Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]

From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Date: Thu, 9 Aug 2007 10:59:26 -0700 (PDT)

--- Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:

On Thu, 2007-08-09 at 10:07 -0700, Casey Schaufler wrote:

--- David Howells <dhowells@xxxxxxxxxx> wrote:

Permit an inode's security ID to be obtained by the CacheFiles module.

This

is
then used as the SID with which files and directories will be created in

the

cache.

This is SELinux specific functionality. It should not be an LSM
interface.

Odd, you proposed exactly the same hook (aside from naming convention
and secid as argument vs. as retval) in recent postings on linux-audit
and selinux list for use by the audit system.

And that's exposing SELinux specific functionality too. And I don't
like the fact that the audit system already requires a secid interface.
The audit system, however, does not use the secid for anything other
than a handle that gets passed around and eventually used to get the
data that goes into the audit record. It's annoying, but harmless and
does not affect any access control decisions. The change proposed here
would use the secid in access control decisions. The LSM interface
ought not to be exposing module specific internal data structures. My
work on pulling selinux code out of audit left the secid interface
in place. You're right in that audit should get fixed. I had been
hoping to make that a phase II activity.

Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

References:
- Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
  - From: Stephen Smalley

Prev by Date: Re: [PATCH 23/25] [PATCH] paravirt hooks for arch initialization
Next by Date: Re: [PATCH] make atomic_t volatile on all architectures
Previous by thread: Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
Next by thread: Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
Index(es):
- Date
- Thread

Relevant Pages

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel
... LSM interface, on the other hand, allowed me to drastically reduce ... has a policy that is program behavior oriented, Smack is strictly ... SELinux is also based on subjects and objects grouped into ...
(Linux-Kernel)
Re: 2.6.24-rc6-mm1 - git-lblnet.patch and networking horkage
... tcl tests won't run without an external interface). ... SELinux: Convert the netif code to use ifindex values ... permissive and enforcing mode without generating any log messages. ... I suggest dropping the patchset from -mm until Paul gets back from ...
(Linux-Kernel)
Re: Q on audit, audit-syscall
... you want to look at SELinux or perhaps a custom LSM. ... but I rather start bottom up: ... SELinux has a dependency on CONFIG_AUDIT these days because it uses the ... switched to the audit system when it was mainstreamed), ...
(Linux-Kernel)
Re: How best get rid of SELinux?
... ahead of the SELinux messages. ... something, when the interface is not currently accessible, and there's ... it's a question of audience. ... SELinux take lessons from ZA, but only that the technical writers who put ...
(Fedora)
Re: [PATCH 1/1] security: introduce fs caps
... Background why I use the patch: ... Qemu uses tuntap to create a tap interface as a virtual net interface. ... this mutually exclusive from selinux through config, ...
(Linux-Kernel)