Re: [PATCH RFC v10 1/17] security: add ipe lsm

From: Paul Moore
Date: Sat Jul 08 2023 - 01:37:06 EST

Next message: Paul Moore: "Re: [PATCH RFC v10 2/17] ipe: add policy parser"
Previous message: Yin, Fengwei: "Re: [RFC PATCH 0/3] support large folio for mlock"
Next in thread: Fan Wu: "Re: [PATCH RFC v10 1/17] security: add ipe lsm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 28, 2023 Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx> wrote:
>
> Integrity Policy Enforcement (IPE) is an LSM that provides an
> complimentary approach to Mandatory Access Control than existing LSMs
> today.
>
> Existing LSMs have centered around the concept of access to a resource
> should be controlled by the current user's credentials. IPE's approach,
> is that access to a resource should be controlled by the system's trust
> of a current resource.
>
> The basis of this approach is defining a global policy to specify which
> resource can be trusted.
>
> Signed-off-by: Deven Bowers <deven.desai@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx>
> ---
> MAINTAINERS | 7 +++++++
> security/Kconfig | 11 ++++++-----
> security/Makefile | 1 +
> security/ipe/Kconfig | 17 +++++++++++++++++
> security/ipe/Makefile | 10 ++++++++++
> security/ipe/ipe.c | 37 +++++++++++++++++++++++++++++++++++++
> security/ipe/ipe.h | 16 ++++++++++++++++
> 7 files changed, 94 insertions(+), 5 deletions(-)
> create mode 100644 security/ipe/Kconfig
> create mode 100644 security/ipe/Makefile
> create mode 100644 security/ipe/ipe.c
> create mode 100644 security/ipe/ipe.h

...

> diff --git a/MAINTAINERS b/MAINTAINERS
> index a82795114ad4..ad00887d38ea 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -10278,6 +10278,13 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> F: security/integrity/
> F: security/integrity/ima/
>
> +INTEGRITY POLICY ENFORCEMENT (IPE)
> +M: Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx>
> +L: linux-security-module@xxxxxxxxxxxxxxx
> +S: Supported
> +T: git git://github.com/microsoft/ipe.git

Using the raw git protocol doesn't seem to work with GH, I think you
need to refernce the git/https URL:

https://github.com/microsoft/ipe.git

> +F: security/ipe/
> +
> INTEL 810/815 FRAMEBUFFER DRIVER
> M: Antonino Daplas <adaplas@xxxxxxxxx>
> L: linux-fbdev@xxxxxxxxxxxxxxx
> diff --git a/security/Kconfig b/security/Kconfig
> index 97abeb9b9a19..daa4626ea99c 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -202,6 +202,7 @@ source "security/yama/Kconfig"
> source "security/safesetid/Kconfig"
> source "security/lockdown/Kconfig"
> source "security/landlock/Kconfig"
> +source "security/ipe/Kconfig"
>
> source "security/integrity/Kconfig"
>
> @@ -241,11 +242,11 @@ endchoice
>
> config LSM
> string "Ordered list of enabled LSMs"
> - default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
> - default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
> - default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
> - default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC
> - default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf"
> + default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf,ipe" if DEFAULT_SECURITY_SMACK
> + default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf,ipe" if DEFAULT_SECURITY_APPARMOR
> + default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf,ipe" if DEFAULT_SECURITY_TOMOYO
> + default "landlock,lockdown,yama,loadpin,safesetid,bpf,ipe" if DEFAULT_SECURITY_DAC
> + default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf,ipe"

Generally speaking the BPF LSM should be the last entry in the LSM
list to help prevent issues caused by a BPF LSM returning an improper
error and shortcutting a LSM after it.

> help
> A comma-separated list of LSMs, in initialization order.
> Any LSMs left off this list, except for those with order

...

> diff --git a/security/ipe/Makefile b/security/ipe/Makefile
> new file mode 100644
> index 000000000000..571648579991
> --- /dev/null
> +++ b/security/ipe/Makefile
> @@ -0,0 +1,10 @@
> +# SPDX-License-Identifier: GPL-2.0
> +#
> +# Copyright (C) Microsoft Corporation. All rights reserved.
> +#
> +# Makefile for building the IPE module as part of the kernel tree.
> +#
> +
> +obj-$(CONFIG_SECURITY_IPE) += \
> + hooks.o \
> + ipe.o \

It doesn't look like security/ipe/hook.c is included in this patch.

It is important to ensure that each patch compiles after it is
applied.

--
paul-moore.com

Next message: Paul Moore: "Re: [PATCH RFC v10 2/17] ipe: add policy parser"
Previous message: Yin, Fengwei: "Re: [RFC PATCH 0/3] support large folio for mlock"
Next in thread: Fan Wu: "Re: [PATCH RFC v10 1/17] security: add ipe lsm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]