/4/23 09:40, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > Before the security field of kernel objects could be shared among LSMs with
> > the LSM stacking feature, IMA and EVM had to rely on an alter
On Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote:
> From: Roberto Sassu
>
> In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> the inode_post_setattr hook.
>
> It is useful for EVM to recalculate the HMAC on modified file attributes
> an
On Mon, 2023-09-04 at 15:40 +0200, Roberto Sassu wrote:
> From: Roberto Sassu
>
> In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> the key_post_create_or_update hook.
>
> It is useful for IMA to measure the key content after creation or update
On Wed, 2023-10-11 at 10:51 -0400, Mimi Zohar wrote:
> On Mon, 2023-09-04 at 15:33 +0200, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > Change ima_file_mprotect() definition, so that it can be registered
> > as implementation of the file_mprotect hook.
>
On Wed, 2023-10-11 at 10:38 -0400, Mimi Zohar wrote:
> On Mon, 2023-09-04 at 15:33 +0200, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > Change ima_post_path_mknod() definition, so that it can be registered as
> > implementation of the path_post_mknod hook. Sinc
On Wed, 2023-10-11 at 15:01 -0400, Mimi Zohar wrote:
> On Wed, 2023-10-11 at 18:02 +0200, Roberto Sassu wrote:
> > On Wed, 2023-10-11 at 10:38 -0400, Mimi Zohar wrote:
> > > On Mon, 2023-09-04 at 15:33 +0200, Roberto Sassu wrote:
> > > > From: Roberto
On Wed, 2023-10-11 at 20:08 -0400, Mimi Zohar wrote:
> gOn Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> > the inode_post_setattr hook.
> >
> &
On Thu, 2023-10-12 at 07:42 -0400, Mimi Zohar wrote:
> On Thu, 2023-10-12 at 09:29 +0200, Roberto Sassu wrote:
> > On Wed, 2023-10-11 at 15:01 -0400, Mimi Zohar wrote:
> > > On Wed, 2023-10-11 at 18:02 +0200, Roberto Sassu wrote:
> > > > On Wed, 2023-10-11 at
On Thu, 2023-10-12 at 07:43 -0400, Mimi Zohar wrote:
> On Thu, 2023-10-12 at 09:42 +0200, Roberto Sassu wrote:
> > On Wed, 2023-10-11 at 20:08 -0400, Mimi Zohar wrote:
> > > gOn Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote:
> > > > From: Roberto Sassu
>
On Thu, 2023-10-12 at 08:36 -0400, Mimi Zohar wrote:
> On Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > In preparation to move IMA and EVM to the LSM infrastructure, introduce the
> > file_post_open hook. Also, export securi
On Thu, 2023-10-12 at 09:25 -0400, Mimi Zohar wrote:
> On Thu, 2023-10-12 at 14:19 +0200, Roberto Sassu wrote:
> > On Thu, 2023-10-12 at 07:42 -0400, Mimi Zohar wrote:
> > > On Thu, 2023-10-12 at 09:29 +0200, Roberto Sassu wrote:
> > > > On Wed, 2023-10-11 at
On Thu, 2023-10-12 at 09:35 -0400, Mimi Zohar wrote:
> On Thu, 2023-10-12 at 14:45 +0200, Roberto Sassu wrote:
> > On Thu, 2023-10-12 at 08:36 -0400, Mimi Zohar wrote:
> > > On Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote:
> > > > From: Roberto Sassu
> >
On Thu, 2023-10-12 at 13:10 -0400, Mimi Zohar wrote:
> > > > > > We need to make sure that ima_post_path_mknod() has the
> > > > > > same parameters
> > > > > > as the LSM hook at the time we register it to the LSM
> > > > > > infrastructure.
> > > > >
> > > > > I'm trying to understand why the pr
On Fri, 2023-09-15 at 11:39 +0200, Roberto Sassu wrote:
> On Tue, 2023-09-12 at 12:19 -0400, Stefan Berger wrote:
> > On 9/4/23 09:40, Roberto Sassu wrote:
> > > From: Roberto Sassu
> > >
> > > Before the security field of kernel objects could be shared
On Tue, 2023-10-17 at 11:58 -0400, Paul Moore wrote:
> On Tue, Oct 17, 2023 at 3:01 AM Roberto Sassu
> wrote:
> > On Mon, 2023-10-16 at 11:06 -0400, Paul Moore wrote:
> > > On Mon, Oct 16, 2023 at 8:05 AM Roberto Sassu
> > > wrote:
> > > >
> > >
On Tue, 2023-10-17 at 18:07 +0200, Roberto Sassu wrote:
> On Tue, 2023-10-17 at 11:58 -0400, Paul Moore wrote:
> > On Tue, Oct 17, 2023 at 3:01 AM Roberto Sassu
> > wrote:
> > > On Mon, 2023-10-16 at 11:06 -0400, Paul Moore wrote:
> > > > On Mon, O
On 10/18/2023 3:09 PM, Mimi Zohar wrote:
On Wed, 2023-10-18 at 11:31 +0200, Roberto Sassu wrote:
On Tue, 2023-10-17 at 18:07 +0200, Roberto Sassu wrote:
On Tue, 2023-10-17 at 11:58 -0400, Paul Moore wrote:
On Tue, Oct 17, 2023 at 3:01 AM Roberto Sassu
wrote:
On Mon, 2023-10-16 at 11:06
On Wed, 2023-10-18 at 16:40 -0400, Paul Moore wrote:
> On Wed, Oct 18, 2023 at 4:23 PM Mimi Zohar wrote:
> > On Wed, 2023-10-18 at 12:35 -0400, Paul Moore wrote:
> > > On Wed, Oct 18, 2023 at 10:15 AM Roberto Sassu
> > > wrote:
> > > >
On Wed, 2023-10-18 at 16:14 +0200, Roberto Sassu wrote:
> On 10/18/2023 3:09 PM, Mimi Zohar wrote:
> > On Wed, 2023-10-18 at 11:31 +0200, Roberto Sassu wrote:
> > > On Tue, 2023-10-17 at 18:07 +0200, Roberto Sassu wrote:
> > > > On Tue, 2023-10-17 at 11:58 -0400, Paul
On Fri, 2023-10-20 at 17:05 +0200, Mickaël Salaün wrote:
> On Thu, Oct 19, 2023 at 11:08:38PM +, Eric Snowberg wrote:
> >
> >
> > > On Oct 19, 2023, at 3:12 AM, Mickaël Salaün wrote:
> > >
> > > On Wed, Oct 18, 2023 at 11:12:45PM +, Eric Snowberg wrote:
> > > >
> > > >
> > > > > On Oc
From: Roberto Sassu
Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT
calculation, used to limit how many LSMs can invoke security_add_hooks().
Signed-off-by: Roberto Sassu
---
security/security.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/security/securit
On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote:
> On Oct 26, 2023 Roberto Sassu wrote:
> >
> > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT
> > calculation, used to limit how many LSMs can invoke security_add_hooks().
> >
From: Roberto Sassu
IMA and EVM are not effectively LSMs, especially due to the fact that in
the past they could not provide a security blob while there is another LSM
active.
That changed in the recent years, the LSM stacking feature now makes it
possible to stack together multiple LSMs, and
From: Roberto Sassu
Change ima_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
fs/attr.c | 2 +-
include/linux/ima.h
From: Roberto Sassu
Change ima_file_mprotect() definition, so that it can be registered
as implementation of the file_mprotect hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
include/linux/ima.h | 5 +++--
security/integrity/ima/ima_main.c | 6 --
security
From: Roberto Sassu
Change ima_inode_setxattr() definition, so that it can be registered as
implementation of the inode_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
---
include/linux/ima.h | 11 +++
security
From: Roberto Sassu
Change evm_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
fs/attr.c | 2 +-
include/linux/evm.h
From: Roberto Sassu
Change ima_post_read_file() definition, by making "void *buf" a
"char *buf", so that it can be registered as implementation of the
post_read_file hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
include/linux/ima.h
From: Roberto Sassu
Change ima_inode_removexattr() definition, so that it can be registered as
implementation of the inode_removexattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
include/linux/ima.h | 7 +--
security/integrity/ima/ima_appraise.c
From: Roberto Sassu
Change evm_inode_post_setxattr() definition, so that it can be registered
as implementation of the inode_post_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
---
include/linux/evm.h | 8 +---
security
From: Roberto Sassu
Add the idmap parameter to the definition, so that evm_inode_setattr() can
be registered as this hook implementation.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Acked-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
include/linux/lsm_hook_defs.h | 3
From: Roberto Sassu
Change evm_inode_setxattr() definition, so that it can be registered as
implementation of the inode_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
---
include/linux/evm.h | 4 ++--
security/integrity/evm
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_setattr hook.
At inode_setattr hook, EVM verifies the file's existing HMAC value. At
inode_post_setattr, EVM re-calculates the file's HMAC based on the modified
file attr
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_removexattr hook.
At inode_removexattr hook, EVM verifies the file's existing HMAC value. At
inode_post_removexattr, EVM re-calculates the file's HMAC with the passed
xattr r
From: Roberto Sassu
In preparation to move IMA and EVM to the LSM infrastructure, introduce the
file_post_open hook. Also, export security_file_post_open() for NFS.
Based on policy, IMA calculates the digest of the file content, and decides
based on that digest whether the file should be made
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the file_pre_free_security hook.
IMA calculates at file close the new digest of the file content and writes
it to security.ima, so that appraisal at next file access succeeds.
LSMs could also take
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the path_post_mknod hook.
IMA-appraisal requires all existing files in policy to have a file
hash/signature stored in security.ima. An exception is made for empty files
created by mknod, by tagging
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_create_tmpfile hook.
As temp files can be made persistent, treat new temp files like other new
files, so that the file hash is calculated and stored in the security
xattr.
LSMs could
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_set_acl hook.
At inode_set_acl hook, EVM verifies the file's existing HMAC value. At
inode_post_set_acl, EVM re-calculates the file's HMAC based on the modified
POSIX ACL and
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_remove_acl hook.
At inode_remove_acl hook, EVM verifies the file's existing HMAC value. At
inode_post_remove_acl, EVM re-calculates the file's HMAC with the passed
POSIX ACL r
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the key_post_create_or_update hook.
Depending on policy, IMA measures the key content after creation or update,
so that remote verifiers are aware of the operation.
Other LSMs could similarly take
From: Roberto Sassu
Move hardcoded IMA function calls (not for appraisal) from various places
in the kernel to the LSM infrastructure, by introducing a new LSM named
'ima' (at the end of the LSM list and always enabled like 'integrity').
Make moved functio
From: Roberto Sassu
Do the registration of IMA-Appraisal functions separately from the rest of
IMA functions, as appraisal is a separate feature not necessarily enabled
in the kernel configuration.
Reuse the same approach as for other IMA functions, move hardcoded calls
from various places in
From: Roberto Sassu
As for IMA, move hardcoded EVM function calls from various places in the
kernel to the LSM infrastructure, by introducing a new LSM named 'evm'
(at the end of the LSM list and always enabled, like 'ima' and
'integrity').
Make EVM f
From: Roberto Sassu
Before the security field of kernel objects could be shared among LSMs with
the LSM stacking feature, IMA and EVM had to rely on an alternative storage
of inode metadata. The association between inode metadata and inode is
maintained through an rbtree.
Because of this
From: Roberto Sassu
Remove hardcoded calls to integrity functions from the LSM infrastructure
and, instead, register them in integrity_lsm_init() with the IMA or EVM
LSM ID (the first non-NULL returned by ima_get_lsm_id() and
evm_get_lsm_id()).
Also move the global declaration of
From: Roberto Sassu
IMA and EVM are not effectively LSMs, especially due to the fact that in
the past they could not provide a security blob while there is another LSM
active.
That changed in the recent years, the LSM stacking feature now makes it
possible to stack together multiple LSMs, and
From: Roberto Sassu
Change ima_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
fs/attr.c | 2 +-
include/linux/ima.h
From: Roberto Sassu
Change ima_file_mprotect() definition, so that it can be registered
as implementation of the file_mprotect hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
include/linux/ima.h | 5 +++--
security/integrity/ima/ima_main.c | 6 --
security
From: Roberto Sassu
Change ima_inode_setxattr() definition, so that it can be registered as
implementation of the inode_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
---
include/linux/ima.h | 11 +++
security
From: Roberto Sassu
Change ima_inode_removexattr() definition, so that it can be registered as
implementation of the inode_removexattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
include/linux/ima.h | 7 +--
security/integrity/ima/ima_appraise.c
From: Roberto Sassu
Change evm_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
fs/attr.c | 2 +-
include/linux/evm.h
From: Roberto Sassu
Change evm_inode_setxattr() definition, so that it can be registered as
implementation of the inode_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
---
include/linux/evm.h | 4 ++--
security/integrity/evm
From: Roberto Sassu
Change evm_inode_post_setxattr() definition, so that it can be registered
as implementation of the inode_post_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
---
include/linux/evm.h | 8 +---
security
From: Roberto Sassu
Add the idmap parameter to the definition, so that evm_inode_setattr() can
be registered as this hook implementation.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Acked-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
include/linux/lsm_hook_defs.h | 3
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_setattr hook.
At inode_setattr hook, EVM verifies the file's existing HMAC value. At
inode_post_setattr, EVM re-calculates the file's HMAC based on the modified
file attr
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_removexattr hook.
At inode_removexattr hook, EVM verifies the file's existing HMAC value. At
inode_post_removexattr, EVM re-calculates the file's HMAC with the passed
xattr r
From: Roberto Sassu
In preparation to move IMA and EVM to the LSM infrastructure, introduce the
file_post_open hook. Also, export security_file_post_open() for NFS.
Based on policy, IMA calculates the digest of the file content and
extends the TPM with the digest, verifies the file's inte
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the file_pre_free_security hook.
IMA calculates at file close the new digest of the file content and writes
it to security.ima, so that appraisal at next file access succeeds.
LSMs could also take
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_set_acl hook.
At inode_set_acl hook, EVM verifies the file's existing HMAC value. At
inode_post_set_acl, EVM re-calculates the file's HMAC based on the modified
POSIX ACL and
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_create_tmpfile hook.
As temp files can be made persistent, treat new temp files like other new
files, so that the file hash is calculated and stored in the security
xattr.
LSMs could
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the path_post_mknod hook.
IMA-appraisal requires all existing files in policy to have a file
hash/signature stored in security.ima. An exception is made for empty files
created by mknod, by tagging
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_remove_acl hook.
At inode_remove_acl hook, EVM verifies the file's existing HMAC value. At
inode_post_remove_acl, EVM re-calculates the file's HMAC with the passed
POSIX ACL r
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the key_post_create_or_update hook.
Depending on policy, IMA measures the key content after creation or update,
so that remote verifiers are aware of the operation.
Other LSMs could similarly take
From: Roberto Sassu
Move hardcoded IMA function calls (not appraisal-specific functions) from
various places in the kernel to the LSM infrastructure, by introducing a
new LSM named 'ima' (at the end of the LSM list and always enabled like
'integrity').
Make moved functio
From: Roberto Sassu
Change ima_post_read_file() definition, by making "void *buf" a
"char *buf", so that it can be registered as implementation of the
post_read_file hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
---
include/linux/ima.h
From: Roberto Sassu
Do the registration of IMA-Appraisal only functions separately from the
rest of IMA functions, as appraisal is a separate feature not necessarily
enabled in the kernel configuration.
Reuse the same approach as for other IMA functions, move hardcoded calls
from various places
From: Roberto Sassu
Remove hardcoded calls to integrity functions from the LSM infrastructure
and, instead, register them in integrity_lsm_init() with the IMA or EVM
LSM ID (the first non-NULL returned by ima_get_lsm_id() and
evm_get_lsm_id()).
Also move the global declaration of
From: Roberto Sassu
Before the security field of kernel objects could be shared among LSMs with
the LSM stacking feature, IMA and EVM had to rely on an alternative storage
of inode metadata. The association between inode metadata and inode is
maintained through an rbtree.
Because of this
From: Roberto Sassu
As for IMA, move hardcoded EVM function calls from various places in the
kernel to the LSM infrastructure, by introducing a new LSM named 'evm'
(at the end of the LSM list and always enabled, like 'ima' and
'integrity').
Make EVM f
On Tue, 2023-11-07 at 14:39 +0100, Roberto Sassu wrote:
> From: Roberto Sassu
Hi everyone
I kindly ask your support to add the missing reviewed-by/acked-by. I
summarize what is missing below:
- @Mimi: patches 1, 2, 4, 5, 6, 19, 21, 22, 23 (IMA/EVM-specific
patches)
- @Al/@Christ
On Tue, 2023-11-07 at 09:33 -0800, Casey Schaufler wrote:
> On 11/7/2023 5:40 AM, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> > the inode_post_removexattr hook.
> >
> >
t; in "check_evm_revalidate" in $TST_LIST but to find the word
> "check_evm_revalidate" in $TST_LIST. Therefore, use grep -w to determine
> whether the word is there.
>
> Signed-off-by: Stefan Berger
> Cc: Roberto Sassu
Reviewed-by: Roberto Sassu
Thanks
Roberto
> ---
>
On Wed, 2023-11-15 at 23:33 -0500, Paul Moore wrote:
> On Nov 7, 2023 Roberto Sassu wrote:
> >
> > In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> > the inode_post_setattr hook.
> >
> > At inode_setattr hook, EVM verifies t
On Wed, 2023-11-15 at 23:33 -0500, Paul Moore wrote:
> On Nov 7, 2023 Roberto Sassu wrote:
> >
> > In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> > the file_pre_free_security hook.
> >
> > IMA calculates at file close the new dige
On Wed, 2023-11-15 at 23:33 -0500, Paul Moore wrote:
> On Nov 7, 2023 Roberto Sassu wrote:
> >
> > Remove hardcoded calls to integrity functions from the LSM infrastructure
> > and, instead, register them in integrity_lsm_init() with the IMA or EVM
> > LSM ID (the
On Fri, 2023-11-17 at 15:57 -0500, Paul Moore wrote:
> On Nov 7, 2023 Roberto Sassu wrote:
> >
> > Before the security field of kernel objects could be shared among LSMs with
> > the LSM stacking feature, IMA and EVM had to rely on an alternative storage
> > of inod
On Fri, 2023-11-17 at 16:22 -0500, Paul Moore wrote:
> On Thu, Nov 16, 2023 at 5:08 AM Roberto Sassu
> wrote:
> > On Wed, 2023-11-15 at 23:33 -0500, Paul Moore wrote:
> > > On Nov 7, 2023 Roberto Sassu wrote:
>
> ...
>
> > > > +/*
> > >
On Tue, 2023-11-07 at 09:33 -0800, Casey Schaufler wrote:
> On 11/7/2023 5:40 AM, Roberto Sassu wrote:
> > From: Roberto Sassu
> >
> > In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> > the inode_post_removexattr hook.
> >
> >
From: Roberto Sassu
~
Note: this version is EXPERIMENTAL, I quickly tried to overcome outstanding
issues (use disjoint metadata, enforce LSM ordering), to see if it is
possible; tests pass, but a more careful review is still needed.
~
IMA and EVM are not effectively LSMs
From: Roberto Sassu
Change ima_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
fs/attr.c
From: Roberto Sassu
Change ima_file_mprotect() definition, so that it can be registered
as implementation of the file_mprotect hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
include/linux/ima.h | 5
From: Roberto Sassu
Change ima_inode_setxattr() definition, so that it can be registered as
implementation of the inode_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
Reviewed-by: Casey Schaufler
---
include/linux/ima.h | 11
From: Roberto Sassu
Change ima_inode_removexattr() definition, so that it can be registered as
implementation of the inode_removexattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
include/linux/ima.h
From: Roberto Sassu
Change ima_post_read_file() definition, by making "void *buf" a
"char *buf", so that it can be registered as implementation of the
post_read_file hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
Reviewed
From: Roberto Sassu
Change evm_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
fs/attr.c
From: Roberto Sassu
Change evm_inode_setxattr() definition, so that it can be registered as
implementation of the inode_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
Reviewed-by: Casey Schaufler
---
include/linux/evm.h | 4
From: Roberto Sassu
Change evm_inode_post_setxattr() definition, so that it can be registered
as implementation of the inode_post_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
Reviewed-by: Casey Schaufler
---
include/linux/evm.h
From: Roberto Sassu
Add the idmap parameter to the definition, so that evm_inode_setattr() can
be registered as this hook implementation.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Acked-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
include/linux/lsm_hook_defs.h | 3
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_setattr hook.
At inode_setattr hook, EVM verifies the file's existing HMAC value. At
inode_post_setattr, EVM re-calculates the file's HMAC based on the modified
file attr
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_removexattr hook.
At inode_removexattr hook, EVM verifies the file's existing HMAC value. At
inode_post_removexattr, EVM re-calculates the file's HMAC with the passed
xattr r
From: Roberto Sassu
In preparation to move IMA and EVM to the LSM infrastructure, introduce the
file_post_open hook. Also, export security_file_post_open() for NFS.
Based on policy, IMA calculates the digest of the file content and
extends the TPM with the digest, verifies the file's inte
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the file_release hook.
IMA calculates at file close the new digest of the file content and writes
it to security.ima, so that appraisal at next file access succeeds.
LSMs could also take some action
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the path_post_mknod hook.
IMA-appraisal requires all existing files in policy to have a file
hash/signature stored in security.ima. An exception is made for empty files
created by mknod, by tagging
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_create_tmpfile hook.
As temp files can be made persistent, treat new temp files like other new
files, so that the file hash is calculated and stored in the security
xattr.
LSMs could
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_set_acl hook.
At inode_set_acl hook, EVM verifies the file's existing HMAC value. At
inode_post_set_acl, EVM re-calculates the file's HMAC based on the modified
POSIX ACL and
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_remove_acl hook.
At inode_remove_acl hook, EVM verifies the file's existing HMAC value. At
inode_post_remove_acl, EVM re-calculates the file's HMAC with the passed
POSIX ACL r
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the key_post_create_or_update hook.
Depending on policy, IMA measures the key content after creation or update,
so that remote verifiers are aware of the operation.
Other LSMs could similarly take
From: Roberto Sassu
Move hardcoded IMA function calls (not appraisal-specific functions) from
various places in the kernel to the LSM infrastructure, by introducing a
new LSM named 'ima' (at the end of the LSM list and always enabled like
'integrity').
Make moved functio
1 - 100 of 253 matches
Mail list logo