Re: [PATCH v2 0/4] Firmware LSM hook

Next message: Michael Bommarito: "[PATCH net] NFC: digital: bound SENSF response copy into nfc_target"
Previous message: Brett A C Sheffield: "Re: [PATCH 6.19 00/86] 6.19.13-rc1 review"
In reply to: Jason Gunthorpe: "Re: [PATCH v2 0/4] Firmware LSM hook"
Next in thread: Casey Schaufler: "Re: [PATCH v2 0/4] Firmware LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Casey Schaufler

Date: Mon Apr 13 2026 - 13:46:43 EST

On 4/13/2026 9:42 AM, Jason Gunthorpe wrote:
> On Sun, Apr 12, 2026 at 09:38:35PM -0400, Paul Moore wrote:
>>> We are not limited to LSM solution, the goal is to intercept commands
>>> which are submitted to the FW and "security" bucket sounded right to us.
>> Yes, it does sound "security relevant", but without a well defined
>> interface/format it is going to be difficult to write a generic LSM to
>> have any level of granularity beyond a basic "load firmware"
>> permission.
> I think to step back a bit, what this is trying to achieve is very
> similar to the iptables fwmark/secmark scheme.
>
> secmark allows the user to specify programmable rules via iptables
> which results in each packet being tagged with a SELinux context and
> then the userspace policy can consume that and make security decision
> based on that.

If you want to pursue something like this DO NOT USE A u32 TO REPRESENT
THE SECURITY CONTEXT! Use a struct lsm_context pointer. The limitations
imposed by a "secid" don't show up in SELinux, which introduced them, but
they sure do in Smack, and they really gum up the works for general LSM
stacking.