[RFC PATCH v9 09/16] block|security: add LSM blob to block_device
Fan Wu
wufan at linux.microsoft.com
Tue Jan 31 23:01:00 UTC 2023
On Tue, Jan 31, 2023 at 12:53:59AM -0800, Christoph Hellwig wrote:
> On Mon, Jan 30, 2023 at 02:57:24PM -0800, Fan Wu wrote:
> > From: Deven Bowers <deven.desai at linux.microsoft.com>
> >
> > block_device structures can have valuable security properties,
> > based on how they are created, and what subsystem manages them.
>
> That's a lot of cloudy talk but no real explanation.
Sorry for being too general here. Currently the only use target of this hook is dm-verity. We use the newly added security hook to save the dm-verity roothash and signature to the new bdev security blob during the bdev creation time, so LSMs can leverage this information to protect the system.
I will add this example in the next version.
-Fan
More information about the Linux-security-module-archive
mailing list