[RFC V2] IMA Log Snapshotting Design Proposal

Sush Shringarputale sushring at linux.microsoft.com
Tue Nov 14 18:36:36 UTC 2023



On 11/13/2023 10:59 AM, Stefan Berger wrote:
>
>
> On 10/19/23 14:49, Tushar Sugandhi wrote:
>> =======================================================================
>> | Introduction |
>> =======================================================================
>> This document provides a detailed overview of the proposed Kernel
>> feature IMA log snapshotting.  It describes the motivation behind the
>> proposal, the problem to be solved, a detailed solution design with
>> examples, and describes the changes to be made in the clients/services
>> which are part of remote-attestation system.  This is the 2nd version
>> of the proposal.  The first version is present here[1].
>>
>> Table of Contents:
>> ------------------
>> A. Motivation and Background
>> B. Goals and Non-Goals
>>      B.1 Goals
>>      B.2 Non-Goals
>> C. Proposed Solution
>>      C.1 Solution Summary
>>      C.2 High-level Work-flow
>> D. Detailed Design
>>      D.1 Snapshot Aggregate Event
>>      D.2 Snapshot Triggering Mechanism
>>      D.3 Choosing A Persistent Storage Location For Snapshots
>>      D.4 Remote-Attestation Client/Service-side Changes
>>          D.4.a Client-side Changes
>>          D.4.b Service-side Changes
>> E. Example Walk-through
>> F. Other Design Considerations
>> G. References
>>
>
> Userspace applications will have to know
> a) where are the shard files?
We describe the file storage location choices in section D.3, but user
applications will have to query the well-known location described there.
> b) how do I read the shard files while locking out the producer of the 
> shard files?
>
> IMO, this will require a well known config file and a locking method 
> (flock) so that user space applications can work together in this new 
> environment. The lock could be defined in the config file or just be 
> the config file itself.
The flock is a good idea for co-ordination between UM clients. While
the Kernel cannot enforce any access in this way, any UM process that
is planning on triggering the snapshot mechanism should follow that
protocol.  We will ensure we document that as the best-practices in
the patch series.
- Sush



More information about the Linux-security-module-archive mailing list