Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp3175729ybd; Mon, 24 Jun 2019 21:01:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqwWJIBO4wcAJ8VrV+ZDx2Ge2SKZExNPYQHOTerRBKbuKyeCWSNgC8N90UEEHe6WhEbtYrpb X-Received: by 2002:a17:90a:2506:: with SMTP id j6mr30047056pje.129.1561435284551; Mon, 24 Jun 2019 21:01:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561435284; cv=none; d=google.com; s=arc-20160816; b=At0j4ickJZRAEt9M36eHHcXVUcsCskzxm7gF3ipr7HdNL3I6MpaSbsAjjcdccS6l7E xVBbK4yzLMOL+LBIyVLStAH+Sl3KAeVAH+hmNhYQ29tRK4ONkQnZ/FSqxfx6kH+c5Y3A EN3CZPSNy3QzNq7xN5VOOif7XTl4wvGz/WAIJ0lQOKFUzBZG7eiwOdDC89fBIDzoeLeG FSoaoJ+nzuCc0UBfz90197xBn+Z0Vc6QO9LTgjKnDW+pvOZ+diCH6k6hXaJQBO1dF8vQ v3lxPBsQg/Q2rfrv8zNnYoRlm4EUMVANYEphupqyMiIHSChy3hN0KTl2K09Uxe4R8EVC hb+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=qbOrnIupVUW58CvYWuTxi+TaCWansJx4UnWPnwoZyJY=; b=CZXfeq6N1p38G+nDLvi0QDLTehXq/H1sAYmnzoU3uS+fhSdysB/+LTEU+Qsb+GqFKd sTjrgHqqladrs/n8K0sc5CGMAwGV37FlfsDVpzFqNxyQLlS5/AvDs+g5EoH2Skwly6Au iy76PNm7aA1RWeMfonloFyuQQ9UPgir8mPU0U23W0wR4bDacyZkIi4JRxNF3qPZ6FgWZ PXJoNpgxzzjBhRWp0mQ217AaBFZ7gqpdJ6zhhN41MDrNUhT9z/eJFl0uHqKClT4hh0ED mtwmw+fi9dv+FRIxfXRBoQ+xdtbRXJbGBNSn11+vLOwkPdWrS7yoyIv+HAiHJiM71+Vg FEIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=HUXUAlmq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x4si12721513pln.70.2019.06.24.21.01.08; Mon, 24 Jun 2019 21:01:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=HUXUAlmq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728848AbfFXX4k (ORCPT + 99 others); Mon, 24 Jun 2019 19:56:40 -0400 Received: from mail-io1-f65.google.com ([209.85.166.65]:45242 "EHLO mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728829AbfFXX4i (ORCPT ); Mon, 24 Jun 2019 19:56:38 -0400 Received: by mail-io1-f65.google.com with SMTP id e3so1049608ioc.12 for ; Mon, 24 Jun 2019 16:56:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qbOrnIupVUW58CvYWuTxi+TaCWansJx4UnWPnwoZyJY=; b=HUXUAlmqADW2TvklcTS8vLxmQ564rKI+gpHW3ckU8mFGROi3j1s/fMq9zvwOcD+GR/ Ejy70MnCirzz9M9UbGuGbPLeezKbqoKj5JhUclzQLUQP28sgxW820TLZ5lbacxE8hQVj x4uw9hzl639jgHDZ9UO3wpxo8Un3RGw4P0LCSzGhvIDVlg6UdGz3N8h2s5TUacfgJvvt Pfjo3cZvMqWAUxDZP8GviI08ewLTXJMN/ALlSa5C0CgSVWdjy2beq6N+kPRv2Nus+C56 PN1V00fo3fGRDTYnUHm3vvref5BiDeYLvYvEoZngc27qwYQ8qOB4lozFsNR4aA/IipUt kA4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qbOrnIupVUW58CvYWuTxi+TaCWansJx4UnWPnwoZyJY=; b=m+PXKyqCPEoHJrrMnYCV+YWhsrwU+zEl9cYWB70qebGXOBZEe2prEs4aSjxhpu8nKa vodvOsFxmsE2qgBld0WN4hz+4NNO6ZfT6kaLPU2Xj/uOUEF/xwWGGvrYJ89pi8sJJw6j CjF00eljOX1Y4mrxzpweYPfyvZHPA2+TCelDnGx/Z3tlmdNGRekC5iyHKWuau3Vmj8fV fw5Z+U0zlDOX8yqbGRXDLBuJRBhmgPNkbEo4Os64Vv3of/UrTKftiJgzTH1AnyBGWxuK mv9RwI7qbRMSR9sJIUyH4kcZ5ad+ZIz9f4PdkWVF0OZlcjyZYV6U9+DrtiluytjdmsVw 3ZjQ== X-Gm-Message-State: APjAAAWpkBsHioKOEEgiXF9g3zIb5LAU7msIneNIqUWbSQewW7cmrhYb v+GraqOuoMwCCbVaEu7hBQnB+ByuKa/c9hFFdyVtMUDELiw= X-Received: by 2002:a6b:8dcf:: with SMTP id p198mr8001652iod.46.1561420597592; Mon, 24 Jun 2019 16:56:37 -0700 (PDT) MIME-Version: 1.0 References: <20190622000358.19895-1-matthewgarrett@google.com> In-Reply-To: From: Matthew Garrett Date: Mon, 24 Jun 2019 16:56:25 -0700 Message-ID: Subject: Re: [PATCH V34 00/29] Lockdown as an LSM To: James Morris Cc: LSM List , Linux Kernel Mailing List , Linux API , Stephen Smalley , Andy Lutomirski , John Johansen , Casey Schaufler Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 24, 2019 at 4:01 PM James Morris wrote: > > On Fri, 21 Jun 2019, Matthew Garrett wrote: > > > Minor updates over V33 - security_is_locked_down renamed to > > security_locked_down, return value of security_locked_down is returned > > in most cases, one unnecessary patch was dropped, couple of minor nits > > fixed. > > Thanks for the respin. > > We are still not resolved on granularity. Stephen has said he's not sure > if a useful policy can be constructed with just confidentiality and > integrity settings. I'd be interested to know JJ and Casey's thoughts on > lockdown policy flexibility wrt their respective LSMs. This implementation provides arbitrary granularity at the LSM level, though the lockdown LSM itself only provides two levels. Other LSMs can choose an appropriate level of exposure. > These are also "all or nothing" choices which may prevent deployment due > to a user needing to allow (presumably controlled or mitigated) exceptions > to the policy. Distributions have been deploying the "all or nothing" solution for several years now, which implies that it's adequate for the common case. I think it's reasonable to punt finer grained policies over to other LSMs - people who want that are probably already using custom LSM policy.