Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp5048009rwp; Sun, 16 Jul 2023 18:04:35 -0700 (PDT) X-Google-Smtp-Source: APBJJlFiqXDjQK7WSxg8VwasH80wZG/5iCRRn3xxcXCw2bUuU4fk/f0+ykjvZibx+p7KS3l/dnYq X-Received: by 2002:a05:6358:3101:b0:134:d030:e5ce with SMTP id c1-20020a056358310100b00134d030e5cemr8773879rwe.24.1689555874724; Sun, 16 Jul 2023 18:04:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689555874; cv=none; d=google.com; s=arc-20160816; b=nVyzIGH0debijzVYLdmKJo4TAbzO2NwC56dNqQsh58k6dPGnJ/duS7m7J+n7IFgEF3 mzoPAlTHwlTQpeSmKeb1sD7D5yOKdJHDu+MEP5wK7JTJuxEB8jTHxFqCy0NidgcET7yr GqQBtm6V2FXSolXCZITZEPuW4NTpo3Uk9SAXaidXPjuyymVnuihS/bC1diIVlEMYQith yCIKsXgEX3ZkIiqraoa3pgvvrfSF9rZHNs2l2XS+3UpVG/qBM5WAFR5IyK5uWFX5Krkx FadHGm2z5k9/2qzilyi21vdgI81clEYd3HnwFaSTVy7dCA6B1qJo1Z3YK4QZJ5IwGIvh gi/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:reply-to:message-id:subject:cc:to:from:date; bh=5UWfwyOOoMpN21Ai2LHMsISUheiipL/5BNeYk+2vI6I=; fh=qc1r0I9Dez7ff0bnFBzuWOf20imUdpH/VHHeDegRc1I=; b=RERLswfdGsxGBv9urhynz2ifmDl+OfHPdQCl+XLqrowLiW1B4hDfZjM7LgfTQ/Kgeh JGNWRIzpVS37MElw77may6ROPSeQa4x+uShXYdLP92El/CDRW5k2JxOCHYuqX7xQi+Om JXfFNI9XwQ8Bz7g7py7cBlONG8+kgZB4xcYB6qi9a9LwweZADhc7x7bkWDwvBZiOnYsE edpO3ur6tWdRRcXSfDYRCgqERfgCyA7GOZDPXUlWDYP6duNgw2/AhxRVYYo4nZtsg3OS vXuN52raIgZGfYPMfVKBfTU55083MPrMLfqayHZMWlrh3ZQ9Owbjlh1oIoRqulcVdOO+ pQDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y62-20020a638a41000000b0055355a29740si10783299pgd.718.2023.07.16.18.04.22; Sun, 16 Jul 2023 18:04:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230178AbjGQAhs (ORCPT + 99 others); Sun, 16 Jul 2023 20:37:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229491AbjGQAhr (ORCPT ); Sun, 16 Jul 2023 20:37:47 -0400 Received: from wind.enjellic.com (wind.enjellic.com [76.10.64.91]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E0256118; Sun, 16 Jul 2023 17:37:45 -0700 (PDT) Received: from wind.enjellic.com (localhost [127.0.0.1]) by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id 36H0atQM003092; Sun, 16 Jul 2023 19:36:55 -0500 Received: (from greg@localhost) by wind.enjellic.com (8.15.2/8.15.2/Submit) id 36H0asnJ003091; Sun, 16 Jul 2023 19:36:54 -0500 Date: Sun, 16 Jul 2023 19:36:54 -0500 From: "Dr. Greg" To: Randy Dunlap Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 02/13] Add TSEM specific documentation. Message-ID: <20230717003654.GA3044@wind.enjellic.com> Reply-To: "Dr. Greg" References: <20230710102319.19716-1-greg@enjellic.com> <20230710102319.19716-3-greg@enjellic.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Sun, 16 Jul 2023 19:36:55 -0500 (CDT) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 10, 2023 at 09:37:10PM -0700, Randy Dunlap wrote: > Hi-- Good morning, I hope the week is starting well for everyone. > On 7/10/23 03:23, Dr. Greg wrote: > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > > index 9e5bab29685f..0e6640a78936 100644 > > --- a/Documentation/admin-guide/kernel-parameters.txt > > +++ b/Documentation/admin-guide/kernel-parameters.txt > > @@ -6468,6 +6468,24 @@ > > with CPUID.16h support and partial CPUID.15h support. > > Format: > > > These 3 entries should be in alphabetical order: tsem_cache, > tsem_digest, tsem_mode. Now alphabetized. > > + tsem_mode= [TSEM] Set the mode that the Trusted Security Event > > + Modeling LSM is to run in. > > + Format: 1 > > + 1 -- Disable root domain modeling. > > + > > + tsem_cache= [TSEM] Define the size of the caches used to hold > > + pointers to structures that will be used to model > > + security events occurring in the root modeling > > + namespace that are called in atomic context. > > + Format: > > + Default: 96 > What unit? KB, MB, bytes, pages? Our apologies, we obviously erred in the notion that referring to the size of a cache of pointers would be understood to mean the number of pointers. We updated the documentation as follows: tsem_cache= [TSEM] Define the size of the caches used to hold pointers to structures that will be used to model security events occurring in the root modeling namespace that are called in atomic context. The value is the size of the arrays of pointers to the pre-allocated structures that will be maintained. For example, a value of 16 means each array would have 16 entries in it. Format: Default: 96 > > + > > + tsem_digest= [TSEM] Define the cryptographic hash function that > > + will be used to create security event coefficients > > + for in the root modeling namespace. > for in > ? That must have been an untoward effect of the single-malt. The documentation has been updated to read as follows: tsem_digest= [TSEM] Define the cryptographic hash function that will be used to generate the security event coefficients in the root modeling namespace. Format: {name of the cryptographic hash function} Default: sha256 > > + Format: {name of the cryptographic hash function} > > + Default: sha256 > > -- > ~Randy Thank you for the review comments. Have a good week. As always, Dr. Greg The Quixote Project - Flailing at the Travails of Cybersecurity