[PATCH] KEYS: refcount bug fix

ed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/keys/key.c| 3 +-- security/keys/keyctl.c | 17 +++-- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/security/keys/key.c b/security/keys/key.c index 09ef276..07a8731 100644 --- a/security/keys

Re: [RFC PATCH] X.509: Don't check the signature on apparently self-signed keys [ver #2]

On Wed, 2016-01-06 at 13:21 +, David Howells wrote: > Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > > The x509_validate_trust() was originally added for IMA to ensure, on a > > secure boot system, a certificate chain of trust rooted in hardware. > &g

Re: [RFC PATCH] X.509: Don't check the signature on apparently self-signed keys [ver #2]

On Tue, 2016-01-05 at 16:39 +, David Howells wrote: > Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > > You're missing Petko's patch: > > 41c89b6 IMA: create machine owner and blacklist keyrings > > Hmmm... This is wrong. x509_key_preparse() shouldn't be

Re: [PATCH] X.509: Partially revert patch to add validation against IMA MOK keyring

On Thu, 2016-01-07 at 00:34 +, David Howells wrote: > David Howells wrote: > > > Partially revert commit 41c89b64d7184a780f12f2cccdabe65cb2408893: > > > > Author: Petko Manolov > > Date: Wed Dec 2 17:47:55 2015 +0200 > > IMA: create

Re: [RFC PATCH] X.509: Don't check the signature on apparently self-signed keys [ver #2]

t; up as an attempt to load a certificate failing with -ERANGE or -EBADMSG. > This is produced from the RSA module when the result of calculating "m = > s^e mod n" is checked. > > Signed-off-by: David Howells <dhowe...@redhat.com> > cc: David Woodhouse <david.wo

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Tue, 2015-12-29 at 07:06 -0500, Mimi Zohar wrote: > On Tue, 2015-12-29 at 16:21 +0800, Dave Young wrote: > This policy flexibility is needed at least until all files come from > software providers with file signatures. (RPM has been modified to > include file signatures.) Even th

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Tue, 2015-12-29 at 16:21 +0800, Dave Young wrote: > Hi, Mimi > > On 12/28/15 at 07:51am, Mimi Zohar wrote: > > On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote: > > > On 12/25/15 at 09:45am, Mimi Zohar wrote: > > > > IMA calculates the file has

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote: > On 12/25/15 at 09:45am, Mimi Zohar wrote: > > IMA calculates the file hash, in this case, based on the buffer > > contents. The hash is calculated once and used for both measurement > > and appraisal. If the file inte

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Mon, 2015-12-28 at 10:08 +0800, Dave Young wrote: > On 12/25/15 at 09:45am, Mimi Zohar wrote: > > IMA calculates the file hash, in this case, based on the buffer > > contents. The hash is calculated once and used for both measurement > > and appraisal. If the file inte

Re: [Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

On Fri, 2015-12-25 at 13:33 +0800, Dave Young wrote: > Hi, Mimi > > CCing kexec list, not all kexec people subscribed to IMA list. > I just subscribed to it since Vivek CCed me last time about the V1 of this > series. Thanks! > On 12/23/15 at 06:55pm, Mimi Zohar wrote: >

[PATCH v2 2/7] ima: load policy using path

scription re-written by Luis R. Rodriguez Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/iint.c | 4 +--- security/integrity/ima/ima_fs.c | 39 ++- security/int

[PATCH v2 7/7] ima: require signed IMA policy

Require the IMA policy to be signed when additional rules can be added. Changelog v1: - initialize the policy flag - include IMA_APPRAISE_POLICY in the policy flag Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima_policy.c | 7 +++ 1 file chan

[PATCH v2 5/7] ima: measure and appraise firmware (improvement)

Instead of reading the firmware twice, once for measuring/appraising the firmware and again reading the file contents into memory, this patch reads the firmware once. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- drivers/base/firmware_class.c | 5 + include/linux

[PATCH v2 0/7] ima: measuring/appraising files read by the kernel

image and initramfs. Mimi Dmitry Kasatkin (3): ima: separate 'security.ima' reading functionality from collect ima: load policy using path ima: provide buffer hash calculation function Mimi Zohar (4): ima: measure and appraise kexec image and initramfs ima: measure and appraise firmware

[PATCH v2 6/7] ima: measure and appraise the IMA policy itself

Call ima_hash_and_process_file() to measure and appraise the IMA policy. This patch defines a new policy hook named POLICY_CHECK. Changelog v2: - remove S_ISREG() test Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- include/linux/ima.h | 1 + security/int

[PATCH v2 1/7] ima: separate 'security.ima' reading functionality from collect

h algo to the ima_collect_measurement(). Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h | 15 +++ security/integrity/ima/ima_api.c | 15 +++ secu

[PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

the kexec image and initramfs. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- Documentation/ABI/testing/ima_policy | 2 +- include/linux/ima.h | 16 ++ kernel/kexec_file.c | 24 security/integrity/iint.c

[PATCH v2 3/7] ima: provide buffer hash calculation function

From: Dmitry Kasatkin <d.kasat...@samsung.com> This patch provides convenient buffer hash calculation function. Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h| 2 ++ secu

Re: [PATCH] IMA: policy can be updated zero times

On Wed, 2015-12-23 at 13:47 +0200, Petko Manolov wrote: > On 15-12-22 16:50:01, Sasha Levin wrote: > > On 12/22/2015 04:40 PM, Petko Manolov wrote: > > >> Thanks, Sasha. By the time ima_update_policy() is called > > >> >ima_release_policy() has already output the policy update status > > >>

Re: [Linux-ima-devel] [PATCH] IMA: policy can be updated zero times

On Wed, 2015-12-23 at 07:24 -0500, Mimi Zohar wrote: > On Wed, 2015-12-23 at 13:47 +0200, Petko Manolov wrote: > > > On 15-12-22 16:50:01, Sasha Levin wrote: > > > On 12/22/2015 04:40 PM, Petko Manolov wrote: > > > >> Thanks, Sasha. By th

Re: [PATCH v1 5/7] ima: measure and appraise firmware (improvement)

On Mon, 2015-12-21 at 22:44 +0100, Luis R. Rodriguez wrote: > > Eventually, once we generalize a common read perhaps we should stuff this > into VFS common code and provide arguments to enable callers to provide > restrictions or requirements. Let's work together on that after the holidays. > >

[GIT PULL] linux-integrity changes for 4.5

reset EVM status when file attributes change Mimi Zohar (3): KEYS: prevent keys from being removed from specified keyrings IMA: prevent keys on the .ima_blacklist from being removed ima: update appraise flags after policy update completes Paul Gortmaker (1): security/integrity

Re: [PATCH v1 6/7] ima: measure and appraise the IMA policy itself

On Thu, 2015-12-17 at 23:03 +0100, Luis R. Rodriguez wrote: > On Tue, Dec 08, 2015 at 01:01:23PM -0500, Mimi Zohar wrote: > > diff --git a/security/integrity/iint.c b/security/integrity/iint.c > > index 8a45576..4d149c9 100644 > > --- a/security/integrity/iint.c > > +++

Re: [PATCH v1 5/7] ima: measure and appraise firmware (improvement)

On Thu, 2015-12-17 at 22:06 +0100, Luis R. Rodriguez wrote: > On Tue, Dec 08, 2015 at 01:01:22PM -0500, Mimi Zohar wrote: > > diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c > > index 8524450..dcd902f 100644 > > --- a/drivers/base/firmware_class.c &

Re: [PATCH v1 4/7] ima: measure and appraise kexec image and initramfs

On Thu, 2015-12-17 at 14:45 +0800, Dave Young wrote: > On 12/08/15 at 02:15pm, Mimi Zohar wrote: > > On Tue, 2015-12-08 at 13:32 -0500, Vivek Goyal wrote: > > > On Tue, Dec 08, 2015 at 01:01:21PM -0500, Mimi Zohar wrote: > > > > > > [..] > > > >

Re: [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy

On Sun, 2015-12-13 at 17:42 +0200, Jarkko Sakkinen wrote: > TPM2 supports authorization policies, which are essentially > combinational logic statements repsenting the conditions where the data > can be unsealed based on the TPM state. This patch enables to use > authorization policies to seal

Re: [PATCH v2 1/3] keys, trusted: fix: *do not* allow duplicate key options

On Sun, 2015-12-13 at 17:42 +0200, Jarkko Sakkinen wrote: > The trusted keys option parsing allows specifying the same option > multiple times. The last option value specified is used. > > This can be seen as a regression because: > > * No gain. > * Could be problematic if there is be options

Re: [PATCH v2 2/2] integrity: convert digsig to akcipher api

On Sat, 2015-12-12 at 18:26 -0800, Tadeusz Struk wrote: > Convert asymmetric_verify to akcipher api. > > Signed-off-by: Tadeusz Struk > --- > security/integrity/Kconfig |1 + > security/integrity/digsig_asymmetric.c | 10 +++--- > 2 files changed,

Re: [PATCH 0/2] crypto: KEYS: convert public key to akcipher api

On Thu, 2015-12-10 at 10:39 -0800, Tadeusz Struk wrote: > Hi Mimi, > On 12/10/2015 10:25 AM, Mimi Zohar wrote: > >> This patch set converts the module verification and digital signature > >> > code to the new akcipher API. > >> > RSA implementation has b

Re: [PATCH v1 7/7] ima: require signed IMA policy

On Thu, 2015-12-10 at 21:12 +0200, Petko Manolov wrote: > On 15-12-08 13:01:24, Mimi Zohar wrote: > > Require the IMA policy to be signed when additional rules can be added. > > > > Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> > > --- > >

Re: [PATCH 0/2] crypto: KEYS: convert public key to akcipher api

On Thu, 2015-12-10 at 14:37 -0500, Mimi Zohar wrote: > On Thu, 2015-12-10 at 10:39 -0800, Tadeusz Struk wrote: > > Hi Mimi, > > On 12/10/2015 10:25 AM, Mimi Zohar wrote: > > >> This patch set converts the module verification and digital signature > > >> >

Re: [PATCH 0/2] crypto: KEYS: convert public key to akcipher api

On Wed, 2015-12-09 at 15:52 -0800, Tadeusz Struk wrote: > This patch set converts the module verification and digital signature > code to the new akcipher API. > RSA implementation has been removed from crypto/asymmetric_keys and the > new API is used for cryptographic primitives. > There is no

Re: [PATCH 2/2] keys, trusted: seal with a policy

On Wed, 2015-12-09 at 16:24 +0200, Jarkko Sakkinen wrote: > On Tue, Dec 08, 2015 at 06:56:17PM -0500, Mimi Zohar wrote: > > On Tue, 2015-12-08 at 22:24 +0200, Jarkko Sakkinen wrote: > > > On Tue, Dec 08, 2015 at 01:01:02PM +0200, Jarkko Sakkinen wrote: > > > > On T

[PATCH v1 7/7] ima: require signed IMA policy

Require the IMA policy to be signed when additional rules can be added. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima_policy.c | 4 1 file changed, 4 insertions(+) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_po

[PATCH v1 5/7] ima: measure and appraise firmware (improvement)

Instead of reading the firmware twice, once for measuring/appraising the firmware and again reading the file contents into memory, this patch reads the firmware once. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- drivers/base/firmware_class.c | 15 +++ i

[PATCH v1 0/7] ima: measuring/appraising files read by the kernel

: separate 'security.ima' reading functionality from collect ima: load policy using path Mimi Zohar (5): ima: update appraise flags after policy update completes ima: measure and appraise kexec image and initramfs ima: measure and appraise firmware (improvement) ima: measure and appraise the IMA

[PATCH v1 2/7] ima: separate 'security.ima' reading functionality from collect

h algo to the ima_collect_measurement(). Signed-off-by: Dmitry Kasatkin <d.kasat...@samsung.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima.h | 15 +++ security/integrity/ima/ima_api.c | 15 +++ secu

Re: [PATCH v1 4/7] ima: measure and appraise kexec image and initramfs

On Tue, 2015-12-08 at 13:32 -0500, Vivek Goyal wrote: > On Tue, Dec 08, 2015 at 01:01:21PM -0500, Mimi Zohar wrote: > > [..] > > #ifdef CONFIG_IMA_APPRAISE > > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c > > index b70ada0..18c4a84 100644 > > --- a/ker

Re: [RFC] KEYS: Exposing {a,}symmetric key ops to userspace and other bits

On Sun, 2015-11-22 at 09:41 -0500, Mimi Zohar wrote: > On Fri, 2015-11-20 at 11:07 +, David Howells wrote: > > > > (*) Add Mimi's patches to allow keys/keyrings to be marked undeletable. > > This > > is for the purpose of creating blacklists

Re: [PATCH v6 0/3] IMA policy read/write and new IMA keyrings;

On Wed, 2015-12-02 at 17:47 +0200, Petko Manolov wrote: > Difference since v5 of the patches: > > - better description of patch #3; > - added missing IMA_DIGSIG_REQUIRED & IMA_PERMIT_DIRECTIO flags; > > This patch-set consists of three separate patches that do the following: > > 1) Allows

Re: keyring timestamps

On Tue, 2015-12-01 at 21:58 +0200, Petko Manolov wrote: > First off, this is not a real patch rather than my idea in a C form. I feel > uncertain about a few points: > > 0) does keyrings keep a timestamp when created or last updated? David? > > 1) is jiffies(_64) the best thing

Re: [PATCH 1/2] KEYS: Reserve an extra certificate symbol for inserting without recompiling

insert an additional or different certificate needs to remove the existing compressed image. Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com> > --- > certs/Kconfig | 16 ++ > certs/system_certificates.S | 12 ++ > scripts/.gitignore |

[PATCH 5/5] ima: read firmware only once

time it is read, there's no need for the firmware specific cache status. This patch removes the firmware specific cache status and replaces it with the generic read status. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- drivers/base/firmware_class.c | 7 ++- include

[PATCH 3/5] ima: ignore the kexec cache status

Each time kexec loads an image, ignore the kexec cached status and re-measure/re-appraise the image. This patch replaces the iint kexec status with a generic read status in preparation for measuring/verifying other files. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- se

[PATCH 2/5] ima: measure and appraise kexec image

, and at the same time hash, a kexec'ed image. After reading and hashing the file, ima_read_file_from_fd() calls ima_process_measurement() to measure and appraise the file. This patch defines a new policy "func" named KEXEC_CHECK to measure and/or appraise the kexec image. Signed-off-by:

[PATCH 1/5] ima: separate 'security.ima' reading functionality from collect

From: Dmitry Kasatkin Instead of playing with setting and passing pointers to pointers to the ima_collect_measurent() to read and return 'security.ima' xattr value, this patch moves functionality to the calling process_measurement() to directly read xattr and pass only

Re: [PATCH v5 2/3] Create IMA machine owner and blacklist keyrings;

On Mon, 2015-11-02 at 00:32 +0200, Petko Manolov wrote: > This option creates IMA MOK and blacklist keyrings. IMA MOK is an > intermediate keyring that sits between .system and .ima keyrings, > effectively forming a simple CA hierarchy. To successfully import a key > into .ima_mok it must be

Re: [PATCH v5 3/3] Allows reading back the current IMA policy;

On Tue, 2015-11-10 at 18:01 +0200, Petko Manolov wrote: > On 15-11-09 09:30:58, Mimi Zohar wrote: > > On Mon, 2015-11-02 at 00:39 +0200, Petko Manolov wrote: > > > > > + > > > +#ifdef CONFIG_IMA_READ_POLICY > > > +enum { > > > + mask_err

Re: [PATCH v5 3/3] Allows reading back the current IMA policy;

On Mon, 2015-11-02 at 00:39 +0200, Petko Manolov wrote: > + > +#ifdef CONFIG_IMA_READ_POLICY > +enum { > + mask_err = -1, > + mask_exec = 1, mask_write, mask_read, mask_append > +}; > + > +static match_table_t mask_tokens = { > + {mask_exec, "MAY_EXEC"}, > + {mask_write,

Re: [PATCHv3 0/6] integrity: few EVM patches

On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote: > Hi, > > IMA module provides functionality to load x509 certificates into the > trusted '.ima' keyring. This is patchset adds the same functionality > to the EVM as well. Also it provides functionality to set EVM key from > the kernel

Re: [PATCH v2 1/3] keys, trusted: select the hash algorithm

On Tue, 2015-11-03 at 09:39 +0200, Jarkko Sakkinen wrote: > On Mon, Nov 02, 2015 at 07:16:49AM -0500, Mimi Zohar wrote: > > On Fri, 2015-10-30 at 13:35 +0200, Jarkko Sakkinen wrote: > > > > > @@ -787,6 +791,20 @@ static int getoptions(char *c, struct > &

Re: [PATCH v2 1/3] keys, trusted: select the hash algorithm

On Fri, 2015-10-30 at 13:35 +0200, Jarkko Sakkinen wrote: > @@ -787,6 +791,20 @@ static int getoptions(char *c, struct > trusted_key_payload *pay, > return -EINVAL; > opt->pcrlock = lock; > break; > + case

Re: [PATCH RFC] tpm: seal with a policy

On Sat, 2015-10-31 at 17:53 +0200, Jarkko Sakkinen wrote: > Support for sealing with a policy. > > Two new options for trusted keys: > > * 'policydigest=': provide a policydigest for the seal operation. > * 'policyhandle=': provide handle for a policy session for unsealing. Please expand the

Re: [PATCH v4 1/3] Enable multiple writes to the IMA policy;

On Sat, 2015-10-24 at 17:04 +0300, Dmitry Kasatkin wrote: > On Sat, Oct 24, 2015 at 3:28 PM, Petko Manolov wrote: > > On 15-10-23 20:13:41, Dmitry Kasatkin wrote: > >> On Fri, Oct 23, 2015 at 3:29 PM, Petko Manolov wrote: > >> > > >> > I was actually

Re: [PATCH v4 1/3] Enable multiple writes to the IMA policy;

On Tue, 2015-10-27 at 00:03 +0200, Petko Manolov wrote: > On 15-10-26 22:39:28, Dmitry Kasatkin wrote: > > Can you please still explain when multiple policy writers can content? I > > 100% > > understand the role of mutex > > Ignore the high level requirements for the moment. Every time

Re: [PATCH v4 1/3] Enable multiple writes to the IMA policy;

On Mon, 2015-10-26 at 16:01 +0200, Petko Manolov wrote: > On 15-10-25 07:50:32, Mimi Zohar wrote: > > On Sat, 2015-10-24 at 17:06 +0300, Dmitry Kasatkin wrote: > > > > > > @@ -171,9 +172,8 @@ static int __init > > > > default_appraise_policy_setup(char *

Re: [PATCH] keys, trusted: select TPM2 hash algorithm

On Sat, 2015-10-24 at 15:42 +0300, Jarkko Sakkinen wrote: > Added 'hashalg=' option for selecting the hash algorithm. > > Currently available options are: > > * sha1 > * sha256 > * sha384 > * sha512 > * sm3_256 Please consider using crypto/hash_info.c: hash_algo_name[], which already define the

Re: [PATCHv3 1/6] integrity: define '.evm' as a builtin 'trusted' keyring

On Fri, 2015-10-23 at 16:05 +0300, Petko Manolov wrote: > On 15-10-22 21:49:25, Dmitry Kasatkin wrote: > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > > index df30334..a292b88 100644 > > --- a/security/integrity/ima/Kconfig > > +++

Re: [PATCHv3 4/6] evm: provide a function to set EVM key from the kernel

On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote: > Crypto HW kernel module can possibly initialize EVM key from the > kernel __init code to enable EVM before calling 'init' process. > This patch provide a function evm_set_key() which can be used to > set custom key directly to EVM without

Re: [PATCH 00/10] KEYS: Change how keys are determined to be trusted

On Wed, 2015-10-21 at 16:13 +0100, David Howells wrote: > Here's a set of patches that changes how keys are determined to be trusted > - currently, that's a case of whether a key has KEY_FLAG_TRUSTED set upon > it. A keyring can then have a flag set (KEY_FLAG_TRUSTED ONLY) that > indicates that

Re: [PATCH 00/10] KEYS: Change how keys are determined to be trusted

On Wed, 2015-10-21 at 13:21 -0400, Josh Boyer wrote: > On Wed, Oct 21, 2015 at 1:02 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > On Wed, 2015-10-21 at 16:13 +0100, David Howells wrote: > >> Here's a set of patches that changes how keys are determined to be trusted

Re: [PATCH 00/10] KEYS: Change how keys are determined to be trusted

On Wed, 2015-10-21 at 14:21 -0400, Josh Boyer wrote: > On Wed, Oct 21, 2015 at 2:11 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > On Wed, 2015-10-21 at 13:21 -0400, Josh Boyer wrote: > >> On Wed, Oct 21, 2015 at 1:02 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> &

Re: [PATCH v4 2/3] Create IMA machine owner keys (MOK) and blacklist keyrings;

On Wed, 2015-10-21 at 11:50 +0100, David Howells wrote: > Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > > Thinking about the blacklist keyring some more... > > Are we talking about a blacklist keyring that userspace can use - or can it be > only usable by

Re: [PATCH v4 2/3] Create IMA machine owner keys (MOK) and blacklist keyrings;

On Wed, 2015-10-21 at 11:52 +0100, David Howells wrote: > Petko Manolov wrote: > > > As far as i know there is no concept of write-once to a keyring in the > > kernel. David will correct me if i am wrong. I wonder how hard would it be > > to add such functionality, in case

Re: [PATCH v4 2/3] Create IMA machine owner keys (MOK) and blacklist keyrings;

On Wed, 2015-10-21 at 11:55 +0100, David Howells wrote: > Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > > > I need to think about this. Should -EKEYREVOKED be the same as -ENOKEY in > > > this case? I guess the end result is pretty much the same from IMA v

Re: [PATCH v4 3/3] Allows reading back the current IMA policy;

On Tue, 2015-10-20 at 10:26 +0300, Petko Manolov wrote: > On 15-10-19 14:21:42, Mimi Zohar wrote: > > On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote: > > > When in development it is useful to read back the IMA policy. This patch > > > provides

Re: [PATCH v4 2/3] Create IMA machine owner keys (MOK) and blacklist keyrings;

On Tue, 2015-10-20 at 18:33 +0300, Petko Manolov wrote: > On 15-10-20 11:21:43, Mimi Zohar wrote: > > On Tue, 2015-10-20 at 17:43 +0300, Petko Manolov wrote: > > > Thinking about the blacklist keyring some more... My concern is more that > > keys can be added and

Re: [PATCH v4 2/3] Create IMA machine owner keys (MOK) and blacklist keyrings;

On Tue, 2015-10-20 at 21:42 +0300, Petko Manolov wrote: > On 15-10-20 14:32:10, Mimi Zohar wrote: > > On Tue, 2015-10-20 at 18:33 +0300, Petko Manolov wrote: > > > > > > As far as i know there is no concept of write-once to a keyring in the > > > kernel. Dav

Re: [PATCH v4 3/3] Allows reading back the current IMA policy;

On Tue, 2015-10-20 at 15:10 +0300, Petko Manolov wrote: > On 15-10-20 08:00:29, Mimi Zohar wrote: > > On Tue, 2015-10-20 at 10:26 +0300, Petko Manolov wrote: > > > On 15-10-19 14:21:42, Mimi Zohar wrote: > > > > On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote:

[PULL REQUEST] IMA changes for 4.4

Hi James, This pull request is for a single bug fix from Dimtry to properly load only signed certificates onto the trusted IMA keyring from the kernel. (This patch has been in the linux-next tree). thanks, Mimi The following changes since commit 049e6dde7e57f0054fdc49102e7ef4830c698b46:

Re: [PATCH v4 3/3] Allows reading back the current IMA policy;

On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote: > When in development it is useful to read back the IMA policy. This patch > provides the functionality. However, this is a potential security hole so > it should not be used in production-grade kernels. Like the other IMA securityfs

Re: [PATCH v4 1/3] Enable multiple writes to the IMA policy;

On Mon, 2015-10-19 at 14:21 -0400, Mimi Zohar wrote: > On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote: > > diff --git a/security/integrity/ima/ima_fs.c > > b/security/integrity/ima/ima_fs.c > > index 816d175..a3cf5c0 100644 > > --- a/security/integrity/ima/

Re: [PATCH] Introduces generic __list_splice_init_rcu();

On Tue, 2015-10-06 at 11:37 -0700, Paul E. McKenney wrote: > On Sun, Sep 27, 2015 at 06:10:28PM +0300, Petko Manolov wrote: > > __list_splice_init_rcu() can be used to splice lists forming both stack and > > queue structures, depending on its arguments. It is based on the initial > >

Re: [PATCH v3 2/2] Adds ima_root_ca keyring;

On Thu, 2015-09-10 at 14:17 +0300, Petko Manolov wrote: > The .system keyring is populated at kernel build time and read-only while the > system is running. There is no way to dynamically add other user's CA so > .ima_root_ca was introduced as read-write keyring that stores these > certificates.

Re: [rfc] [patch] persistent IMA policy file

On Sun, 2015-09-27 at 18:23 +0300, Petko Manolov wrote: > On 15-09-23 23:06:54, Mimi Zohar wrote: > > On Tue, 2015-09-22 at 18:19 +0300, Petko Manolov wrote: > > > > > > Well, this is a sore point. I don't have sufficient knowledge about how > > > audit_rule_

Re: [PATCH 1/1] integrity: prevent loading untrusted certificates to IMA trusted keyring

On Thu, 2015-09-10 at 22:06 +0300, Dmitry Kasatkin wrote: > If IMA_LOAD_X509 is enabled either directly or indirectly via > IMA_APPRAISE_SIGNED_INIT, it enables certificate loading to the IMA trusted > keyring from the kernel. Due to the overlook, KEY_ALLOC_TRUSTED was used in > the >

Re: [RFC][Patch 1/1] IBAC Patch

On Tue, 2007-06-19 at 17:23 -0500, Serge E. Hallyn wrote: +#define get_file_security(file) ((unsigned long)(file-f_security)) +#define set_file_security(file, val) (file-f_security = (void *)val) + +#define get_task_security(task) ((unsigned long)(task-security)) +#define

Re: [RFC] [Patch 1/1] IBAC Patch

On Tue, 2007-03-13 at 19:27 -0700, Seth Arnold wrote: On Thu, Mar 08, 2007 at 05:58:16PM -0500, Mimi Zohar wrote: This is a request for comments for a new Integrity Based Access Control(IBAC) LSM module which bases access control decisions on the new integrity framework services. Thanks