Re: [PATCH V33 01/30] security: Support early LSMs

From: Matthew Garrett
Date: Fri Jun 21 2019 - 15:28:00 EST

Next message: Matthew Garrett: "Re: [PATCH V33 02/30] security: Add a "locked down" LSM hook"
Previous message: Matthew Garrett: "Re: [PATCH V33 01/30] security: Support early LSMs"
In reply to: Andy Lutomirski: "Re: [PATCH V33 01/30] security: Support early LSMs"
Next in thread: Matthew Garrett: "[PATCH V33 03/30] security: Add a static lockdown policy LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 20, 2019 at 10:23 PM Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>
> On Thu, Jun 20, 2019 at 6:22 PM Matthew Garrett
> <matthewgarrett@xxxxxxxxxx> wrote:
> >
> > The lockdown module is intended to allow for kernels to be locked down
> > early in boot - sufficiently early that we don't have the ability to
> > kmalloc() yet. Add support for early initialisation of some LSMs, and
> > then add them to the list of names when we do full initialisation later.
>
> I'm confused. What does it even mean to lock down the kernel before
> we're ready to run userspace code? We can't possibly be attacked by
> user code before there is any to attack us.

Certain kernel parameters can be disabled by lockdown, so we want to
have policy available before that parsing happens.

Next message: Matthew Garrett: "Re: [PATCH V33 02/30] security: Add a "locked down" LSM hook"
Previous message: Matthew Garrett: "Re: [PATCH V33 01/30] security: Support early LSMs"
In reply to: Andy Lutomirski: "Re: [PATCH V33 01/30] security: Support early LSMs"
Next in thread: Matthew Garrett: "[PATCH V33 03/30] security: Add a static lockdown policy LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]