[PATCH v10 8/8] selinux: include a consumer of the new IMA critical data hook
zohar at linux.ibm.com
Thu Jan 14 16:50:34 UTC 2021
On Thu, 2021-01-14 at 11:44 -0500, Mimi Zohar wrote:
> [Cc'ing Sasha]
> Hi Lakshmi,
> On Thu, 2021-01-14 at 08:22 -0800, Lakshmi Ramasubramanian wrote:
> > On 1/13/21 6:49 PM, Mimi Zohar wrote:
> > >>> Lakshmi is trying to address the situation where an event changes a
> > >>> value, but then is restored to the original value. The original and
> > >>> subsequent events are measured, but restoring to the original value
> > >>> isn't re-measured. This isn't any different than when a file is
> > >>> modified and then reverted.
> > >>>
> > >>> Instead of changing the name like this, which doesn't work for files,
> > >>> allowing duplicate measurements should be generic, based on policy.
> > >>
> > >> Perhaps it is just the end of the day and I'm a bit tired, but I just
> > >> read all of the above and I have no idea what your current thoughts
> > >> are regarding this patch.
> > >
> > > Other than appending the timestamp, which is a hack, the patch is fine.
> > > Support for re-measuring an event can be upstreamed independently.
> > >
> > Thanks for clarifying the details related to duplicate measurement
> > detection and re-measuring.
> > I will keep the timestamp for the time being, even though its a hack, as
> > it helps with re-measuring state changes in SELinux. We will add support
> > for "policy driven" re-measurement as a subsequent patch series.
> Once including the timestamp is upstreamed, removing it will be
> difficult, especially if different userspace applications are dependent
> on it. Unless everyone is on board that removing the timestamp
> wouldn't be considered a regression, it cannot be upstreamed.
Feel free to just re-post just this one patch. Otherwise the patch set
More information about the Linux-security-module-archive