Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4257642yba;
        Sun, 12 May 2019 08:32:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzEaJ+acck13KnwlHjo/QCYHT4de3iV0vVCzL6YA2DjgCoUOVhsHr6eQHWFZEH5bk5dRjdi
X-Received: by 2002:a63:3dcf:: with SMTP id k198mr26537221pga.60.1557675149240;
        Sun, 12 May 2019 08:32:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1557675149; cv=none;
        d=google.com; s=arc-20160816;
        b=Sovf3liPX7kGu09d9Tq2Ua5RpO99fqewfqrLO4LdCiCnalOmSHSsEKm30YQjcrlSZm
         RIvDYYhizERxFcI+cmk1lQE8pderXcdqWRAP32+wxfeS8Gx1jbxAecsM8wccrrXzcEY+
         LvB5q6Ap3skiYd3HyuNMBi/3AEWOVTTpHvs7V/m2ANgd12Y55+vf2UDRc4IsVNtbxdl6
         pRc1yx/fh9GgQ7CYzIrLYXBR45/geVQEi6WNjEjz2FXqd7HABzKSgIu/7afO9e0fzjMi
         slt3Pg0XEaUoLSa/MsyrJj71V6ozop+f0T1xOZRmrG6/YfnC1DbWMtzNiV9ccA7Bvdlf
         3wJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:message-id:subject:cc:to:from:date;
        bh=4EBCI+5SFwwBhuKihXsiEv6Y4ZeOyH8t2XhKFOKNf40=;
        b=PW2MwkdBXVK6wlPMjI4FYlsw99mP2SoZ35KjyBjASlNeEtIcOV78Et1QQPMft6BHe0
         Yyo2EcYloOS7NQ3G5wLXShkXxllLAx8O+ebs1FUZTpdgp8/kVeBEZl7XNp/7JvLUCRA3
         Di3hbzkLaHZsEOMdA6XQfLEsnFC1NjE3fsIL13YaIZ21T+u1/wnU8DtxdRbTI7XXnN5k
         GzW05y6LIeBRMizTG4zgWja3iq1tdxqiP8LdFr5XRTTxhujwD2hI/VDLmSXbKZ8C77TW
         deLcX+dzCsRSERsVtBn+rz8CZTpTVnhCjzCsquWUmFiCuSd3BiKgo61IHd7VGte1GsIx
         mx3Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q81si14038223pfa.207.2019.05.12.08.32.12;
        Sun, 12 May 2019 08:32:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726769AbfELPbZ (ORCPT <rfc822;chauncqc@gmail.com> + 99 others);
        Sun, 12 May 2019 11:31:25 -0400
Received: from isilmar-4.linta.de ([136.243.71.142]:52230 "EHLO
        isilmar-4.linta.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726355AbfELPbY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 12 May 2019 11:31:24 -0400
Received: from light.dominikbrodowski.net (isilmar.linta [10.0.0.1])
        by isilmar-4.linta.de (Postfix) with ESMTPS id 73CE5200611;
        Sun, 12 May 2019 15:31:22 +0000 (UTC)
Received: by light.dominikbrodowski.net (Postfix, from userid 1000)
        id 3642120920; Sun, 12 May 2019 17:31:05 +0200 (CEST)
Date:   Sun, 12 May 2019 17:31:05 +0200
From:   Dominik Brodowski <linux@dominikbrodowski.net>
To:     hpa@zytor.com, Mimi Zohar <zohar@linux.ibm.com>
Cc:     Roberto Sassu <roberto.sassu@huawei.com>, viro@zeniv.linux.org.uk,
        linux-security-module@vger.kernel.org,
        linux-integrity@vger.kernel.org, initramfs@vger.kernel.org,
        linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        linux-kernel@vger.kernel.org, zohar@linux.vnet.ibm.com,
        silviu.vlasceanu@huawei.com, dmitry.kasatkin@huawei.com,
        takondra@cisco.com, kamensky@cisco.com, arnd@arndb.de,
        rob@landley.net, james.w.mcmechan@gmail.com
Subject: Re: [PATCH v2 0/3] initramfs: add support for xattrs in the initial
 ram disk
Message-ID: <20190512153105.GA25254@light.dominikbrodowski.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1557665567.10635.222.camel@linux.ibm.com>
 <4E92753A-04BD-4018-A3A4-5E3E4242D8B9@zytor.com>
User-Agent: Mutt/1.11.4 (2019-03-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, May 12, 2019 at 03:18:16AM -0700, hpa@zytor.com wrote:
> > Couldn't this parsing of the .xattr-list file and the setting of the xattrs
> > be done equivalently by the initramfs' /init? Why is kernel involvement
> > actually required here?
> 
> There are a lot of things that could/should be done that way...

Indeed... so why not try to avoid adding more such "things", and keeping
them in userspace (or in a fork_usermode_blob)?


On Sun, May 12, 2019 at 08:52:47AM -0400, Mimi Zohar wrote:
> It's too late.  The /init itself should be signed and verified.

Could you elaborate a bit more about the threat model, and why deferring
this to the initramfs is too late?

Thanks,
	Dominik