Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp4048496rdg; Wed, 18 Oct 2023 13:23:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEMt48k+o3XmfkenNDLCMIq43y18co3VSRqnHFC6o+cJ30toipI+JDHyWMgQmpS7Ts+Uk1C X-Received: by 2002:a17:90b:46d2:b0:268:b0b:a084 with SMTP id jx18-20020a17090b46d200b002680b0ba084mr207860pjb.46.1697660607925; Wed, 18 Oct 2023 13:23:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697660607; cv=none; d=google.com; s=arc-20160816; b=Fu852LyPhD+aNTpuEKKVej1paRaGTHVpm/9WxyX7aRI6+NSIyw195zGhCtDZ8qjgoE yQUn+RdtRX0buEJ5peHz80XiEqnacdMX1XPRGxnkkO5sJc3tipB+YVUHeB4Acldsur+Y IimRW1gkX6WZ0hDN7pg0R/1ShXTDe6A9PPrDyACJ7bQ3igfgGlfs7X/DUUhG51HqlEKO +/GYXJ2nlqqwMTWTwcWzsaqm4yAfHuLopNfoBnVj53FbTVl1iCg3ZTmFUZdB9Fqn82pw /1fP1IMK88CnGUuDBySkLLFlgt2cSJTgQznYyQlRsK2q6cQjpEcboufWdl2765Ijva+/ KTMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=nvxqqHd/++dDR8770ODWelhQTrliTjrz69MRjRHrnpI=; fh=IbR2P/dP++s6hMRLxsTM3nUHHFy9h5TDpfxrRT4aCLk=; b=f375DjWAKjzfKRWdLd4wvGJ8/gSR8DgRzdqxpaWMKDxjtjL1OXx8iS+ZikpZJy4byZ puxaiII519TPZBRon2QzJ+K4Y7yvHWZ1d0Z3OWguh06QN6IOTeHQkR/iDMybLAgeh/Nd i8ICRhYcv2CVa8Kd2n6abhsEVN/craFEh6p+898k1AN+Ef0Vgy59+T6D2dN9KDyjWGwy M2CM+cxJLSdFGXlgHQePPzLgGfEM2DumKjZ0YEVF9MKa+zid08FZUctOIldKqMyQJe5F STbQaAmgearvzWJQg9O3/09Rb8413+3Fe1w2b8dnv2FcGCrsA8e0zVPkXFQVFK/cz18C 83hg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PBpA2W7c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id i1-20020a17090a974100b0027d535cebb9si506271pjw.128.2023.10.18.13.23.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 13:23:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PBpA2W7c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id DDB4D8215AFB; Wed, 18 Oct 2023 13:23:23 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231812AbjJRUXI (ORCPT + 99 others); Wed, 18 Oct 2023 16:23:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229726AbjJRUXH (ORCPT ); Wed, 18 Oct 2023 16:23:07 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C399B9F; Wed, 18 Oct 2023 13:23:05 -0700 (PDT) Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 39IKMF1K018027; Wed, 18 Oct 2023 20:22:34 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=nvxqqHd/++dDR8770ODWelhQTrliTjrz69MRjRHrnpI=; b=PBpA2W7cZlk7DLZk6iB7hE5wSXhH6s2+PhJujUx3c7AdeSHRYdld616jbf7Hm8szdKV8 IEQDs6+AkCDA9EK0YhdKJrReTKIU6yDoycDrQV7/J13PJuKXLs+flsktPffyf697ciZA Uynyfig8mFINOmmxdTJWBWBwsgfF81295YlyvmqScAysONlcXe24oKctiOawMapDysyj eZkAWB5V9JbwpXCmdq3VX4whMwxnlM+JKgDrzbAKNxMk91PFRx/4OkNWLfE9cn/rLZO4 Vfy2Hb59H3SU6oMYshW1HtGc2GxKj06kgsrgw321Y184it4tENVxyJCaADkPyrBq/2tI Vg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ttpbbr002-26 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Oct 2023 20:22:33 +0000 Received: from m0353729.ppops.net (m0353729.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 39IKG188010972; Wed, 18 Oct 2023 20:16:01 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ttp4b0692-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Oct 2023 20:16:00 +0000 Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 39IJPam2027190; Wed, 18 Oct 2023 20:10:57 GMT Received: from smtprelay05.wdc07v.mail.ibm.com ([172.16.1.72]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3tr6tkkhue-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Oct 2023 20:10:57 +0000 Received: from smtpav05.dal12v.mail.ibm.com (smtpav05.dal12v.mail.ibm.com [10.241.53.104]) by smtprelay05.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 39IKAuRv19464762 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Oct 2023 20:10:56 GMT Received: from smtpav05.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5347B58056; Wed, 18 Oct 2023 20:10:56 +0000 (GMT) Received: from smtpav05.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 821F358052; Wed, 18 Oct 2023 20:10:55 +0000 (GMT) Received: from li-f45666cc-3089-11b2-a85c-c57d1a57929f.watson.ibm.com (unknown [9.31.99.90]) by smtpav05.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Oct 2023 20:10:55 +0000 (GMT) Message-ID: <80f05011bf9fe19bde1f923e98c2db69ffc91065.camel@linux.ibm.com> Subject: Re: [PATCH v15 00/11] LSM: Three basic syscalls From: Mimi Zohar To: Paul Moore , Roberto Sassu Cc: Casey Schaufler , linux-security-module@vger.kernel.org, jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, linux-integrity@vger.kernel.org Date: Wed, 18 Oct 2023 16:10:55 -0400 In-Reply-To: References: <20230912205658.3432-1-casey.ref@schaufler-ca.com> <20230912205658.3432-1-casey@schaufler-ca.com> <468436cf766732a3cfc55d07ad119a6ccdc815c1.camel@huaweicloud.com> <6f33144c850c40e9438a6de2cf3004e223508755.camel@huaweicloud.com> <2637d5294d4a7ae871f1b758f5a30234836e2463.camel@huaweicloud.com> <283bf52d-af6e-4d20-a5ba-d98511c2e530@huaweicloud.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 (3.28.5-22.el8) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: xqWxDfmTr2aAlPiB0WY8wigT9rf4wm4g X-Proofpoint-ORIG-GUID: SvXp6I_greHhLH3T3Fn2kSnoM2k4U9j9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-18_18,2023-10-18_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 mlxscore=0 impostorscore=0 phishscore=0 spamscore=0 malwarescore=0 adultscore=0 priorityscore=1501 suspectscore=0 clxscore=1015 mlxlogscore=868 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310180168 X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Wed, 18 Oct 2023 13:23:24 -0700 (PDT) On Wed, 2023-10-18 at 12:35 -0400, Paul Moore wrote: > On Wed, Oct 18, 2023 at 10:15 AM Roberto Sassu > wrote: > > On 10/18/2023 3:09 PM, Mimi Zohar wrote: > > ... > > > > I agree with Roberto. All three should be defined: LSM_ID_INTEGRITY, > > > LSM_ID_IMA, LSM_ID_EVM. > > > > I did not try yet, but the 'integrity' LSM does not need an LSM ID. With > > the last version adding hooks to 'ima' or 'evm', it should be sufficient > > to keep DEFINE_LSM(integrity) with the request to store a pointer in the > > security blob (even the init function can be a dummy function). > > First off, this *really* should have been brought up way, way, *way* > before now. This patchset has been discussed for months, and bringing > up concerns in the eleventh hour is borderline rude. As everyone knows IMA and EVM are not LSMs at this point. So the only thing that is "rude" is the way you're responding in this thread. > > At least we haven't shipped this in a tagged release from Linus yet, > so there is that. What does that have to do with anything?! Code changes. Mimi