Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751880AbcDTWrg (ORCPT ); Wed, 20 Apr 2016 18:47:36 -0400 Received: from mail-pa0-f52.google.com ([209.85.220.52]:36256 "EHLO mail-pa0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751150AbcDTWqf (ORCPT ); Wed, 20 Apr 2016 18:46:35 -0400 From: Kees Cook To: James Morris Cc: Kees Cook , Mimi Zohar , Joe Perches , Andy Shevchenko , Andrew Morton , "Serge E. Hallyn" , Jonathan Corbet , Kalle Valo , Mauro Carvalho Chehab , Guenter Roeck , Jiri Slaby , Paul Moore , Stephen Smalley , Casey Schaufler , Andreas Gruenbacher , Rasmus Villemoes , Ulf Hansson , Vitaly Kuznetsov , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v5 0/6] LSM: LoadPin for kernel file loading restrictions Date: Wed, 20 Apr 2016 15:46:22 -0700 Message-Id: <1461192388-13900-1-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.6.3 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 727 Lines: 22 This provides the mini-LSM "loadpin" that intercepts the now consolidated kernel_file_read LSM hook so that a system can keep all loads coming from a single trusted filesystem. This is what Chrome OS uses to pin kernel module and firmware loading to the read-only crypto-verified dm-verity partition so that kernel module signing is not needed. -Kees v5: - replace enum-to-str code, mimi v4: - add missing "const" to char * src, joe v3: - changed module parameter to "loadpin.enabled" - add sysctl docs, akpm - add general use function for enum, zohar - add gfp_t, joe - clean up loops, andriy.shevchenko - reduce BUG_ON to WARN_ON, joe v2: - break out utility helpers into separate functions - have Yama use new helpers too