| From: |
| Kees Cook <keescook@chromium.org> |
| To: |
| James Morris <jmorris@namei.org> |
| Subject: |
| [PATCH v2 0/5] LSM: LoadPin for kernel file loading restrictions |
| Date: |
| Mon, 28 Mar 2016 14:14:17 -0700 |
| Message-ID: |
| <1459199662-16558-1-git-send-email-keescook@chromium.org> |
| Cc: |
| Kees Cook <keescook@chromium.org>, "Serge E. Hallyn" <serge@hallyn.com>, Andrew Morton <akpm@linux-foundation.org>, Kalle Valo <kvalo@codeaurora.org>, Mauro Carvalho Chehab <mchehab@osg.samsung.com>, Joe Perches <joe@perches.com>, Guenter Roeck <linux@roeck-us.net>, Jiri Slaby <jslaby@suse.com>, Paul Moore <pmoore@redhat.com>, Stephen Smalley <sds@tycho.nsa.gov>, Mimi Zohar <zohar@linux.vnet.ibm.com>, Casey Schaufler <casey@schaufler-ca.com>, Andreas Gruenbacher <agruenba@redhat.com>, Andy Shevchenko <andriy.shevchenko@linux.intel.com>, Rasmus Villemoes <linux@rasmusvillemoes.dk>, Ulf Hansson <ulf.hansson@linaro.org>, Vitaly Kuznetsov <vkuznets@redhat.com>, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org |
| Archive‑link: | |
Article |
This provides the mini-LSM "loadpin" that intercepts the now consolidated
kernel_file_read LSM hook so that a system can keep all loads coming from
a single trusted filesystem. This is what Chrome OS uses to pin kernel
module and firmware loading to the read-only crypto-verified dm-verity
partition so that kernel module signing is not needed.
-Kees
v2:
- break out utility helpers into separate functions
- have Yama use new helpers too
