Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1613516rwi; Thu, 13 Oct 2022 16:51:52 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7Bswog4+vpo3xlZKoqu+wGhlmqArOCDEKIz47nCrJXqv++fKYD4ROA627uxrB0pGpOXwWj X-Received: by 2002:a50:c31b:0:b0:458:cc93:8000 with SMTP id a27-20020a50c31b000000b00458cc938000mr1929573edb.264.1665705112646; Thu, 13 Oct 2022 16:51:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665705112; cv=none; d=google.com; s=arc-20160816; b=lfnqQ9xgii3lm7mJzI4xzG4+OguCOUS0XRJ7H0n3YdRIa0Byrm7ciuDuGW5GI+fa18 brLHx645oJ8pp34ihnA8cFACQS3jMqhPR9/A52d8x3FOuXVW/VJOP3jfss+5SOJtXF6v aVqgQChwFILImKo3rqOz1JuWG5LC8R/n5V0TbVdGgFVaeugcpDDXEkj1RL3IzIeXjVQN dbN5pcsky+qOL/i+R0BtVFBHWHizW8LeQPtiDXULThQ66WqzpgBa7Cq0MemR9/CI+9c4 y0YF+iEnWo6rTKiNxd1vcjdUycDBSptXQmskKmzCtjociL2UHVXpk4QGEzvwow8bvsJ1 0QhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=1IR8UJAXpBvZzT/7GU3mPJId/fsK+MjCQImPKCJ6/sE=; b=i3jz08UAJz4Uxw2npbuGq8hnrceQZe3M7quubXsrmWZ9YRSwCcWBoWmlnNHrjB+jGH ei1M359IiQq8V5x2l8FeWxHCsxLqRYADMFiQWwuJ6Dje00UJCNdFZt7hbN0fbrNYDtf+ YtRmm2tQuhBh98OfbAmEpb+F59i16b+xVaaRAIlUCogXIm74EeiaQrItPsNvDVf2bDmP 9l9jWcROr/eqP7ND0FQTZVyIfU185Sdyg7HMxyi9Q1C8lsUbfUN3ZDIujcGfw95P+Hy2 LC6LOOuSaSL2OlQydqv3y7/dyguuy/h08aAhPj0yGkdl6PuB7PXV6QROsLT2IdQnZ2K5 PtQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=494pVkEa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t9-20020a1709060c4900b007317756bc04si699105ejf.1006.2022.10.13.16.51.13; Thu, 13 Oct 2022 16:51:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=494pVkEa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229850AbiJMWsG (ORCPT + 99 others); Thu, 13 Oct 2022 18:48:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229826AbiJMWsF (ORCPT ); Thu, 13 Oct 2022 18:48:05 -0400 Received: from mail-yw1-x1134.google.com (mail-yw1-x1134.google.com [IPv6:2607:f8b0:4864:20::1134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1AC1936852 for ; Thu, 13 Oct 2022 15:47:54 -0700 (PDT) Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-3321c2a8d4cso31080887b3.5 for ; Thu, 13 Oct 2022 15:47:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=1IR8UJAXpBvZzT/7GU3mPJId/fsK+MjCQImPKCJ6/sE=; b=494pVkEaye9j6W73gXASpcofuAwYpM8raxnnmd1fAvyJgfOU03JZz9MO0MwIAjuQB8 HJXSVng3LvLv4mjlYbYklko4RiCHJPFYIDHBmQtsXYaQXmoJNGg5mBe5O18nM4pKZtCz BQ+XEnuJHBqpKUq57I0cvQJFj52fM2G34WlwKY+xaeKbZlwol3H5HF/GmCL9KxTga5hz MkGuYaWY+5XxbRx6DOwH+rf1BPL6O2iNZcx2SPRpn197vXwdCLY2N6gqe4PUE6mHs9/p WmgZzPH7Jh+WhD8QD1HEWn5oyetJOPaxJ82rEpvTKlaMiwnRw6rt5JGPuhJ1HPHccLeQ DP0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1IR8UJAXpBvZzT/7GU3mPJId/fsK+MjCQImPKCJ6/sE=; b=yHX0Io5V+r4Isp/32bS3ta2ZF4qPPA2LYStkag9d3WmWMALgBEZrH0UMfLKR3VvlgB NLWwsDFD/WnWMv3xd8JX8hc2E9VdZb9qpr9RgtcjvTm4w1esNDhMIZSoBT4GZW4b7mr9 dGTYvS6TFbklc+GcVjbnUbxKI10Hb4Ko8+FSD9Vnkcs/kDAKzfYKBRr3Xk7+IkxIXHTp Tar2SgJxQuq+hS1wRXAlWqFmc4TYWhZgYP5zBccDaOB4n+YZeKD1w+5dtKsn0qhHEjIx mQgr2YXyvjgmyNjHdqrVx0MRTK/lxetWr/3gf4Biv7oqgemaksxyVVSEpQRu0UyWQ1xW IMwA== X-Gm-Message-State: ACrzQf3MaXd2QBaNx7F4apU8LYZa2RKZr4uqDJj+JfjxSLmsOf+OCsvb qj4LyKPsbkmlcZpnarN/qVUmC99VdkwF+6zr5/tf X-Received: by 2002:a81:f84:0:b0:357:c499:44e6 with SMTP id 126-20020a810f84000000b00357c49944e6mr2075620ywp.51.1665701273317; Thu, 13 Oct 2022 15:47:53 -0700 (PDT) MIME-Version: 1.0 References: <20221013222702.never.990-kees@kernel.org> In-Reply-To: <20221013222702.never.990-kees@kernel.org> From: Paul Moore Date: Thu, 13 Oct 2022 18:47:42 -0400 Message-ID: Subject: Re: [PATCH 0/9] integrity: Move hooks into LSM To: Kees Cook Cc: Mimi Zohar , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , KP Singh , Casey Schaufler , John Johansen , James Morris , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 13, 2022 at 6:36 PM Kees Cook wrote: > > Hi, > > It's been over 4 years since LSM stack was introduced. The integrity > subsystem is long overdue for moving to this infrastructure. Here's my > first pass at converting integrity and ima (and some of evm) into LSM > hooks. This should be enough of an example to finish evm, and introduce > the missing hooks for both. For example, after this, it looks like ima > only has a couple places it's still doing things outside of the LSM. At > least these stood out: > > fs/namei.c: ima_post_create_tmpfile(mnt_userns, inode); > fs/namei.c: ima_post_path_mknod(mnt_userns, dentry); > > Mimi, can you please take this series and finish the conversion for > what's missing in ima and evm? > > I would also call attention to "175 insertions(+), 240 deletions(-)" -- > as expected, this is a net reduction in code. > > Thanks! Without looking at any of the code, I just want to say this 100% gets my vote; this is something we need to make happen at some point. Thanks Kees! > Kees Cook (9): > integrity: Prepare for having "ima" and "evm" available in "integrity" > LSM > security: Move trivial IMA hooks into LSM > ima: Move xattr hooks into LSM > ima: Move ima_file_free() into LSM > LSM: Introduce inode_post_setattr hook > fs: Introduce file_to_perms() helper > ima: Move ima_file_check() into LSM > integrity: Move trivial hooks into LSM > integrity: Move integrity_inode_get() out of global header > > fs/attr.c | 3 +- > fs/file_table.c | 1 - > fs/namei.c | 2 - > fs/nfsd/vfs.c | 6 -- > include/linux/evm.h | 6 -- > include/linux/fs.h | 22 +++++++ > include/linux/ima.h | 87 --------------------------- > include/linux/integrity.h | 30 +-------- > include/linux/lsm_hook_defs.h | 3 + > security/Kconfig | 10 +-- > security/apparmor/include/file.h | 18 ++---- > security/integrity/evm/evm_main.c | 14 ++++- > security/integrity/iint.c | 28 +++++++-- > security/integrity/ima/ima.h | 12 ++++ > security/integrity/ima/ima_appraise.c | 21 +++++-- > security/integrity/ima/ima_main.c | 66 ++++++++++++++------ > security/integrity/integrity.h | 8 +++ > security/security.c | 78 ++++++------------------ > 18 files changed, 175 insertions(+), 240 deletions(-) -- paul-moore.com