[PATCH V40 04/29] lockdown: Enforce module signatures if the kernel is locked down
Matthew Garrett
mjg59 at google.com
Wed Sep 4 16:57:52 UTC 2019
On Fri, Aug 30, 2019 at 9:31 AM David Howells <dhowells at redhat.com> wrote:
>
> Matthew Garrett <matthewgarrett at google.com> wrote:
>
> > enum lockdown_reason {
> > LOCKDOWN_NONE,
> > + LOCKDOWN_MODULE_SIGNATURE,
> > LOCKDOWN_INTEGRITY_MAX,
> > LOCKDOWN_CONFIDENTIALITY_MAX,
> > };
>
> Aren't you mixing disjoint sets?
The goal is to be able to check whether any given lockdown reason is a
matter of integrity or confidentiality in a straightforward way.
> > + [LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
>
> Wouldn't it be better to pass this string as a parameter to
> security_locked_down()?
I thought about that, but it's not how any other LSM hooks behave. I
think it's probably easier to revisit that when we see how other LSMs
want to make use of the data.
More information about the Linux-security-module-archive
mailing list