On 8/5/20 11:25 AM, Casey Schaufler wrote:
I think moving away from the idea that measuring "critical" data should
be limited to LSMs, will clarify this.
Are you suggesting that instead of calling the hooks LSM_STATE and LSM_POLICY, we should
keep it more generic so that it can be utilized
On 2020-08-05 09:07:48, Lakshmi Ramasubramanian wrote:
> On 8/5/20 8:45 AM, Tyler Hicks wrote:
> > On 2020-08-05 08:36:40, Casey Schaufler wrote:
> > > On 8/4/2020 6:14 PM, Lakshmi Ramasubramanian wrote:
> > > > On 8/4/20 6:04 PM, Casey Schaufler wrote:
> > > > > On 8/4/2020 5:43 PM, Lakshmi Ramasu
On 8/5/20 9:14 AM, Tyler Hicks wrote:
On 2020-08-05 09:07:48, Lakshmi Ramasubramanian wrote:
On 8/5/20 8:45 AM, Tyler Hicks wrote:
On 2020-08-05 08:36:40, Casey Schaufler wrote:
On 8/4/2020 6:14 PM, Lakshmi Ramasubramanian wrote:
On 8/4/20 6:04 PM, Casey Schaufler wrote:
On 8/4/2020 5:43 PM,
On 2020-08-05 09:21:24, Lakshmi Ramasubramanian wrote:
> On 8/5/20 9:14 AM, Tyler Hicks wrote:
> > On 2020-08-05 09:07:48, Lakshmi Ramasubramanian wrote:
> > > On 8/5/20 8:45 AM, Tyler Hicks wrote:
> > > > On 2020-08-05 08:36:40, Casey Schaufler wrote:
> > > > > On 8/4/2020 6:14 PM, Lakshmi Ramasub
On 8/5/2020 9:32 AM, Tyler Hicks wrote:
> On 2020-08-05 09:21:24, Lakshmi Ramasubramanian wrote:
>> On 8/5/20 9:14 AM, Tyler Hicks wrote:
>>> On 2020-08-05 09:07:48, Lakshmi Ramasubramanian wrote:
On 8/5/20 8:45 AM, Tyler Hicks wrote:
> On 2020-08-05 08:36:40, Casey Schaufler wrote:
>>
On 8/5/2020 10:25 AM, Lakshmi Ramasubramanian wrote:
> On 8/5/20 10:03 AM, Mimi Zohar wrote:
>> On Wed, 2020-08-05 at 10:45 -0500, Tyler Hicks wrote:
>>
>>> In addition to SELINUX_STATE and SELINUX_POLICY, we should also consider
>>> the proposed LSM_STATE and LSM_POLICY func values but require an
On 8/5/20 10:57 AM, Casey Schaufler wrote:
On 8/5/2020 10:25 AM, Lakshmi Ramasubramanian wrote:
On 8/5/20 10:03 AM, Mimi Zohar wrote:
On Wed, 2020-08-05 at 10:45 -0500, Tyler Hicks wrote:
In addition to SELINUX_STATE and SELINUX_POLICY, we should also consider
the proposed LSM_STATE and LSM_P
On 8/5/2020 11:08 AM, Lakshmi Ramasubramanian wrote:
> On 8/5/20 10:57 AM, Casey Schaufler wrote:
>> On 8/5/2020 10:25 AM, Lakshmi Ramasubramanian wrote:
>>> On 8/5/20 10:03 AM, Mimi Zohar wrote:
On Wed, 2020-08-05 at 10:45 -0500, Tyler Hicks wrote:
> In addition to SELINUX_STATE and
On 8/5/20 10:03 AM, Mimi Zohar wrote:
On Wed, 2020-08-05 at 10:45 -0500, Tyler Hicks wrote:
In addition to SELINUX_STATE and SELINUX_POLICY, we should also consider
the proposed LSM_STATE and LSM_POLICY func values but require an "lsm"
rule conditional.
So the current proposed rules:
measur
On Tue, 2020-08-04 at 18:04 -0700, Casey Schaufler wrote:
> On 8/4/2020 5:43 PM, Lakshmi Ramasubramanian wrote:
> > Critical data structures of security modules are currently not measured.
> > Therefore an attestation service, for instance, would not be able to
> > attest whether the security modul
On Wed, 2020-08-05 at 10:45 -0500, Tyler Hicks wrote:
> In addition to SELINUX_STATE and SELINUX_POLICY, we should also consider
> the proposed LSM_STATE and LSM_POLICY func values but require an "lsm"
> rule conditional.
>
> So the current proposed rules:
>
> measure func=LSM_STATE
> measure
On 8/4/2020 6:14 PM, Lakshmi Ramasubramanian wrote:
> On 8/4/20 6:04 PM, Casey Schaufler wrote:
>> On 8/4/2020 5:43 PM, Lakshmi Ramasubramanian wrote:
>>> Critical data structures of security modules are currently not measured.
>>> Therefore an attestation service, for instance, would not be able t
On 8/5/20 8:45 AM, Tyler Hicks wrote:
On 2020-08-05 08:36:40, Casey Schaufler wrote:
On 8/4/2020 6:14 PM, Lakshmi Ramasubramanian wrote:
On 8/4/20 6:04 PM, Casey Schaufler wrote:
On 8/4/2020 5:43 PM, Lakshmi Ramasubramanian wrote:
Critical data structures of security modules are currently not
On 2020-08-05 08:36:40, Casey Schaufler wrote:
> On 8/4/2020 6:14 PM, Lakshmi Ramasubramanian wrote:
> > On 8/4/20 6:04 PM, Casey Schaufler wrote:
> >> On 8/4/2020 5:43 PM, Lakshmi Ramasubramanian wrote:
> >>> Critical data structures of security modules are currently not measured.
> >>> Therefore
On Tue, 2020-08-04 at 17:43 -0700, Lakshmi Ramasubramanian wrote:
> Critical data structures of security modules are currently not measured.
> Therefore an attestation service, for instance, would not be able to
> attest whether the security modules are always operating with the policies
> and conf
On 8/4/20 6:04 PM, Casey Schaufler wrote:
On 8/4/2020 5:43 PM, Lakshmi Ramasubramanian wrote:
Critical data structures of security modules are currently not measured.
Therefore an attestation service, for instance, would not be able to
attest whether the security modules are always operating wit
On 8/4/2020 5:43 PM, Lakshmi Ramasubramanian wrote:
> Critical data structures of security modules are currently not measured.
> Therefore an attestation service, for instance, would not be able to
> attest whether the security modules are always operating with the policies
> and configuration that
Critical data structures of security modules are currently not measured.
Therefore an attestation service, for instance, would not be able to
attest whether the security modules are always operating with the policies
and configuration that the system administrator had setup. The policies
and config
18 matches
Mail list logo
