Re: [PATCH 01/12] Add support for indicating that the booted kernel is externally trusted
From: Pavel Machek
Date: Mon Mar 31 2014 - 10:49:42 EST
On Wed 2014-02-26 15:11:02, Matthew Garrett wrote:
> Provide a boolean runtime configuration option for restricting userspace's
> ability to modify the running kernel. This can be used when some external
> validation of the kernel's state has been performed.
I still don't like the idea, but...
> +Once enabled. trusted kernel support may not be disabled without rebooting
> +the system.
"enabled,"
> @@ -3091,6 +3091,14 @@ static inline void security_audit_rule_free(void *lsmrule)
> #endif /* CONFIG_SECURITY */
> #endif /* CONFIG_AUDIT */
>
> +#ifdef CONFIG_SECURITY_TRUSTED_KERNEL
> +extern bool get_trusted_kernel(void);
> +extern int set_trusted_kernel(bool new_trusted_kernel);
> +#else
> +static inline bool get_trusted_kernel(void) { return 0; }
> +static inline int set_trusted_kernel(bool new_trusted_kernel) { return 0; }
> +#endif /* CONFIG_TRUSTED_KERNEL */
comment does not match ifdef. (And _SECURITY is really superfluous here, maybe shorter
option would be better?)
> + length = -EINVAL;
> + if (sscanf(page, "%d", &new_trusted_kernel) != 1)
> + goto out;
> +
> + length = set_trusted_kernel(!!new_trusted_kernel);
If someone writes 2 to the sysfs, it would be better to return einval than trying
to second guess him...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/