Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp4056260rdg; Wed, 18 Oct 2023 13:40:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGEQVZXvSM1WEon35mENGun9bxCrvv3qp8+mx/YmMzQTcrHasKNed96atH0McoLefYMwt2Z X-Received: by 2002:a17:902:e5c4:b0:1c9:dba6:417a with SMTP id u4-20020a170902e5c400b001c9dba6417amr8757470plf.9.1697661656669; Wed, 18 Oct 2023 13:40:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697661656; cv=none; d=google.com; s=arc-20160816; b=UkkJMgiTGmAq696emYIlC1wDDuODHOVHihMEtk3h4M2FiTeak3u2wjxRQL7ItPssDZ gRkmsqHnzOE/9LxYy2gWosw3NtY0KNJ2G3ol7FvPnTyj6eaFQNwSJ2IhAa1+knYkFUbc L+ODmoJNI4rnLhNqpYcc3x5Atv5SE5lw9pjf2QP4j9uk+TOp9D04ER9hU3P3b2kOc6jo CdJ/gLpJM24+3poAKxa92ImTsDnxDf+wiA61f7I8FDq6EJVey3ma3i2JQO8mS2gCX0YF TL15XgTkOvzeRSyPrV/qANLbgrHI9rQrSJcSGRoPZdPlhr7umfUu6kSqsFa5ouiVtes6 6Opg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=bBX89TOd2XNsREV6sYMesdAWMTbxT15WNrv90h+6g78=; fh=y2/3ZXGBEQuADG3/PuBIP9GRaq9n5tsXQRZ+IYWoklA=; b=X0BeU8ruB6Pb5bfWkWlXa8bkLWN9OEBxApSAN4skFqfxc6y/aPylMbxGuctSS7Q4TP nHyihvMoH8CRyDf7Pjyk+y8b47TGW2JU38VjuPaE2CDBaAM9mc2INKoYU9N+gQSh3oR1 PudPS161L/1BW+iZ3YafqJ//ZnpcO+3llzU4HpbzvNB0MScRZ317H/pHnR3aTNftBpvZ 62EjAhnbu0QpKKHGuoqQLjKN+Wr701mqNrd16hTC56qvR3LoJR9F0w9ZBA/jzGO/75IN RnuD2pkfF+b2X7nRr7C4sG9ZT4lqvTeGIQUlZFNvQ28KDQbK6+J5vEc0kXEhGmwjJP2D mSDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=ZXy7YbZ1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id q5-20020a170902dac500b001bc17ab8d6esi705649plx.530.2023.10.18.13.40.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 13:40:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=ZXy7YbZ1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id A4818803771C; Wed, 18 Oct 2023 13:40:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232098AbjJRUkc (ORCPT + 99 others); Wed, 18 Oct 2023 16:40:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232008AbjJRUka (ORCPT ); Wed, 18 Oct 2023 16:40:30 -0400 Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 782A2114 for ; Wed, 18 Oct 2023 13:40:28 -0700 (PDT) Received: by mail-yb1-xb2d.google.com with SMTP id 3f1490d57ef6-d9a6399cf78so105951276.0 for ; Wed, 18 Oct 2023 13:40:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1697661627; x=1698266427; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=bBX89TOd2XNsREV6sYMesdAWMTbxT15WNrv90h+6g78=; b=ZXy7YbZ1cQoQ85IEgJn6bMs73ecSNPeamVrsQCbPQvLSxKjBkbuiPpVgCBgz0XPWE4 xQY+ZxxW/NxOPdTtGxRw8aYCY8uOG0LT4GI1PvBslEGDlcGDq5M3q9dSy1xGPBJSULP+ XFArkP9O+D1vzXObAmDGzdxsLKNS3t3jZfLhSEKegWNmz+wVjqf9E9VX5Nl6Y+HybnKl jwAdVCqI+Kkv+qGIx9JRIeMvoqQxXIESwDZQ7OMDD8lxZs2KzXLc5S+3Xbm+lRuZAuKu NO0J3Ki9gnBK8Q5vH6/NqOCzgFzF13y80qAnh20ZvqB99sMfNf3UHw8T5hfKtpp8LBnt q+ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697661627; x=1698266427; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bBX89TOd2XNsREV6sYMesdAWMTbxT15WNrv90h+6g78=; b=ZggtSOFHPVIfsny+XrnanlhdafVKXQ6dnb5FxHjx1oM56aB6NqwYANsPtCvfTThdXr ezV3QDqxuRtTT1mzJcvoOLXEy6UW7MGC5hRMC/Dho/mA3E+0dlX15jJ1Htfch7UjEbWE 6g4/168Pg2dIMcInDtFO61KBLHg6Bj6G3jOI5RJh7PQzDZfIky05bMTn4FiEHiE9TIzg 0NkQSHZrFuBvETbz8yX3JKiWfU3AkBtboO0uohjXUwjU66cRbs2KIGc9U5VzsE9IJl5P TVWBux7m+vny1EszNgRn9iyzasdZQEsnUswx/hbXUqkCpjj5mK8H/rYMPQm63w4bHiWu Nrhg== X-Gm-Message-State: AOJu0YziJe8CB39QCEnHXMHTqLwVMnNVLnYvIkqg0lZ4cFnMyaIO8+QX ugbqMichOg1cSZTAB0GOzKHMzPHgvi1jRMjGSA4L X-Received: by 2002:a25:bc13:0:b0:d81:5cbb:689e with SMTP id i19-20020a25bc13000000b00d815cbb689emr4428344ybh.21.1697661627592; Wed, 18 Oct 2023 13:40:27 -0700 (PDT) MIME-Version: 1.0 References: <20230912205658.3432-1-casey.ref@schaufler-ca.com> <20230912205658.3432-1-casey@schaufler-ca.com> <468436cf766732a3cfc55d07ad119a6ccdc815c1.camel@huaweicloud.com> <6f33144c850c40e9438a6de2cf3004e223508755.camel@huaweicloud.com> <2637d5294d4a7ae871f1b758f5a30234836e2463.camel@huaweicloud.com> <283bf52d-af6e-4d20-a5ba-d98511c2e530@huaweicloud.com> <80f05011bf9fe19bde1f923e98c2db69ffc91065.camel@linux.ibm.com> In-Reply-To: <80f05011bf9fe19bde1f923e98c2db69ffc91065.camel@linux.ibm.com> From: Paul Moore Date: Wed, 18 Oct 2023 16:40:16 -0400 Message-ID: Subject: Re: [PATCH v15 00/11] LSM: Three basic syscalls To: Mimi Zohar Cc: Roberto Sassu , Casey Schaufler , linux-security-module@vger.kernel.org, jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, linux-integrity@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 18 Oct 2023 13:40:45 -0700 (PDT) On Wed, Oct 18, 2023 at 4:23=E2=80=AFPM Mimi Zohar wr= ote: > On Wed, 2023-10-18 at 12:35 -0400, Paul Moore wrote: > > On Wed, Oct 18, 2023 at 10:15=E2=80=AFAM Roberto Sassu > > wrote: > > > On 10/18/2023 3:09 PM, Mimi Zohar wrote: > > > > ... > > > > > > I agree with Roberto. All three should be defined: LSM_ID_INTEGRIT= Y, > > > > LSM_ID_IMA, LSM_ID_EVM. > > > > > > I did not try yet, but the 'integrity' LSM does not need an LSM ID. W= ith > > > the last version adding hooks to 'ima' or 'evm', it should be suffici= ent > > > to keep DEFINE_LSM(integrity) with the request to store a pointer in = the > > > security blob (even the init function can be a dummy function). > > > > First off, this *really* should have been brought up way, way, *way* > > before now. This patchset has been discussed for months, and bringing > > up concerns in the eleventh hour is borderline rude. > > As everyone knows IMA and EVM are not LSMs at this point. Considering all the work Roberto has been doing to make that happen, not to mention the discussions we've had on this topic, that's an awfully small technicality to use as the basis of an argument. > So the only thing that is "rude" is the way you're responding in this > thread. Agree to disagree. > > At least we haven't shipped this in a tagged release from Linus yet, > > so there is that. > > What does that have to do with anything?! Code changes. Code can change, Linux kernel APIs should not change. --=20 paul-moore.com