[PATCH v5 1/4] IMA: Add func to measure LSM state and policy
nramas at linux.microsoft.com
Thu Jul 30 16:33:03 UTC 2020
On 7/30/20 9:19 AM, Casey Schaufler wrote:
>>> Critical data structures of security modules need to be measured to
>>> enable an attestation service to verify if the configuration and
>>> policies for the security modules have been setup correctly and
>>> that they haven't been tampered with at runtime. A new IMA policy is
>>> required for handling this measurement.
>>> Define two new IMA policy func namely LSM_STATE and LSM_POLICY to
>>> measure the state and the policy provided by the security modules.
> If, as you suggest below, this is SELinux specific,
> these should be SELINUX_STATE and SELINUX_POLICY.
> It makes me very uncomfortable when I see LSM used
> in cases where SELinux is required. The LSM is supposed
> to be an agnostic interface, so if you need to throw
> if (IS_ENABLED(CONFIG_SECURITY_SELINUX) &&
> into the IMA code you're clearly not thinking in terms
> of the LSM layer. I have no problem with seeing SELinux
> oriented and/or specific code in IMA if that's what you want.
> Just don't call it LSM.
The hook defined in IMA is not SELinux specific - it is generic enough
to be used by any security module to measure their STATE and POLICY.
I have implemented the measurement for SELinux to illustrate the usage.
Tyler's suggestion was to allow this IMA policy only when component(s)
that are using it are also enabled.
More information about the Linux-security-module-archive