[dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)
Chuck Lever
chucklever at gmail.com
Wed Aug 12 14:18:41 UTC 2020
> On Aug 11, 2020, at 5:03 PM, James Morris <jmorris at namei.org> wrote:
>
> On Sat, 8 Aug 2020, Chuck Lever wrote:
>
>> My interest is in code integrity enforcement for executables stored
>> in NFS files.
>>
>> My struggle with IPE is that due to its dependence on dm-verity, it
>> does not seem to able to protect content that is stored separately
>> from its execution environment and accessed via a file access
>> protocol (FUSE, SMB, NFS, etc).
>
> It's not dependent on DM-Verity, that's just one possible integrity
> verification mechanism, and one of two supported in this initial
> version. The other is 'boot_verified' for a verified or otherwise trusted
> rootfs. Future versions will support FS-Verity, at least.
>
> IPE was designed to be extensible in this way, with a strong separation of
> mechanism and policy.
I got that, but it looked to me like the whole system relied on having
access to the block device under the filesystem. That's not possible
for a remote filesystem like Ceph or NFS.
I'm happy to take a closer look if someone can point me the right way.
--
Chuck Lever
chucklever at gmail.com
More information about the Linux-security-module-archive
mailing list