Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752277AbdLJWbr (ORCPT <rfc822;w@1wt.eu>);
        Sun, 10 Dec 2017 17:31:47 -0500
Received: from aserp2120.oracle.com ([141.146.126.78]:40432 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752248AbdLJWbm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 10 Dec 2017 17:31:42 -0500
Date: Mon, 11 Dec 2017 09:21:28 +1100 (AEDT)
From: James Morris <james.l.morris@oracle.com>
X-X-Sender: james.l.morris@localhost
To: Sargun Dhillon <sargun@sargun.me>
cc: linux-security-module@vger.kernel.org, keescook@chromium.org,
        igor.stoppa@huawei.com, casey@schaufler-ca.com,
        linux-kernel@vger.kernel.org
Subject: Re: [RFC v2 2/3] LSM: Add statistics about the invocation of dynamic
 hooks
In-Reply-To: <0d030add49ec1dfd2971e955ab7856cc536e37b1.1512704909.git.sargun@netflix.com>
Message-ID: <alpine.LFD.2.20.1712110911170.19397@localhost>
References: <cover.1512704909.git.sargun@netflix.com> <0d030add49ec1dfd2971e955ab7856cc536e37b1.1512704909.git.sargun@netflix.com>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8741 signatures=668644
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=673
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1712100335
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 925
Lines: 24

On Fri, 8 Dec 2017, Sargun Dhillon wrote:

> The purpose of this is similar to the purpose of something like
> iptables -L -n. With the proliferation of LSMs, it's going to
> be more important to have a way to understand what's going on.

The difference with iptables being that it's an application on top of the 
netfilter hooks, with strongly defined behavioral semantics for matches 
and targets, while their configuration is the security policy.

LSM is more like the raw netfilter layer, and I don't think you can make a 
lot of sense from a list of just which hooks are active.  You need 
semantic knowledge of how those hooks are configured, i.e. security 
policy.

I suggest dropping this part for now at least, and perhaps think about 
building an API on top of this feature with strongly defined semantics 
(e.g. something like iptables on top of netfilter). 


- James
-- 
James Morris
<james.l.morris@oracle.com>