On 2/2/22 11:04, Mimi Zohar wrote:

On Wed, 2022-02-02 at 09:40 -0500, Stefan Berger wrote:

quoted

On 2/2/22 09:13, Christian Brauner wrote:

quoted

On Tue, Feb 01, 2022 at 03:37:08PM -0500, Stefan Berger wrote:

quoted

v10:
   - Added A-b's; addressed issues from v9
   - Added 2 patches to support freeing of iint after namespace deletion
   - Added patch to return error code from securityfs functions
   - Added patch to limit number of policy rules in IMA-ns to 1024

I'm going to go take a lighter touch with this round of reviews.
First, because I have February off. :)
Second, because I think that someone who is more familiar with IMA and
its requirements should take another look to provide input and ask more
questions. Last time I spoke to Serge he did want to give this a longer
look and maybe also has additional questions.

The one problem I am seeing is that we probably cannot support auditing
in IMA namespaces since every user can now create an IMA namespace.
Unless auditing was namespaced, the way it is now gives too much control
to the user to flood the host audit log.

Stefan, we need to differentiate between the different types of audit
records being produced by IMA.  Some of these are informational, like
the policy rules being loaded or "Time of Measure, Time of Use"
(ToMToU) records.  When we discuss IMA-audit we're referring to the
file hashes being added in the audit log.  These are the result of the
IMA "audit" policy rules.

How much of these informational messages should be audited in IMA
namespaces still needs to be discussed.  For now, feel free to limit
the audit messages to just the file hashes.

I doubt we should let a user produce informational audit messages or 
audit messages related to file hashes... it's unfortunate, but it opens 
a door for abuse.

thanks,

Mimi