Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2638154imm; Thu, 16 Aug 2018 12:56:29 -0700 (PDT) X-Google-Smtp-Source: AA+uWPzGMPVT57YCzReeKd0IwPnSTaU/5rha5JmSIVxyjdu5jcromn26AQPjvI54s+576DuVBglj X-Received: by 2002:a17:902:16a4:: with SMTP id h33-v6mr18583643plh.156.1534449389834; Thu, 16 Aug 2018 12:56:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534449389; cv=none; d=google.com; s=arc-20160816; b=dLGFBIHOdEPPx9mjR1OAb1a0aG2pWXLnUSrfiJce28Kp4Afa8/DrQjXWUZT8PyrbAZ sP5hua7EBQ5271oY3GCjo6cEUq49fBaHs1iO6nm/RQ1aVcY0bMYN2cdM/COUKZE1nkNs W6yKO6GoRhQqkWzPSbmlTQvPKgH6Xbu2hhHLExK1/3BjqCztT1WVjNvxQThDTPqEIgse +Jq8He8ybwnk31kMreYFAcmHYgP4h5P3Hai34mxzefA7RltWXVdtCcmibQxRip6zBjPw AFsUIp2P6AW8mM7jxOEFSM/VEEMAdm7rgfmdbzTTM7zqvsby7eiupK62R7nYUP7RhS1Z NHgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject :arc-authentication-results; bh=iJDWd6c2MhAMw+tK9TMIt3GZlEU2Bsy33i1Ckyq7bHk=; b=T4KZGoiPZPGiuS3ukEcZcUEZ9GULN1dmDMzu/6DI3GcL5rPoO9XP4WWUUunsNIaiNY 7RUSybpTM/gCw/4JmWGK1BmCrOubZcl3I0+cBv7up1hYmr5xA3iDCo8uYq1JfS+Gmysz MhnDwEMpuKZSznLLO3A3xuAkOO3VzGpq/ikPu0Jpbaj18dNZpOHLzah1ESQypNa1Gkeu B+di1jg0pAjYR3o0KmGnc/murHIMVarg0EFhKPitpvsSZyEnXSGg1yJdL0O4K01UH7KF x7VYQhah/o/7SZi+2FVBZeabvQ7JyeYDiGQAwwmgJYAII/baf5X8MQDSdVUFkF9h94f3 JKRw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a24-v6si131662pgv.527.2018.08.16.12.56.13; Thu, 16 Aug 2018 12:56:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725949AbeHPWza (ORCPT + 99 others); Thu, 16 Aug 2018 18:55:30 -0400 Received: from smtp-sh2.infomaniak.ch ([128.65.195.6]:53359 "EHLO smtp-sh2.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725783AbeHPWza (ORCPT ); Thu, 16 Aug 2018 18:55:30 -0400 X-Greylist: delayed 513 seconds by postgrey-1.27 at vger.kernel.org; Thu, 16 Aug 2018 18:55:21 EDT Received: from smtp6.infomaniak.ch (smtp6.infomaniak.ch [83.166.132.19]) by smtp-sh.infomaniak.ch (8.14.5/8.14.5) with ESMTP id w7GJjbRk027569 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 16 Aug 2018 21:45:37 +0200 Received: from ns3096276.ip-94-23-54.eu (ns3096276.ip-94-23-54.eu [94.23.54.103]) (authenticated bits=0) by smtp6.infomaniak.ch (8.14.5/8.14.5) with ESMTP id w7GJjWHc024698 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 16 Aug 2018 21:45:32 +0200 Subject: Re: [PATCH v1 00/22] LSM: Full security module stacking To: Kees Cook , Casey Schaufler Cc: Jordan Glover , Sargun Dhillon , LSM , LKLM , Paul Moore , Stephen Smalley , SE Linux , "SMACK-discuss@lists.01.org" , John Johansen , Tetsuo Handa , James Morris , "Schaufler, Casey" , Salvatore Mesoraca References: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> <8e2bdc10-3142-9e8d-ff05-70fa4d862dd5@schaufler-ca.com> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Openpgp: preference=signencrypt Autocrypt: addr=mic@digikod.net; prefer-encrypt=mutual; keydata= xsFNBFNUOTgBEAC5HCwtCH/iikbZRDkXUSZa078Fz8H/21oNdzi13NM0ZdeR9KVq28ZCBAud law2P+HhaPFuZLqzRiy+iNOumPgrUyNphLhxWby/JgD7hvhYs5HJgdX0VTwzGqprmAeDKbnS G0Q2zxmnkb1/ENRTfrOIBm5LwyRhWIw5hg+HKh88g6qztDHdVSGqgWGLhj7RqDgHCgC4kAve /tWwfnpmMMndi5V+wg5EanyiffjAq6GHwzWbal+u3lkV8zNo15VZ+6mOY3X6dfYFVeX8hAP4 u6OxzK4dQhDMVnJux5jum8RXtkSASiQpvx80npFbToIMgziWoWPV+Ag3Ti9JsactNzygozjL G0j8nc4dtfdkFoflEqtFIz2ZVWlmvcjbxTbvFpK2TwbVSiXe3Iyn4FIatk8tPsyY+mwKLzsc RNXaOXXB3kza0JmmnOyLCZuCTkds8FHvEG3nMIvyzXiobFM5F2b5Xo5x0fSo2ycIXXWgNJFn X1QXiPEM+emIRH0q2mHNAdvDki/Ns+qmkI4MQjWNGLGzlzb2GJBb5jXmkxEhk0/hUXVK3WYu /jGRQAbyX3XASArcw4RNFWd6fwzsX4Ras52BwI2qZaVAh4OclArEoSh5lGweizpN+1K8SnxG zVmvUDS8MfwlO97Kge4jzD0nRFOVE/z2DOLp6ZOcdRTxmTZNEwARAQABzSJNaWNrYcOrbCBT YWxhw7xuIDxtaWNAZGlnaWtvZC5uZXQ+wsF9BBMBCgAnBQJTVDk4AhsDBQkLRzUABQsJCAcD BRUKCQgLBRYDAgEAAh4BAheAAAoJECkv1ZR9XFaW/64P/3wPay/u16aRGeRgUl7ZZ8aZ50WH kCZHmX/aemxBk4lKNjbghzQFcuRkLODN0HXHZqqObLo77BKrSiVwlPSTNguXs9R6IaRfITvP 6k1ka/1I5ItczhHq0Ewf0Qs9SUphIGa71aE0zoWC4AWMz/avx/tvPdI4HoQop4K3DCJU5BXS NYDVOc8Ug9Zq+C1dM3PnLbL1BR1/K3D+fqAetQ9Aq/KP1NnsfSYQvkMoHIJ/6s0p3cUTkWJ3 0TjkJliErYdn+V3Uj049XPe1KN04jldZ5MJDEQv5G3o4zEGcMpziYxw75t6SJ+/lzeJyzJjy uYYzg8fqxJ8x9CYVrG1s8xcXu9TqPzFcHszfl9N01gOaT5UbJrjI8d2b2SG7SR9Wzn9FWNdy Uc/r/enMcnRkiMgadt6qSG+Z0UMwxPt/DTOkv5ISxyY8IzDJDCZ5HrBd9hTmTSztS+UUC2r1 5ijaOSCTWtGgJz/86ERDiUULZmhmQ1C9On46ilAgKEq4Eg3fXy6+kMaZXT3RTDrCtVrD4U58 11KD1mR4y8WwW5LJvKikqspaqrEVC4AyAbLwEsdjVmEVkdFqm6qW4YbaK+g/Wkr0jxuJ0bVn PTABQxmDBVUxsE6qDy6+s8ZWoPfwI1FK2TZwoIH0OQiffSXx6mdEO5X4O4Pj7f8pz723xCxV 1hqz/rrZzsBNBFNUOVIBCAC8V01O2A6U2REVue2XTC358B7ZYr8omGeyaEffDmHVA7KOqsJd 3rTNsUkxJtHGbFhCOeOBMZpgZbxhvrd+JkfHrA4A3QYf1z040oTW6v47ns2CrpGI9HZKlnGL RKGbQ+NkKWnhrIBmgk7EjbNVCa0zlzKdFkbaeOB/K8IMux6gky1KbM2iq/KjkNimGSoRKtnL o/rc8mmOGb7Y5I0nBWANE3lWC1oQXbnT4tsYpTeruA95STcwYYaThGMjIXHnvlhtt/uHdNiZ dZ2jxkmWDDQCo8JY1Md47CZzgX0F8F3Yyxd2rvPQzPqCmdsneUNFD9Hf3nSwxXe25Rob3a7M wQbLABEBAAHCwWUEGAEKAA8CGwwFAlq+mvkFCQlOOCcACgkQKS/VlH1cVpaJXg/+P3T2eJOJ sHXg6A+W5Ipqwr3e3mi1PwF+B+L6nllcx0KOG4RuuEbAQaNCrLU4T+3CbOm5hr1AK4I+LHXb +tIQf9i+RFuxARWJgVFWObaOj3gIAPRI6ZH8mHE5fHw14JFrMYtjBA0MC1ipKhvDNWzwgOXn tta46epBaJyc66mjFOB/xuBVbI5DdMix/paJB9hxfaQ3svhPrm25P6nqOtL3iSqMV0pyfWCB zoex2L2AaBcY6D3ooa6KNMTM9FVcvV1spRRNCYxa2Ls8sPou1WD+zNtfe+cag8N7J+i0Nphb cYZ7jHgyIVV8IK2f0vjkMfpZrQzkFKghUv7KZio2y79+nqK1gc88czsIFB0qYbTPn5nNTwZW 3wmRWpivIvqj6OYvSWDn0Pc0ldGTy/9TK+Azu7p7+OkG9BZMacd7ovXKKCJUSVSiSAcDdK/I slgBHSOZGSdPtkvOI2oUzToZm1dtfoNCpozcblksL5Eit2LlSIAhDuFvmY3tNPnSV+ei37Qo jHHt2CWLN8DVEAxQtBqDVk4Cg12cQg/Zo+/hYfsmJSpGkb6qoE2qL26MUyILOdYD+ztR7P3X EnwK/W8C00XQg7XfdfyOdb/BNjoyPO5+cOArcN+wl839TELr6qsKbGMueebw4l778RIVBJlY fzQh4n77RjVFnCHFbtPhnyvGdQQ= Message-ID: Date: Thu, 16 Aug 2018 21:45:27 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Ax7RabQ5kPE8FeEKHjzLSbDTH0To8Nlsq" X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Ax7RabQ5kPE8FeEKHjzLSbDTH0To8Nlsq Content-Type: multipart/mixed; boundary="m9V04fH7EEq5PnM5u0FQxw3mBDguziMHu"; protected-headers="v1" From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= To: Kees Cook , Casey Schaufler Cc: Jordan Glover , Sargun Dhillon , LSM , LKLM , Paul Moore , Stephen Smalley , SE Linux , "SMACK-discuss@lists.01.org" , John Johansen , Tetsuo Handa , James Morris , "Schaufler, Casey" , Salvatore Mesoraca Message-ID: Subject: Re: [PATCH v1 00/22] LSM: Full security module stacking References: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> <8e2bdc10-3142-9e8d-ff05-70fa4d862dd5@schaufler-ca.com> In-Reply-To: --m9V04fH7EEq5PnM5u0FQxw3mBDguziMHu Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 08/15/2018 07:19 AM, Kees Cook wrote: > On Tue, Aug 14, 2018 at 4:50 PM, Casey Schaufler wrote: >> On 8/14/2018 4:22 PM, Jordan Glover wrote: >>> On August 14, 2018 8:28 PM, Casey Schaufler = wrote: >>> >>>> >>>>>> The blob management part (through "LSM: Sharing of security blobs"= ) >>>>>> is ready for prime-time. These changes move the management of >>>>>> security blobs out of the security modules and into the security >>>>>> module infrastructure. With this change the proposed S.A.R.A, >>>>>> LandLock and PTAGS security modules could co-exist with any of >>>>>> the existing "major" security modules. The changes reduce some >>>>>> code duplication. >>>>>> Beyond the blob management there's a bit of clean-up. >>>>>> Mounting filesystems had to be changed so that options >>>>>> a security module doesn't recognize won't be considered >>>>>> a fatal error. The mount infrastructure is somewhat >>>>>> more complex than one might assume. >>>>> Casey, >>>>> Do you think you can break out 1 into its own patch? It seems like >>>>> that'd be valuable to everyone. >>>> Yes, I think that is a good idea. Landlock, S.A.R.A. and a couple >>>> other security modules could be added upstream if this part of the >>>> work was available. It would not provide everything needed to stack >>>> all the existing modules. I believe there is concern that if this >>>> much went upstream the work on finishing what's required to make >>>> everything work might be abandoned. >>>> >>> On the other hand there is concern that those security modules might >>> be abandoned if they have to wait until everything is finished :) >> >> There is some truth to that. If we can get commitment from the develop= ers >> of those security module to push for getting upstream, a statement of >> intent to support additional modules (e.g. Landlock, S.A.R.A.) from a I'm the developer of Landlock. I'm working on it on my free time but my employer is also interested and I have some dedicated time for Landlock at work too. I've been quite busy these past months but I'll get back on Landlock soon. As Salvatore said, my goal is also to get Landlock upstream. The current code is quite mature compared to the first version but there is still some work to do before the next patch series. BTW, code reviews are much appreciated! The LSM stacking patch series may not be a blocker for upstreaming Landlock but this series is needed to enable Landlock on common distro (which won't disable their current major LSM). It would be easier to have the LSM stacking upstream as soon as possible though. >> significant distribution (e.g. Fedora, Ubuntu, SuSE) and ACKs from the= >> maintainers of the existing modules we should be able to breeze right = in. >> >> Yeah, I think that's about all it would take. >=20 > I would strongly recommend Landlock and SARA for every distro. They're > opt-in, and provide much-needed missing userspace defenses (and attack > surface reduction). >=20 > -Kees >=20 Thanks Kees! And great work Casey! Micka=C3=ABl --m9V04fH7EEq5PnM5u0FQxw3mBDguziMHu-- --Ax7RabQ5kPE8FeEKHjzLSbDTH0To8Nlsq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUysCyY8er9Axt7hqIt7+33O9apUFAlt11FcACgkQIt7+33O9 apUJlwf+I4XLIzJkMdNT+cZ863oGTUVOUFlu2g+jf1WszqyA/CMUb9Oi7Vp1yQKj rNJ80mLfDkCH5U65WY+Nq6CpymHu9XQRU8MuaxQzlZAwMr28+ne2fc4n+uNy4zRN S2sXrTCLgE1YJBIH9cL25zEe79xbzJIFr0ws4METB4PvvhK5m8mtWWtfvALOPd2J 1er/qDM7jL0Y3jLRIJ9XRUaWcEm5aFBY7qBYh5seZL6rQerrHUNMf1Ik+smxH1PK odwTVHrb1pzCb51yDtvrTFvHtRCYygj9VaI3ajBU/jipurltMjHe/5KEKlXXLari VO1Z5TvUMVOOoAYwoNULSAs3o5WVeQ== =OhzK -----END PGP SIGNATURE----- --Ax7RabQ5kPE8FeEKHjzLSbDTH0To8Nlsq--