[PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA
Greg Kroah-Hartman
gregkh at linuxfoundation.org
Sat Feb 26 08:07:42 UTC 2022
On Fri, Feb 25, 2022 at 02:11:04PM -0500, Mimi Zohar wrote:
> On Fri, 2022-02-25 at 08:41 +0000, Roberto Sassu wrote:
> > > From: Mimi Zohar [mailto:zohar at linux.ibm.com]
> > > Sent: Friday, February 25, 2022 1:22 AM
> > > Hi Roberto,
> > >
> > > On Tue, 2022-02-15 at 13:40 +0100, Roberto Sassu wrote:
> > > > Extend the interoperability with IMA, to give wider flexibility for the
> > > > implementation of integrity-focused LSMs based on eBPF.
> > >
> > > I've previously requested adding eBPF module measurements and signature
> > > verification support in IMA. There seemed to be some interest, but
> > > nothing has been posted.
> >
> > Hi Mimi
> >
> > for my use case, DIGLIM eBPF, IMA integrity verification is
> > needed until the binary carrying the eBPF program is executed
> > as the init process. I've been thinking to use an appended
> > signature to overcome the limitation of lack of xattrs in the
> > initial ram disk.
>
> I would still like to see xattrs supported in the initial ram disk.
> Assuming you're still interested in pursuing it, someone would need to
> review and upstream it. Greg?
Me? How about the filesystem maintainers and developers? :)
There's a reason we never added xattrs support to ram disks, but I can't
remember why...
thanks,
gre gk-h
More information about the Linux-security-module-archive
mailing list