Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp3215969pxa;
        Tue, 18 Aug 2020 09:23:29 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy44UJR7UDhCU8ukVBUlr08B5NMr7zwV2CZxfNKeww+1STb+oqkP49D2wOAJbIVVRQR2uUL
X-Received: by 2002:a05:6402:1443:: with SMTP id d3mr21450058edx.40.1597767809674;
        Tue, 18 Aug 2020 09:23:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597767809; cv=none;
        d=google.com; s=arc-20160816;
        b=ldcvOTLrH2QVfSG8mXrM7rlfZ4fV2m3JqQM3gSAF5SrjmZlrjEQKS0KrvDnuy1pxod
         uQviLG0kzAz+kOtIfBgVn/FgsT7UsO4gVJ1afJev1qELgTBlk7MRxLXdXJYInNmm07pl
         ZxplzN/tOmxl/JbIaUef+SjTs/tbN1JVyoa/a+mfK4C4RNRQ44i/gNqncctvNR7ZbkyU
         1CPiru8FBn6urqlrozKCQ43ZZSdHX6nfLdHHgYM2cwhE8XDyLzto7hXtgD/4x+RQA9+h
         g1uSrN+TKIkeT/Yd05ys8Jae3hwzj6jStMhecGKha+ELm87yvJMMBZPKdZ0SlCY+lG0q
         dzng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :dkim-signature:dkim-signature;
        bh=oOeXhDWB7Pt5wiyuC15Rbormj8t78Pq243kQxXCKKhQ=;
        b=nye4OCuh3iTlIsdXT+Ihqx1kb/E2k7nKyFSyknsNJnrFk4HQwaoBPw4XPhTlDiYU1r
         i2IGHYBfl8Fppl+DcGMt+TuV8d/h3zQQj1GsJoxy8V1sqbWIsp2Vr3BMQjTbKReTE0eZ
         O4HtGniFi2daGMvSW8hiqIW7Wmg49a5xdI3JEzFn/y3XA3r9dTOFh+wA2iT0vWPVWb2C
         7G/HCqGiV6DEmTJKtqVJ3hAxSsKICKcVMv8PJLtNpoJ17DO1LcIs17CgCsfXUTx8y9XZ
         e/sy2lgEsNTCzfDyDnmln70SiHPOgtp9GZ7W1j4F3eb0HJA5ywbcM8Huc2jSPVtj6UxA
         XVIQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=F3TJolfs;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=S1ijLZW5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id f3si14007566edl.49.2020.08.18.09.23.05;
        Tue, 18 Aug 2020 09:23:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=F3TJolfs;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=S1ijLZW5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726759AbgHRQT4 (ORCPT <rfc822;rao.subba.venkata@gmail.com>
        + 99 others); Tue, 18 Aug 2020 12:19:56 -0400
Received: from bedivere.hansenpartnership.com ([66.63.167.143]:51336 "EHLO
        bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726482AbgHRQTj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Aug 2020 12:19:39 -0400
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id 5F2EA8EE1A9;
        Tue, 18 Aug 2020 09:19:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1597767575;
        bh=L/MN+lxn8x8KGJbs1vAEkdW/rjO9wlNxW0FetUNgKJE=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=F3TJolfs2dnkOc99Rj/5Zn8QU8AwiBtf/PoD+Ybd46WQYFKE47TMO4K9Rse9ySnha
         K8EiUDemagYiEcnjDJ3wb7TRylgGNWzB4SBFLklBk+HUeu6VYP1lI7fBVPerHFKl2G
         4AG081qyKmoSiPoq1FuBRwnepFJ2OsaN6DveGoOc=
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id 5V37A5Z9zYZ5; Tue, 18 Aug 2020 09:19:34 -0700 (PDT)
Received: from [153.66.254.174] (c-73-35-198-56.hsd1.wa.comcast.net [73.35.198.56])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 1EEAE8EE17F;
        Tue, 18 Aug 2020 09:19:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1597767574;
        bh=L/MN+lxn8x8KGJbs1vAEkdW/rjO9wlNxW0FetUNgKJE=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=S1ijLZW5ep+iwtdY2BSLm5T+ZmNajMO7m+g+9JVex4iRAXkSI2+oCoXpb2vIS3IKS
         SC1rbcuo8t6pBK5PPcflRruDFKgZ7qdmGNInHRGVS68Dq7jZisFZrfRFusbJqEojj1
         BioijcDNFNk01kzf/xCm0lQWStYSXsperJU1UIBc=
Message-ID: <1597767571.3898.15.camel@HansenPartnership.com>
Subject: Re: [RFC PATCH 00/30] ima: Introduce IMA namespace
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     krzysztof.struczynski@huawei.com, linux-integrity@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        containers@lists.linux-foundation.org,
        linux-security-module@vger.kernel.org
Cc:     zohar@linux.ibm.com, stefanb@linux.vnet.ibm.com,
        sunyuqiong1988@gmail.com, mkayaalp@cs.binghamton.edu,
        dmitry.kasatkin@gmail.com, serge@hallyn.com, jmorris@namei.org,
        christian@brauner.io, silviu.vlasceanu@huawei.com,
        roberto.sassu@huawei.com
Date:   Tue, 18 Aug 2020 09:19:31 -0700
In-Reply-To: <20200818152037.11869-1-krzysztof.struczynski@huawei.com>
References: <N> <20200818152037.11869-1-krzysztof.struczynski@huawei.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 2020-08-18 at 17:20 +0200, krzysztof.struczynski@huawei.com
wrote:
> The measurement list remains global, with the assumption that there
> is only one TPM in the system. Each IMA namespace has a unique ID,
> that allows to track measurements per IMA namespace. Processes in one
> namespace, have access only to the measurements from that namespace.
> The exception is made for the initial IMA namespace, whose processes
> have access to all entries.

So I think this can work in the use case where the system owner is
responsible for doing the logging and attestation and the tenants just
trust the owner without requiring an attestation.  However, in a multi-
tenant system you need a way for the attestation to be per-container
(because the combined list of who executed what would be a security
leak between tenants).  Since we can't virtualise the PCRs without
introducing a vtpm this is going to require a vtpm infrastructure like
that used for virtual machines and then we can do IMA logging per
container.

I don't think the above has to be in your first patch set, we just have
to have an idea of how it could be done to show that nothing in this
patch set precludes a follow on from doing this.

James