Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp745688pxa; Tue, 11 Aug 2020 14:04:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy1r9B2Xi55SAOn2e/9SpBWhl3K+iTkVkO65noo5VuDeXoqNWyBguc6XbRi6bA4NyUXBAxJ X-Received: by 2002:a05:6402:1758:: with SMTP id v24mr28375531edx.274.1597179884870; Tue, 11 Aug 2020 14:04:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597179884; cv=none; d=google.com; s=arc-20160816; b=XsdRY1YAPMEzUeC1m+FTsIocVs6V3IkvdUO7IZaadVRMhFYdP5OQLgi/UbjKSXTXoA 1E8h4+EP5eSo1HAFsLCwM5zmGDoh0iAv2tH2IUECwECBtwiAEBrftjo5TKRo0q7bNfpi cGu3qIrJkPZagaUy0h2E9LxoKtQvaHxqGEXqV1SkmZuh2xSGCAjVjouknGCABMbdYdpg +gejxoUCBgPylRvYnO/ZBOtEsplaODn3iSQ9fsyRcdbIIjXOptXn69iq6/upbRFAKgjo jNP53GJRSZBPlAUHhRj5pDf5XOZa4kvS8TqP+TETqKxRpIzVw6YLORxTjWYH30ns580B USkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=8e/N1gMI2bdDV49I6nnaqTVrjtPmg/QESILYYTOW2V8=; b=mCW6zgg1UHE2pCpEbdSBC6TzgkH6xIQF2/bgbNNmprgu12irveG+i9w5x/Vmko4LV/ ewy0PonEEBHB6rfbnBrN73oelJGl57bI/wjuMvVW0g2HnOZ0zfIvEI7ZVRi2ivySAVMS p8jewlUBFiMoRdsev2v5RnEiUEfNxEgt+lROoMQegSvXQXjoa2+3MosmDeI6h3kqQfC0 lwLwFZRmpSvNDZDaQ888z3Jwa/XZQMEvN16s4X0JB9QSIi9K6w1ejDMXHogti6X96xOt 5rCK4fA8xdEvd4mRcBxzZXaC6G/0voDm4htfCSpMooxUyfGrBsRYyXxlNjUCb8Hm5st9 PPtg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id pk23si13104388ejb.488.2020.08.11.14.04.22; Tue, 11 Aug 2020 14:04:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726526AbgHKVDs (ORCPT + 99 others); Tue, 11 Aug 2020 17:03:48 -0400 Received: from namei.org ([65.99.196.166]:58742 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726235AbgHKVDs (ORCPT ); Tue, 11 Aug 2020 17:03:48 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id 07BL3Cw3013028; Tue, 11 Aug 2020 21:03:12 GMT Date: Wed, 12 Aug 2020 07:03:12 +1000 (AEST) From: James Morris To: Chuck Lever cc: Mimi Zohar , James Bottomley , Deven Bowers , Pavel Machek , Sasha Levin , snitzer@redhat.com, dm-devel@redhat.com, tyhicks@linux.microsoft.com, agk@redhat.com, Paul Moore , Jonathan Corbet , nramas@linux.microsoft.com, serge@hallyn.com, pasha.tatashin@soleen.com, Jann Horn , linux-block@vger.kernel.org, Al Viro , Jens Axboe , mdsakib@microsoft.com, open list , eparis@redhat.com, linux-security-module@vger.kernel.org, linux-audit@redhat.com, linux-fsdevel , linux-integrity@vger.kernel.org, jaskarankhurana@linux.microsoft.com Subject: Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE) In-Reply-To: <329E8DBA-049E-4959-AFD4-9D118DEB176E@gmail.com> Message-ID: References: <20200728213614.586312-1-deven.desai@linux.microsoft.com> <20200802115545.GA1162@bug> <20200802140300.GA2975990@sasha-vm> <20200802143143.GB20261@amd> <1596386606.4087.20.camel@HansenPartnership.com> <1596639689.3457.17.camel@HansenPartnership.com> <329E8DBA-049E-4959-AFD4-9D118DEB176E@gmail.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 8 Aug 2020, Chuck Lever wrote: > My interest is in code integrity enforcement for executables stored > in NFS files. > > My struggle with IPE is that due to its dependence on dm-verity, it > does not seem to able to protect content that is stored separately > from its execution environment and accessed via a file access > protocol (FUSE, SMB, NFS, etc). It's not dependent on DM-Verity, that's just one possible integrity verification mechanism, and one of two supported in this initial version. The other is 'boot_verified' for a verified or otherwise trusted rootfs. Future versions will support FS-Verity, at least. IPE was designed to be extensible in this way, with a strong separation of mechanism and policy. Whatever is implemented for NFS should be able to plug in to IPE pretty easily. -- James Morris