Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1057658pxu; Mon, 23 Nov 2020 10:30:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJyn4R031JWh5BpgQz/cUouCQSOkz7sp46hYq48V5r50xoOuNpAOwZ0FYZyReGzHI1pZTQkC X-Received: by 2002:a17:906:1945:: with SMTP id b5mr843123eje.388.1606156259460; Mon, 23 Nov 2020 10:30:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606156259; cv=none; d=google.com; s=arc-20160816; b=kA1AEXZGvFGBL9EQa90hg3Sp0XozAdgwcH2U6d8BY3xKJml158CAPE9TE4RFhEDC0H LRCi3EEMlfT8HHyacMQHLWrymzXtC01AX2319aJapXWqm0NMMac8c7XKk2hTOX0Ygf/M 8EkhCgwNjHIqKsmUBxwjXASVq/7DAOFw/hMzUSo9n2QEnkgsx6pFupTsJ5rnji0HmNuW hNQHMeyB+ghn41r+rytiQYaP62XGISNo2VNKI46XTpyCx1y7apPjh9HBpc3wGMUf57oc b4+TzApdlHLOx0sCBrXj9Hloo9e/LjC0Gic4+v7WzHGA6XruR9Y0Fb64oM0Kuoq+n56z V4Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=JgU9p94kvA07oQrdAsYiX/LIRMr6ln5r4nCdzUpy7o4=; b=m7N19qAzMKZAl2wiutyy4nliXfbAfwAvHZuFCISZ7f0FksSp2G3gvtjo8bCNztNWmh zyPxhKq7JIUXdwaSL+G+ngnaS+Kuunp1K1+yQgE3Yaa7QyRnG209ZBl3AQkB9QAgI9r5 ivf7PW6xHWHrh/4uQ6DUYGZtdi4FsLfCShRlTugoFNDFeDXVfIrhhbCEyfpzj7Lu7Vlb HwnRThP5X/Jk2byAWzKCPWiI+qIA7K4s3m65rQMkyv6fxSGPp1xK8tx8Oa6gbmi7eTpJ p6LQueXpTD1Po4Tr6ulCj8pkHWUDQ7gbe4tzFg6YJHWKzSAQy49XgvPhmp4ETIq6XawN XYWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ANbUWVwu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k6si6948230eds.482.2020.11.23.10.30.35; Mon, 23 Nov 2020 10:30:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ANbUWVwu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729365AbgKWS15 (ORCPT + 99 others); Mon, 23 Nov 2020 13:27:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729450AbgKWS14 (ORCPT ); Mon, 23 Nov 2020 13:27:56 -0500 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A936C061A4E for ; Mon, 23 Nov 2020 10:27:56 -0800 (PST) Received: by mail-lj1-x242.google.com with SMTP id f18so1120938ljg.9 for ; Mon, 23 Nov 2020 10:27:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JgU9p94kvA07oQrdAsYiX/LIRMr6ln5r4nCdzUpy7o4=; b=ANbUWVwuYddoy3gY/bocFyh5hQNt+h3KoI3AHjcaYTZ0evyDqwLXLEvh5IHaIDYDPb ijvo4CAg9ebzTa4ARSGN499RtHon9GqnfrJYuy06yyb/lbQFc4e1U2t0r7waRnZQb4/f yAMxbAR5foJyFqxS0PsPj0FXOMJW+JBdUykTk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JgU9p94kvA07oQrdAsYiX/LIRMr6ln5r4nCdzUpy7o4=; b=uQWSsFNlvJVN+yQHurNUkuXHGz8nbzHXb9JyT4IcGS7pgg2hec1o86wxw6qAB+Hqki W+wfQk89e3JVcqEu0K0bNXUw2aeI0fdLD7EI2NmY0Y+LgKEVneX80xRhdAx2ykO0utTL LO3/f73P1NVuIh3X0B6jFUoTNqR6+MWT+awY5EA4x9m870RJOGEwNCI9qk8w6iGdvfmg DAM9TEwGmU1Rqmk4SdgyiJswddUXJc/zVQeDOLFESAwMgn/jJfueEnq2w19DjJzRiig2 LrPv6Q0bzgqQKI+xWjkRE/YDZQMLPC/kbHNlDdM+4K6OIjuaVBwJggyDSn9bJq+7BFGR z/9Q== X-Gm-Message-State: AOAM531fmgK4TG8+68iKTxyeTtYMmJfT5QZYCXcYhPP23y1Fl1M1sb6g WRbicIwAcHA/Nu5oDmQCffJMVyF6k9lEE8042Lgj6Q== X-Received: by 2002:a05:651c:285:: with SMTP id b5mr303035ljo.82.1606156074562; Mon, 23 Nov 2020 10:27:54 -0800 (PST) MIME-Version: 1.0 References: <20201121005054.3467947-1-kpsingh@chromium.org> <20201121005054.3467947-3-kpsingh@chromium.org> <05776c185bdc61a8d210107e5937c31e2e47b936.camel@linux.ibm.com> <0f54c1636b390689031ac48e32b238a83777e09c.camel@linux.ibm.com> In-Reply-To: <0f54c1636b390689031ac48e32b238a83777e09c.camel@linux.ibm.com> From: KP Singh Date: Mon, 23 Nov 2020 19:27:43 +0100 Message-ID: Subject: Re: [PATCH bpf-next v2 3/3] bpf: Update LSM selftests for bpf_ima_inode_hash To: Mimi Zohar , Andrii Nakryiko Cc: James Morris , open list , bpf , Linux Security Module list , Yonghong Song , Alexei Starovoitov , Daniel Borkmann , Florent Revest , Brendan Jackman , Petr Vorel Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [...] > > > > > > Even if a custom policy has been loaded, potentially additional > > > measurements unrelated to this test would be included the measurement > > > list. One way of limiting a rule to a specific test is by loopback > > > mounting a file system and defining a policy rule based on the loopback > > > mount unique uuid. > > > > Thanks Mimi! > > > > I wonder if we simply limit this to policy to /tmp and run an executable > > from /tmp (like test_local_storage.c does). > > > > The only side effect would be of extra hashes being calculated on > > binaries run from /tmp which is not too bad I guess? > > The builtin measurement policy (ima_policy=tcb") explicitly defines a > rule to not measure /tmp files. Measuring /tmp results in a lot of > measurements. > > {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC}, > > > > > We could do the loop mount too, but I am guessing the most clean way > > would be to shell out to mount from the test? Are there some other examples > > of IMA we could look at? > > LTP loopback mounts a filesystem, since /tmp is not being measured with > the builtin "tcb" policy. Defining new policy rules should be limited > to the loopback mount. This would pave the way for defining IMA- > appraisal signature verification policy rules, without impacting the > running system. +Andrii Do you think we can split the IMA test out, have a little shell script that does the loopback mount, gets the FS UUID, updates the IMA policy and then runs a C program? This would also allow "test_progs" to be independent of CONFIG_IMA. I am guessing the structure would be something similar to test_xdp_redirect.sh - KP > > Mimi >