Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3260358rwb; Fri, 9 Dec 2022 12:03:17 -0800 (PST) X-Google-Smtp-Source: AA0mqf7hMibdiNoYcaP2fK3nQ4Wn7Y+Tc5VSKNlvgzleRjidk72gaE3BVHvIgNJKetjyB/Xb9azd X-Received: by 2002:a17:906:d211:b0:78d:f455:3110 with SMTP id w17-20020a170906d21100b0078df4553110mr6382394ejz.56.1670616197028; Fri, 09 Dec 2022 12:03:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670616197; cv=none; d=google.com; s=arc-20160816; b=HrEuUCci8aMlxHxeKQ8DKu0B745D997phnhQ92Eyf3Za7MbNjScnLeW0sXvIFQLdKV xK1MJNCiyRdbnzbDMSOQIWsnfMfz3a4S301yw/oeLggfZis8jTr6bAhH3m1WCM5RhrMV ruR/5kby23b4pZtfnsZ/uJjUHkTISL8DKv7UPSwUdiCC7Y76recTeh+91HeeqtoQxmez TW9iUc46JsGeJ/RxXRTdJiQF6M3RfrvP/EPfGeBS07YZaw/Fcve/mMiyXWOsLsh7KapH F6Dde3LdzFF8SXMmvM91z1rdd5nLM+zPbxf6rx+rYGzAMdMkT9jKNreHOSNQwOSIHnHA 69tA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=N/HWN1rYxC7zqqh9NLR282rgIMZMEdI98wd3PXfAsK4=; b=lalo9xzLnRaMwA5yxHDkiH6fJeGK2MDzs2fW/oCn7liiIEIR15gTF9zH5NWgQk/rdP DIvnhAa13JjzNlIGH/ByD6vilo8KwFmFZTO7DjHyHzQiMEjyNn6Wa3X+EpzF6IOFxCUy rxRJfq/IYvRzaQ0HVSjRFwdyfnDXelHM+w4ivTxeVrk5Jl5waI1YAnCcIvMdiwQGr7bv B10C1D8axySFDZXUQsNRW/CYrZDLZ3pCjJ1d5cwGfgjKxK7TIBpwIokqlozntwd9/dPb gbDAKfwOjlK3XiG0fmJFalGu9WbH7fPmNVfe5jiQE06YHJQDlqxGDBSLEsbxLeSH2Zlg tD3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=iLHbQTaP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jg15-20020a170907970f00b007c0bd0edd72si622845ejc.163.2022.12.09.12.02.57; Fri, 09 Dec 2022 12:03:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=iLHbQTaP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230060AbiLIT6G (ORCPT + 74 others); Fri, 9 Dec 2022 14:58:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230003AbiLIT5v (ORCPT ); Fri, 9 Dec 2022 14:57:51 -0500 Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B64811447 for ; Fri, 9 Dec 2022 11:57:49 -0800 (PST) Received: by mail-pl1-x62c.google.com with SMTP id 4so12151plj.3 for ; Fri, 09 Dec 2022 11:57:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=N/HWN1rYxC7zqqh9NLR282rgIMZMEdI98wd3PXfAsK4=; b=iLHbQTaPpfYAY3PAixj5CAwnoYNb9cKPfdrBeByC8OoQn3iAm/Ul6GXUp/oSKIZb+m TJKdvHSfQ6Ct4eQjfXAqaymo7N/K761ddfJ0tKKJkShmU6T9zuZN6/1ywTiI5qYCIk1R DhfEq7F1XWlBu+RYvITIdfg8ocwm4OGGVQ4zg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=N/HWN1rYxC7zqqh9NLR282rgIMZMEdI98wd3PXfAsK4=; b=I0Yb6gSBd7w5WqucOLu0wePp1B8srvCemhyIJr5Xy0z7/iC7dRfdQskGq/P+JKzUNu EmygxTc8BikL1beKxTW03+HL4dGscI8pEDan8qlkQmxXM+vsYr3YQWhIYiqIy8cFw2jM Wncs7efDdtj7s7gDfPeV2f5nQrEFUorK86OUXVtxi619Pi4gYQiBnn+j+VCvs119r4d2 gNQ0hBLCqz7rtmoYQa8/WpvblxIrgGzhFw6+t2r9pHOIrRxFBHVDbdsMJ7Q8zVkbbkIw fIl7v9JCF1DUINkEOC0hn6vZczBp5HpJGhZKtuXNnM6SfNam8kXyRuKl2MgkpJsbmrWJ wLsg== X-Gm-Message-State: ANoB5pnp+JbdH5FElWPt3LHr2ajDG1C3nue5vM8muPoDZYFJN/ZpQG/y 4jn6hDy1miagle35MzakC/iBSw== X-Received: by 2002:a05:6a20:662f:b0:a4:cb41:298f with SMTP id n47-20020a056a20662f00b000a4cb41298fmr6044546pzh.6.1670615869098; Fri, 09 Dec 2022 11:57:49 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id s1-20020a63f041000000b0045ff216a0casm1336663pgj.3.2022.12.09.11.57.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Dec 2022 11:57:47 -0800 (PST) From: Kees Cook To: Paul Moore Cc: Kees Cook , James Morris , "Serge E. Hallyn" , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 0/4] LoadPin: Allow filesystem switch when not enforcing Date: Fri, 9 Dec 2022 11:57:41 -0800 Message-Id: <20221209195520.never.357-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=618; h=from:subject:message-id; bh=+nryc41vQfgiZxHCuNSNqDAbomd6sCJfIFUcZmpvNPg=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjk5M4+FhVo9ou2lxGYgE2D8ZhXK4TWFWC91oaF6uu 7bPI9b+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY5OTOAAKCRCJcvTf3G3AJmu+D/ 44LmrxSKtfx7C1fELprrQ4bZPv6J5KQO/juAYQU8ZZQ7O3DobYJoFbOuoGgsB46clB+hrr5IWxbDkQ v864YnIHdyKx2fayWoEKEBMO8iuIuiAu+xEyfXD/RoVtrBIfb9666hyexlDnhk9VUtLz4Bsm/ylm3j 5KeRDZPv7p8mGlsQXoxRgsAnkHoBJb1zAWgF22GGZbA1Qt8Y6bEE+LlLQvpgkfg7nlpNgAUJOSqCtf eC95tnKKn+yuYF6dV/CA8GJ7rqtILIU2VVe+jxe4n3GWP1iBp/HOwf29EFjRPafLJCIEkWrZBkErrg pDFw4BfMdKQkJRLitaIhs6KlwqgimfeayVCm67VTJxeOJ/KJoF3/Xp6g+wCBi0JS2pEZVEO7pB/prl 5m7YxF/nWzC4UdRazJE9GjeY731j+Tn8eOsx0E9JLW6r4noVbnoVCPZbApuQkfeXAqSFjcvfCAsjjS BJbjABn1BHe+h70DAWQXLtJcUOG6ostC+CXzGT/vXUa3ly/ifLBLSSQ5teuPIkdFMgALSb7IAhfDKO DT5pSTUSItPeVAE16KolYObza7pRJp5PdpCwFg8blAuCrYV7SsFF4LB7y5zJ1HBIv56kqp2NN7Eso7 jAoX7jFTOA/NSgeQBpWc41lY8nL52ha7rmIDhMPEI5Bp1aIGJ4C+WNirkITQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Right now, LoadPin isn't much use on general purpose distros since modules tend to be loaded from multiple filesystems at boot (first initramfs, then real rootfs). Allow the potential mount pin to move when enforcement is not enabled. -Kees Kees Cook (4): LoadPin: Refactor read-only check into a helper LoadPin: Refactor sysctl initialization LoadPin: Move pin reporting cleanly out of locking LoadPin: Allow filesystem switch when not enforcing security/loadpin/loadpin.c | 89 ++++++++++++++++++++++---------------- 1 file changed, 52 insertions(+), 37 deletions(-) -- 2.34.1