Re: [PATCH v6 0/4] LSM: Measure security module data
From: Lakshmi Ramasubramanian
Date: Wed Aug 05 2020 - 13:27:57 EST
On 8/5/20 10:03 AM, Mimi Zohar wrote:
On Wed, 2020-08-05 at 10:45 -0500, Tyler Hicks wrote:
In addition to SELINUX_STATE and SELINUX_POLICY, we should also consider
the proposed LSM_STATE and LSM_POLICY func values but require an "lsm"
So the current proposed rules:
measure func=LSM_STATE lsm=selinux
measure func=LSM_POLICY lsm=selinux
The following rules would be rejected:
measure func=LSM_STATE lsm=apparmor
measure func=LSM_POLICY lsm=smack
Kees is cleaning up the firmware code which differentiated between how
firmware was loaded. There will be a single firmware enumeration.
Similarly, the new IMA hook to measure critical state may be placed in
multiple places. Is there really a need from a policy perspective for
differentiating the source of the critical state being measurind? The
data being measured should include some identifying information.
Yes Mimi - SELinux is including the identifying information in the
"event name" field. Please see a sample measurement of STATE and POLICY
for SELinux below:
10 e32e...5ac3 ima-buf sha256:86e8...4594
10 f4a7...9408 ima-ng sha256:8d1d...1834
I think moving away from the idea that measuring "critical" data should
be limited to LSMs, will clarify this.
Are you suggesting that instead of calling the hooks LSM_STATE and
LSM_POLICY, we should keep it more generic so that it can be utilized by
any subsystem to measure their "critical data"?
I think that is a good idea.