Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp1697473ybm; Tue, 21 May 2019 19:42:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqwe4IATxm13Z8mjmAcRBzlD5ErJyy4u4HIaWt86QQAi2B0KVdVpQe2pFDb137T/Gl2KIQeH X-Received: by 2002:a63:1f22:: with SMTP id f34mr25498081pgf.248.1558492951924; Tue, 21 May 2019 19:42:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558492951; cv=none; d=google.com; s=arc-20160816; b=dPOFv/ALysk0Z7g+bMtbAaTtFZ40WssH1h3Azc+kvCNGsCfENtYQtRyBHBS9PMxJLD RVuwz1qtguAr1A9r7yDXad4bXVU4EQ6ER1t53BFZ8azKms61EqukZuOB+ym+dFOlh9y5 ujS01f8KwPwfH5aYIGaOr+KQOR7eDyXWJveTfVBozFA6tkuq5vBbTD5Y61SsfrUPAW7q ek3hQrcWZWVRP47eouy4jd4pRl/XWgiSDSDuvxdrlgjB9wobllDeD+MI5637gyNX9/z9 /EobufHVkKuxp7oyKsOd/EQHwk77cWAqnHlqDKqMlY7EUkkMNeO9MTp71xadd+PHkZXZ j+mQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=4z4Ifvj4SZwMjCJI/bPwgdt11InPd7ZA58KrIRmmDW8=; b=xlF41H+ooJkRF+3LOdUdPU/1sozPjxFoRZ4ZUEw/USfphosbr8fek+cdISysuI4tA8 0Ql2hP0GLBlC7CrYk3bAGkvpOnsXDsQrG+8QdoK1CYKEuEjTYWmthU6RxdHFPBBj7wfD rVz376KA3CINuAriuoDj+HBJse8ymMQ9kutwyudRqLLPfZ33EjDwTI7bMMO+5LwY4Mkb ja5quzu6oT7s+Pv0MNR5CSN00uL7iw7321suIeL2u+r97N7ZsFnWuQCshHOT7qcTvxXT JGY2nwkEgtAwFNCkla7P4yEKgKQdjRGf5vpzK0EMOB71v8zEhti2o8T4FzP2LerRJKCC SzeQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v5si16416020pgs.285.2019.05.21.19.42.13; Tue, 21 May 2019 19:42:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728175AbfEVClA (ORCPT + 99 others); Tue, 21 May 2019 22:41:00 -0400 Received: from namei.org ([65.99.196.166]:33694 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727208AbfEVClA (ORCPT ); Tue, 21 May 2019 22:41:00 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id x4M2et1w006403; Wed, 22 May 2019 02:40:55 GMT Date: Wed, 22 May 2019 12:40:55 +1000 (AEST) From: James Morris To: Matthew Garrett cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Andy Lutomirski Subject: Re: [RFC] Turn lockdown into an LSM In-Reply-To: <20190521224013.3782-1-matthewgarrett@google.com> Message-ID: References: <20190521224013.3782-1-matthewgarrett@google.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 21 May 2019, Matthew Garrett wrote: > Hi James, > > This is a quick attempt to integrate lockdown into the existing LSM > framework. It adds a new lockdown security hook and an LSM that defines > the existing coarse-grained policy, and also adds a new > DEFINE_EARLY_LSM() definition in order to permit lockdown (and > potentially other modules) to be initialised at the top of kernel init > in order to allow policy to be imposed on stuff that happens in > setup_arch(). The goal here is to allow policy to be devolved to other > LSMs on systems that have a secure mechanism for loading LSM policy > early in boot, allowing creation of arbitrarily complicated policies > without interfering with the common-case coarse-grained approach. > > This should probably be extended so a uapi-exposed constant is passed to > the hook in order to make it easier to write policy in other LSMs, but > does this broadly look like you were imagining? This looks promising! An LSM could also potentially implement its own policy for the hook. -- James Morris