linux/security
Kees Cook eba773596b LoadPin: Allow filesystem switch when not enforcing
For LoadPin to be used at all in a classic distro environment, it needs
to allow for switching filesystems (from the initramfs to the "real"
root filesystem). To allow for this, if the "enforce" mode is not set at
boot, reset the pinned filesystem tracking when the pinned filesystem
gets unmounted instead of invalidating further loads. Once enforcement
is set, it cannot be unset, and the pinning will stick.

This means that distros can build with CONFIG_SECURITY_LOADPIN=y, but with
CONFIG_SECURITY_LOADPIN_ENFORCE disabled, but after boot is running,
the system can enable enforcement:

  $ sysctl -w kernel.loadpin.enforced=1

Cc: Paul Moore <paul@paul-moore.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Link: https://lore.kernel.org/r/20221209195746.1366607-4-keescook@chromium.org
2023-01-19 15:18:20 -08:00
..
apparmor + Features 2022-12-14 13:42:09 -08:00
bpf
integrity fs.vfsuid.ima.v6.2-rc1 2022-12-21 08:13:01 -08:00
keys integrity-v6.2 2022-12-13 14:22:50 -08:00
landlock landlock: Support file truncation 2022-10-19 09:01:44 +02:00
loadpin LoadPin: Allow filesystem switch when not enforcing 2023-01-19 15:18:20 -08:00
lockdown lockdown: ratelimit denial messages 2022-09-14 07:37:50 -04:00
safesetid LSM: SafeSetID: Add setgroups() security policy handling 2022-07-15 18:24:42 +00:00
selinux lsm/stable-6.2 PR 20221212 2022-12-13 09:47:48 -08:00
smack lsm/stable-6.2 PR 20221212 2022-12-13 09:47:48 -08:00
tomoyo security: Create file_truncate hook from path_truncate hook 2022-10-19 09:01:40 +02:00
yama
commoncap.c lsm/stable-6.2 PR 20221212 2022-12-13 09:47:48 -08:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2022-11-16 18:28:55 -05:00
inode.c
Kconfig x86/retbleed: Add fine grained Kconfig knobs 2022-06-29 17:43:41 +02:00
Kconfig.hardening security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 2022-12-14 16:05:36 -08:00
lsm_audit.c audit: Fix some kernel-doc warnings 2022-10-28 06:37:55 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c
security.c lsm/stable-6.2 PR 20221212 2022-12-13 09:47:48 -08:00