Re: [PATCH] selinux: measure state and policy capabilities

2021-01-27 Thread Paul Moore
On Sun, Jan 24, 2021 at 12:04 PM Lakshmi Ramasubramanian wrote: > On 1/22/21 1:21 PM, Paul Moore wrote: ... > >> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > >> index 644b17ec9e63..879a0d90615d 100644 > >> --- a/security/selinux/hooks.c > >> +++ b/security/selinux/hooks.c >

Re: [PATCH] selinux: measure state and policy capabilities

2021-01-24 Thread Lakshmi Ramasubramanian
On 1/22/21 1:21 PM, Paul Moore wrote: Hi Paul, Thanks for reviewing the changes. ... Signed-off-by: Lakshmi Ramasubramanian Suggested-by: Stephen Smalley --- This patch is based on commit e58bb688f2e4 "Merge branch 'measure-critical-data' into next-integrity" in "next-integrity-testing" br

Re: [PATCH] selinux: measure state and policy capabilities

2021-01-22 Thread Paul Moore
On Thu, Jan 21, 2021 at 3:02 PM Lakshmi Ramasubramanian wrote: > > SELinux stores the configuration state and the policy capabilities > in kernel memory. Changes to this data at runtime would have an impact > on the security guarantees provided by SELinux. Measuring SELinux > configuration state