[PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
mjg59 at google.com
Thu Mar 28 18:07:58 UTC 2019
On Wed, Mar 27, 2019 at 8:15 PM James Morris <jmorris at namei.org> wrote:
> OTOH, this seems like a combination of mechanism and policy. The 3 modes
> are a help here, but I wonder if they may be too coarse grained still,
> e.g. if someone wants to allow a specific mechanism according to their own
> threat model and mitigations.
In general the interfaces blocked by these patches could also be
blocked with an LSM, and I'd guess that people with more fine-grained
requirements would probably take that approach.
> Secure boot gives you some assurance of the static state of the system at
> boot time, and lockdown is certainly useful (with or without secure boot),
> but it's not a complete solution to runtime kernel integrity protection by
> any stretch of the imagination. I'm concerned about it being perceived as
What do you think the functionality gaps are in terms of ensuring
kernel integrity (other than kernel flaws that allow the restrictions
to be bypassed)?
More information about the Linux-security-module-archive