Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp1516079ybm; Tue, 21 May 2019 15:41:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqxXcI5D7tGq51gD7KJE/QWXORB67uC18KwtIHJgxUSJ65NZ9R+I1SkUE+BZiYOPbrwrKfFJ X-Received: by 2002:a65:578a:: with SMTP id b10mr70225712pgr.161.1558478498691; Tue, 21 May 2019 15:41:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558478498; cv=none; d=google.com; s=arc-20160816; b=cI5RFulec8q7TCzztnE6YqoPmwjGRdmWihMQqvgv16qh1EOIfmIYyHZqt+0qPMFeta tXRXt+8hFwzQ+IpTT9FvI/wFvGj5QKPNjP/lR65gCH/dFNZgtjhowgRytrO1pLVpT0yo IA21D8k07hrsBG9Whq41j5al7jPY1NYpDLpqikZf3UpSh3qL0Me9LIYVX3cT5zh35a7q f4tFLyKga7GR29FeE19SLA8RWVg1cPGBrE2n94LDXmn/jVqM5u4sUBPC4eKTrvOi3EYg WMCeb60sQBBLAJoccuOnf9DYZLKSVwoitbsIXtMz03GaXyDDKJp1j0acVuTrPLSgBbWp kgmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=CxR5AlWDpArVLEx0HLe6lnTbiemspwxzj3fum4FdAg8=; b=OwOTwORGWi+ShA7qnUhzS1L09R01yjVdae1xkkrx3NUdyLMwc0xp86nNm6XO1HJqAr L3r+/4zeuKd3bSsQTjEl6sgrcJjonpk/b4c0KSdoonygnTLVgr/5B3lpP56ET5C+brpg QH3O5v6/pAUs+tF+fSW9YTjpao5Ny2hxn9WWXcAE5GMfCGf5AY7N7WUq+nYPkWg3ChZK hRrbAobJ6iV91TrzUIianeLdkRYgaeUFID80oLVhdj8Jj2mKLeBXIo4EeHH4tlFfT6AQ rqPFo1kOWQaSV2gCnouaO4i+xj3uVTiA7PWIYQ2l3T31PLf4wkyqceKVhD8MqdIrN5n3 RZ+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=a2KTTUPY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y125si26566504pfb.115.2019.05.21.15.41.22; Tue, 21 May 2019 15:41:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=a2KTTUPY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726466AbfEUWkR (ORCPT + 99 others); Tue, 21 May 2019 18:40:17 -0400 Received: from mail-qt1-f202.google.com ([209.85.160.202]:38953 "EHLO mail-qt1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726017AbfEUWkR (ORCPT ); Tue, 21 May 2019 18:40:17 -0400 Received: by mail-qt1-f202.google.com with SMTP id b46so170586qte.6 for ; Tue, 21 May 2019 15:40:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=CxR5AlWDpArVLEx0HLe6lnTbiemspwxzj3fum4FdAg8=; b=a2KTTUPYY68mgnwLoZX7NpSamuPKa/UmPwh3ZXp/yHmS1liRwwJzfEOpVjkQVsGegs 6StcJObJONEMW4BoSCAz3v0V84ruIgUSBpAkqjHte5mNxudvhWYOXjWrr1yAaOo70Ni2 B+PnJGvCbugteJbXDXPpmFTtHbkNAYDPGoC4vaPDhxWwa3zD+c5WuQCs6jw/IrwcEBg4 pN9GNTEhvTAO0EF2pA2C09Z2ieNP0ea7otA4B6ezj2yTvTslcHkPjU7pUrUV9nws7uJO 7FJiK0RqG/f4trm++BfAF10+spOplapIV1LzayaMkLF19AnC2OhAMwPE3Ck//7irDXC/ L3Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=CxR5AlWDpArVLEx0HLe6lnTbiemspwxzj3fum4FdAg8=; b=JHojxZRVoFQLw+fkneno2u/xFa/33k1/HhkCZHPaVCUqMiMY22IJwm8gCBFHZf3HLS Y6jGM9XNMmMXi6Qt4agGjNrZb/NeRKurrxPlhz19QwKXv2d/4nhCzx7EBjFpvuc5wdVC VpOh2oyu9rf0OgRUmScoN+neEHDSKcciY4ezJnzeafFEI3FhuNyn7/AKcfcP6kPWdVba ka8e0hDbCeSKLoeYF2ph3vQNFZV2rLeqw9CU3kEKecqZWFO9WWPQF/yOqIIqRIhZA2pH pSrQFS0sb0uBpVIAcuIjYBkxR2BrJeVCXWkUaTMzfnuEUz3Y4zuNsABbODUMiZX0KS1p XZDA== X-Gm-Message-State: APjAAAVX4ZNwddjN64IzUz4frHI6tzciSJtKPSyYar2GogUggXMLqBnq 3OqeD3Qi4T4Kvm/DVFN6vsyP448PzhtJm7N7T2N5pQ== X-Received: by 2002:a37:660d:: with SMTP id a13mr28849673qkc.347.1558478416387; Tue, 21 May 2019 15:40:16 -0700 (PDT) Date: Tue, 21 May 2019 15:40:11 -0700 Message-Id: <20190521224013.3782-1-matthewgarrett@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.21.0.1020.gf2820cf01a-goog Subject: [RFC] Turn lockdown into an LSM From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi James, This is a quick attempt to integrate lockdown into the existing LSM framework. It adds a new lockdown security hook and an LSM that defines the existing coarse-grained policy, and also adds a new DEFINE_EARLY_LSM() definition in order to permit lockdown (and potentially other modules) to be initialised at the top of kernel init in order to allow policy to be imposed on stuff that happens in setup_arch(). The goal here is to allow policy to be devolved to other LSMs on systems that have a secure mechanism for loading LSM policy early in boot, allowing creation of arbitrarily complicated policies without interfering with the common-case coarse-grained approach. This should probably be extended so a uapi-exposed constant is passed to the hook in order to make it easier to write policy in other LSMs, but does this broadly look like you were imagining?