[PATCH v6 0/4] LSM: Measure security module data

Mimi Zohar zohar at linux.ibm.com
Wed Aug 5 17:03:28 UTC 2020


On Wed, 2020-08-05 at 10:45 -0500, Tyler Hicks wrote:

> In addition to SELINUX_STATE and SELINUX_POLICY, we should also consider
> the proposed LSM_STATE and LSM_POLICY func values but require an "lsm"
> rule conditional.
> 
> So the current proposed rules:
> 
>  measure func=LSM_STATE
>  measure func=LSM_POLICY
> 
> Would become:
> 
>  measure func=LSM_STATE lsm=selinux
>  measure func=LSM_POLICY lsm=selinux
> 
> The following rules would be rejected:
> 
>  measure func=LSM_STATE
>  measure func=LSM_POLICY
>  measure func=LSM_STATE lsm=apparmor
>  measure func=LSM_POLICY lsm=smack

Kees is cleaning up the firmware code which differentiated between how
firmware was loaded.   There will be a single firmware enumeration.

Similarly, the new IMA hook to measure critical state may be placed in
multiple places.  Is there really a need from a policy perspective for
differentiating the source of the critical state being measurind?   The
data being measured should include some identifying information.

I think moving away from the idea that measuring "critical" data should
be limited to LSMs, will clarify this.

Mimi



More information about the Linux-security-module-archive mailing list