| From: |
| Kees Cook <keescook@chromium.org> |
| To: |
| James Morris <jmorris@namei.org> |
| Subject: |
| [PATCH v5 0/6] LSM: LoadPin for kernel file loading restrictions |
| Date: |
| Wed, 20 Apr 2016 15:46:22 -0700 |
| Message-ID: |
| <1461192388-13900-1-git-send-email-keescook@chromium.org> |
| Cc: |
| Kees Cook <keescook@chromium.org>, Mimi Zohar <zohar@linux.vnet.ibm.com>, Joe Perches <joe@perches.com>, Andy Shevchenko <andriy.shevchenko@linux.intel.com>, Andrew Morton <akpm@linux-foundation.org>, "Serge E. Hallyn" <serge@hallyn.com>, Jonathan Corbet <corbet@lwn.net>, Kalle Valo <kvalo@codeaurora.org>, Mauro Carvalho Chehab <mchehab@osg.samsung.com>, Guenter Roeck <linux@roeck-us.net>, Jiri Slaby <jslaby@suse.com>, Paul Moore <pmoore@redhat.com>, Stephen Smalley <sds@tycho.nsa.gov>, Casey Schaufler <casey@schaufler-ca.com>, Andreas Gruenbacher <agruenba@redhat.com>, Rasmus Villemoes <linux@rasmusvillemoes.dk>, Ulf Hansson <ulf.hansson@linaro.org>, Vitaly Kuznetsov <vkuznets@redhat.com>, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org |
| Archive‑link: | |
Article |
This provides the mini-LSM "loadpin" that intercepts the now consolidated
kernel_file_read LSM hook so that a system can keep all loads coming from
a single trusted filesystem. This is what Chrome OS uses to pin kernel
module and firmware loading to the read-only crypto-verified dm-verity
partition so that kernel module signing is not needed.
-Kees
v5:
- replace enum-to-str code, mimi
v4:
- add missing "const" to char * src, joe
v3:
- changed module parameter to "loadpin.enabled"
- add sysctl docs, akpm
- add general use function for enum, zohar
- add gfp_t, joe
- clean up loops, andriy.shevchenko
- reduce BUG_ON to WARN_ON, joe
v2:
- break out utility helpers into separate functions
- have Yama use new helpers too