Re: [PATCH 4/5] LSM: Define SELinux function to measure security state

From: Stephen Smalley
Date: Mon Jun 15 2020 - 08:15:27 EST

Next message: Borislav Petkov: "Re: [PATCH] x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup"
Previous message: Christoph Hellwig: "[PATCH 02/13] autofs: switch to kernel_write"
In reply to: Stephen Smalley: "Re: [PATCH 4/5] LSM: Define SELinux function to measure security state"
Next in thread: Lakshmi Ramasubramanian: "Re: [PATCH 4/5] LSM: Define SELinux function to measure security state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 15, 2020 at 7:57 AM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
> I think I mentioned this on a previous version of these patches, but I
> would recommend including more than just the enabled and enforcing
> states in your measurement. Other low-hanging fruit would be the
> other selinux_state booleans (checkreqprot, initialized,
> policycap[0..__POLICYDB_CAPABILITY_MAX]). Going a bit further one
> could take a hash of the loaded policy by using security_read_policy()

On second thought, you probably a variant of security_read_policy()
since it would be a kernel-internal allocation and thus shouldn't use
vmalloc_user().

> and then computing a hash using whatever hash ima prefers over the
> returned data,len pair. You likely also need to think about how to
> allow future extensibility of the state in a backward-compatible
> manner, so that future additions do not immediately break systems
> relying on older measurements.

Next message: Borislav Petkov: "Re: [PATCH] x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup"
Previous message: Christoph Hellwig: "[PATCH 02/13] autofs: switch to kernel_write"
In reply to: Stephen Smalley: "Re: [PATCH 4/5] LSM: Define SELinux function to measure security state"
Next in thread: Lakshmi Ramasubramanian: "Re: [PATCH 4/5] LSM: Define SELinux function to measure security state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]