Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp82964ybi; Thu, 20 Jun 2019 18:20:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqzPNxZZQjWKV/LMNuId+70JrCFxau9OAWd2anWfuQYhQOvTB38t1YuosNoPqjl0/6IeV0qF X-Received: by 2002:a63:b1d:: with SMTP id 29mr15462742pgl.103.1561080014832; Thu, 20 Jun 2019 18:20:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561080014; cv=none; d=google.com; s=arc-20160816; b=vfUkwlvfUPMx2PD4bF4CUdbAEZP+UCxn1Mk3GbWAWO3nqtzyswYtE6+vQq2Kj75cWt KO40ywvYr+H+q8Dr5oPN5fuT5PSgebxLvjxzSHMqfdeS+8WlmoesqtPz7kqvxf0C7lb6 S8Ou+cYG9T8fHb6mbns86rUV+D1d7iB/GjRrzLQnLg1fapM/wGKJGP4/EoRKoZMlD1hW bYylf8Pmi4VHSvVvO5dUpnDNclS3OWA2wf2+V0ic72zJovq7A4+bOlw/WrL56aIKAW0e FuVsF/7o/Y57Xx/y94wtSSHq5f/Y9DWGwIrUleqq172Dl2yf1nVL8YDkNAhyxhWh9EeB acpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=kxQz0Fl6z9VQMt6gH+UCTNHqWLDkknyKLbiNKZTb/0E=; b=x8enOJVC5sLoIGhNoZifFMdjjil0h9zMCbMqwE/blhIhCRs2/AZkNNRarYC0TCeDYW 8IMUbm9omHEg/uPp7GTgq7+bjtc3iSp1iW7hlYEXW+hTfWUJDWOViZed1wSl8zA4qYWH vOOci+uvtvcDibkB8AWwB9lkl0sQHrE50uRQHvzOsLW+MYqSHdAUIQlbYgvZ/8mYKZVs Rdv2qX6uzNxUg/ldI4mWTDZbKL4tC0ukpMawRxmprUNnEKrCPQ+hQn2WKlsSpBbzsxrV gh7IEreoxH+FqbAWv2iYh+JpyFGL5RC+T+xSUq903V8C9dB5fri4K+pmkehZBBxA9bao IGjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uJA8GXH0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q8si1144447pfc.155.2019.06.20.18.19.59; Thu, 20 Jun 2019 18:20:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uJA8GXH0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726178AbfFUBTs (ORCPT + 99 others); Thu, 20 Jun 2019 21:19:48 -0400 Received: from mail-pl1-f202.google.com ([209.85.214.202]:44571 "EHLO mail-pl1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726106AbfFUBTr (ORCPT ); Thu, 20 Jun 2019 21:19:47 -0400 Received: by mail-pl1-f202.google.com with SMTP id n1so2661384plk.11 for ; Thu, 20 Jun 2019 18:19:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=kxQz0Fl6z9VQMt6gH+UCTNHqWLDkknyKLbiNKZTb/0E=; b=uJA8GXH0tWNxWQqjFS6Ap0uI6ZKu38NASgDmqpItDDXYKTj8gwId0lUB1VZGgD41y/ 6m7/wysFDtuvXJARZSB6k7rXCMu51J69uqR/34U0Y/AunpvNNSzrHAvrsBnD3YDD9CVq TqlyBLSBPvuC8Zbo1sb8Aw6aB/iY6TOFYTNdJYGrAZ+En2qZdwu0mFB5aVCk91wS6NUQ qXrTq8SX8fyCgqibF9XK7XaIy5bXRHi+uzz2Y1dwI8/G26tKo2G5SRyyA/eyL5R6C2q1 VRcEFw6OFqExjYqMoC/p5LcMtNwFl/waDeFjZL3jt88mwekmHM63N7hGCIsl0ORVSyP7 ToAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=kxQz0Fl6z9VQMt6gH+UCTNHqWLDkknyKLbiNKZTb/0E=; b=ec1DwUZDO18FOCVBWVZz8z9RlEI2+olNw330sA0+UP0aX58eWDjmvkOVJAw3drB5TH PyLPYtV4td2wVXadpQpqhzKphZENWCQCkTEEBAhDYZ+Mh2/wC1KvNKot/WOP4MevZcls qPhzTJOBmJSO3G2yNHNaE9aIwdK6fkgI6dBu5b5BXlsE7BA/mKJq0ykY6/EfT5WrZKhl sSxUTFTiL9KDuX261rSEN1mCKq9e/+E3JUMsefVGbD2ygkYoX+As+MZjgV8MiJwkURpd NS359Zr0MxJzrTd8rTtbWulkHmcOuMV4Id2fjvEPq40Kw5JEpr+S1g+vmhOHQHhSjijO 39TA== X-Gm-Message-State: APjAAAXL7vQlDpwtk3g+xzQnY985aTZYgLMu+LPpF2XwdBWpPUPBR8lz U0ffBNpWCF469X3zfdnqCL7prpW2VSGTfZG/X2dh2Q== X-Received: by 2002:a63:4c1c:: with SMTP id z28mr15423435pga.122.1561079986483; Thu, 20 Jun 2019 18:19:46 -0700 (PDT) Date: Thu, 20 Jun 2019 18:19:11 -0700 Message-Id: <20190621011941.186255-1-matthewgarrett@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH V33 00/30] Lockdown as an LSM From: Matthew Garrett To: jmorris@namei.org Cc: linux-security@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi James, Let's see how this one goes. I've moved the lockdown code into an LSM hook and provided an internal enum of lockdown reasons that LSMs can either group or expose at whatever level of granularity is appropriate. I've also included a static LSM that mimics the behaviour of the existing patchset. I think there's a reasonable discussion to have about what sort of granularity other LSMs might want to offer, but I don't think that necessarily needs to be a blocker to merging this. As with the last implementation, this can be enabled via static kernel configuration, the kernel command line or via securityfs, depending on usecase. Distributions may wish to tie it to UEFI Secure Boot state, but we can save that conversation to later. Thoughts?