On 7/16/20 12:45 PM, Stephen Smalley wrote:
On Thu, Jul 16, 2020 at 3:13 PM Lakshmi Ramasubramanian
<nramas@xxxxxxxxxxxxxxxxxxx> wrote:
On 7/16/20 11:54 AM, Stephen Smalley wrote:
Not sure about this error handling approach (silent, proceeding as if
the length was zero and then later failing with ENOMEM on every
attempt?). I'd be more inclined to panic/BUG here but I know Linus
doesn't like that.
I am not sure if failing (kernel panic/BUG) to "measure" LSM data under
memory pressure conditions is the right thing. But I am open to treating
this error as a fatal error. Please let me know.
Let's at least log an error message since it otherwise silently
disables all measuring of security state.
Agree - will log error messages as appropriate.
Also not sure why we bother returning errors from
selinux_measure_data() since nothing appears to check or use the
result.
Maybe SELinux can log audit messages on failures, but I guess it may be
better to do that closer to where the error occurs.
Will change selinux_measure_data() to void function.
Don't know if integrity/IMA has any equivalent to the audit
subsystem's concept of audit_failure settings to control whether
errors that prevent auditing (measuring) are handled silently, with a
log message, or via a panic. If not, I guess that can be explored
separately.
Yes - integrity subsystem logs audit messages for errors\failures.
-lakshmi
