Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA

[PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
[PATCH v3 2/9] ima: Always return a file measurement in ima_file_hash() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
Re: [PATCH v3 2/9] ima: Always return a file measurement in ima_file_hash() · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-06
[PATCH v3 1/9] ima: Fix documentation-related warnings in ima_main.c · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
Re: [PATCH v3 1/9] ima: Fix documentation-related warnings in ima_main.c · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-06
[PATCH v3 4/9] selftests/bpf: Move sample generation code to ima_test_common() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
[PATCH v3 3/9] bpf-lsm: Introduce new helper bpf_ima_file_hash() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
[PATCH v3 6/9] selftests/bpf: Check if the digest is refreshed after a file write · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
[PATCH v3 7/9] bpf-lsm: Make bpf_lsm_kernel_read_file() as sleepable · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
[PATCH v3 8/9] selftests/bpf: Add test for bpf_lsm_kernel_read_file() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
[PATCH v3 9/9] selftests/bpf: Check that bpf_kernel_read_file() denies reading IMA policy · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
[PATCH v3 5/9] selftests/bpf: Add test for bpf_ima_file_hash() · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-02
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Alexei Starovoitov <hidden> · 2022-03-02
RE: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-03
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-03
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · KP Singh <kpsingh@kernel.org> · 2022-03-03
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-03
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · KP Singh <kpsingh@kernel.org> · 2022-03-03
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-03
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Alexei Starovoitov <hidden> · 2022-03-03
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-07
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · KP Singh <kpsingh@kernel.org> · 2022-03-07
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-07
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-06
RE: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · Roberto Sassu <roberto.sassu@huawei.com> · 2022-03-07
Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA · patchwork-bot+netdevbpf@kernel.org · 2022-03-11

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2022-03-06 19:24:19
Also in: bpf, linux-integrity, linux-kselftest, lkml, netdev

On Wed, 2022-03-02 at 12:13 +0100, Roberto Sassu wrote:

Extend the interoperability with IMA, to give wider flexibility for the
implementation of integrity-focused LSMs based on eBPF.

Patch 1 fixes some style issues.

Patches 2-6 give the ability to eBPF-based LSMs to take advantage of the
measurement capability of IMA without needing to setup a policy in IMA
(those LSMs might implement the policy capability themselves).

Patches 7-9 allow eBPF-based LSMs to evaluate files read by the kernel.

The tests seem to only work when neither a builtin IMA policy or a
custom policy is previously loaded.

thanks,

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help