[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <66b57ae5-bb5a-c008-8490-2c90e050fc65@landley.net>
Date: Tue, 14 May 2019 01:06:45 -0500
From: Rob Landley <rob@...dley.net>
To: Mimi Zohar <zohar@...ux.ibm.com>,
Arvind Sankar <nivedita@...m.mit.edu>
Cc: Arvind Sankar <niveditas98@...il.com>,
Roberto Sassu <roberto.sassu@...wei.com>,
linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-integrity@...r.kernel.org,
initramfs@...r.kernel.org
Subject: Re: [PATCH v2 0/3] initramfs: add support for xattrs in the initial
ram disk
On 5/13/19 5:09 PM, Mimi Zohar wrote:
>> Ok, but wouldn't my idea still work? Leave the default compiled-in
>> policy set to not appraise initramfs. The embedded /init sets all the
>> xattrs, changes the policy to appraise tmpfs, and then exec's the real
>> init? Then everything except the embedded /init and the file with the
>> xattrs will be appraised, and the embedded /init was verified as part of
>> the kernel image signature. The only additional kernel change needed
>> then is to add a config option to the kernel to disallow overwriting the
>> embedded initramfs (or at least the embedded /init).
>
> Yes and no. The current IMA design allows a builtin policy to be
> specified on the boot command line ("ima_policy="), so that it exists
> from boot, and allows it to be replaced once with a custom policy.
> After that, assuming that CONFIG_IMA_WRITE_POLICY is configured,
> additional rules may be appended. As your embedded /init solution
> already replaces the builtin policy, the IMA policy couldn't currently
> be replaced a second time with a custom policy based on LSM labels.
So your design assumption you're changing other code to work around in that
instance is the policy can only be replaced once rather than having a "finalize"
option when it's set, making it immutable from then on.
Rob
Powered by blists - more mailing lists