On Thu, Jul 09, 2020 at 12:51:34PM +0200, mwi...@suse.com wrote:
> From: Martin Wilck
>
> With the introduction of INIT_REMOVED, we have to deal with the situation
> when a path is re-added in this state. This enables us to detect the
> situation where a path is added while still part of a map
On Thu, Jul 09, 2020 at 12:51:32PM +0200, mwi...@suse.com wrote:
> From: Martin Wilck
>
> If we don't do this, pathinfo() will fail on these paths, causing
> adopt_paths() to fail.
>
This is probably unnecessary, but it seems safer to make sure that
pp->mpp is set to mpp, before bailing out on
On 7/17/20 4:09 PM, Deven Bowers wrote:
> +config SECURITY_IPE_PERMISSIVE_SWITCH
> + bool "Enable the ability to switch IPE to permissive mode"
> + default y
> + help
> + This option enables two ways of switching IPE to permissive mode,
> + a sysctl (if enabled),
Adds the policy parser and the policy loading to IPE, along with the
related sysfs, securityfs entries, and audit events.
Signed-off-by: Deven Bowers
---
security/ipe/Kconfig |2 +
security/ipe/Makefile|2 +
security/ipe/ipe-audit.c | 87 +-
Add a property for IPE policy to express trust of the first superblock
where a file would be evaluated to determine trust.
Signed-off-by: Deven Bowers
---
security/ipe/Kconfig| 2 +
security/ipe/Makefile | 4 ++
security/ipe/ipe-engine.c |
Add a security hook call to set a security property of a block_device
in dm-verity with the root-hash that was verified to match the merkel-tree.
Signed-off-by: Deven Bowers
---
drivers/md/dm-verity-target.c | 8
include/linux/device-mapper.h | 1 +
2 files changed, 9 insertions(+)
Overview:
IPE is a Linux Security Module which allows for a configurable
policy to enforce integrity requirements on the whole system. It
attempts to solve the issue of Code Integrity: that any code being
executed (or files being read), are identical to the
Add IPE's documentation to the kernel tree.
Signed-off-by: Deven Bowers
Acked-by: Jonathan Corbet
---
Documentation/admin-guide/LSM/index.rst | 1 +
Documentation/admin-guide/LSM/ipe.rst | 508
MAINTAINERS | 1 +
3 files changed, 510
Add a security blob and associated allocation, deallocation and set hooks
for a block_device structure.
Signed-off-by: Deven Bowers
---
fs/block_dev.c| 8 +
include/linux/fs.h| 1 +
include/linux/lsm_hook_defs.h | 5 +++
include/linux/lsm_hooks.h | 11
Add a property to allow IPE policy to express rules around a specific
root-hash of a dm-verity volume.
This can be used for revocation, (when combined with the previous dm-verity
property) or the authorization of a single dm-verity volume.
Signed-off-by: Deven Bowers
---
The CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG introduced by Jaskaran was
intended to be used to allow an LSM to enforce verifications for all
dm-verity volumes.
However, with it's current implementation, this signature verification
occurs after the merkel-tree is validated, as a result the signature
Add a security hook call to set a security property of a block_device
in dm-verity with the results of a verified, signed root-hash.
Signed-off-by: Deven Bowers
---
drivers/md/dm-verity-verify-sig.c | 7 +++
include/linux/device-mapper.h | 2 ++
2 files changed, 9 insertions(+)
diff
Add a tool for the generation of an IPE policy to be compiled into the
kernel. This policy will be enforced until userland deploys and activates
a new policy.
Signed-off-by: Deven Bowers
---
MAINTAINERS | 6 ++
scripts/Makefile | 1 +
scripts/ipe/Makefile
Add the core logic of the IPE LSM, the evaluation loop (engine),
a portion of the audit system, and the skeleton of the policy
structure.
Signed-off-by: Deven Bowers
---
MAINTAINERS | 1 +
include/uapi/linux/audit.h | 4 +
security/Kconfig | 12 +-
Remove trailing whitespaces and align the integrity #defines in
linux/uapi/audit.h
Signed-off-by: Deven Bowers
---
include/uapi/linux/audit.h | 32
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/include/uapi/linux/audit.h
On Thu, Jul 09, 2020 at 12:36:15PM +0200, mwi...@suse.com wrote:
> From: Martin Wilck
>
> Since 65e1845 ("multipath: call store_pathinfo with DI_BLACKLIST"), we
> use DI_BLACKLIST for new paths. There's no reason why we shouldn't do the
> same with paths which are (unexpectedly) already in
On Thu, Jul 09, 2020 at 12:36:13PM +0200, mwi...@suse.com wrote:
> From: Martin Wilck
>
> If pathinfo fails for one path to be adopted, we currently
> fail the entire function. This may cause ev_add_path() for a valid
> path to fail because some other path is broken. Fix it by just
> skipping
On 7/16/2020 2:55 PM, Herbert Xu wrote:
> Eric Biggers wrote:
>> This series introduces a flag that algorithms can set to indicate that
>> they allocate memory during processing of typical inputs, and thus
>> shouldn't be used in cases like dm-crypt where memory allocation
>> failures aren't
On 2020-04-15 09:25:41, deven.de...@linux.microsoft.com wrote:
> From: Deven Bowers
>
> Adds the policy parser and the policy loading to IPE, along with the
> related sysfs, securityfs entries, and audit events.
>
> Signed-off-by: Deven Bowers
> ---
...
> diff --git
19 matches
Mail list logo
