Re: [PATCH v2 4/5] LSM: Define SELinux function to measure security state

[Lakshmi Ramasubramanian]

On 7/16/20 12:45 PM, Stephen Smalley wrote:
> On Thu, Jul 16, 2020 at 3:13 PM Lakshmi Ramasubramanian
> <nramas@xxxxxxxxxxxxxxxxxxx> wrote:
> > On 7/16/20 11:54 AM, Stephen Smalley wrote:
> > > Not sure about this error handling approach (silent, proceeding as if
> > > the length was zero and then later failing with ENOMEM on every
> > > attempt?). I'd be more inclined to panic/BUG here but I know Linus
> > > doesn't like that.
> > I am not sure if failing (kernel panic/BUG) to "measure" LSM data under
> > memory pressure conditions is the right thing. But I am open to treating
> > this error as a fatal error. Please let me know.
>
> Let's at least log an error message since it otherwise silently
> disables all measuring of security state.
Agree - will log error messages as appropriate.

> Also not sure why we bother returning errors from
> selinux_measure_data() since nothing appears to check or use the
> result.
Maybe SELinux can log audit messages on failures, but I guess it may be 
better to do that closer to where the error occurs.

Will change selinux_measure_data() to void function.

> Don't know if integrity/IMA has any equivalent to the audit
> subsystem's concept of audit_failure settings to control whether
> errors that prevent auditing (measuring) are handled silently, with a
> log message, or via a panic.  If not, I guess that can be explored
> separately.

Yes - integrity subsystem logs audit messages for errors\failures.

 -lakshmi