Re: ext4_has_free_blocks always checks cap_sys_resource and makes SELinux unhappy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Paris <eparis@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linux-ext4@vger.kernel.org, selinux@tycho.nsa.gov,
	esandeen@redhat.com, tytso@mit.edu, dwalsh@redhat.com,
	linux-security-module@vger.kernel.org
Subject: Re: ext4_has_free_blocks always checks cap_sys_resource and makes SELinux unhappy
Date: Fri, 24 Oct 2008 13:28:32 -0400	[thread overview]
Message-ID: <1224869312.3404.80.camel@localhost.localdomain> (raw)
In-Reply-To: <1224860899.9353.6.camel@moss-spartans.epoch.ncsc.mil>

On Fri, 2008-10-24 at 11:08 -0400, Stephen Smalley wrote:
> On Fri, 2008-10-24 at 11:05 -0400, Eric Paris wrote:

> > Do others have thoughts?
> 
> Seems similar to the vm_enough_memory() case, where we likewise
> introduced a separate security hook that internally checks without
> auditing.
> 
> The OOM killer likewise ought to be using a non-auditing form of
> capability checks.

So would you suggest a generic non-auditing capability checking
mechanism or a specific hook for "things to use"

* capable_noaudit(current, cap)
* security_capable_noaudit(current, cap)
* security_cap_sys_resource(current)

Looks like oom also checks CAP_SYS_ADMIN so maybe a generic cap
interface would be best.

esandeen: I still think it would be a good idea to simplify
ext4_claim_free_blocks() and ext4_has_free_blocks() which seems to have
a lot of code duplication and both have the unconditional capable
calls...

-Eric

WARNING: multiple messages have this Message-ID (diff)

From: Eric Paris <eparis@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linux-ext4@vger.kernel.org, selinux@tycho.nsa.gov,
	esandeen@redhat.com, tytso@mit.edu, dwalsh@redhat.com,
	linux-security-module@vger.kernel.org
Subject: Re: ext4_has_free_blocks always checks cap_sys_resource and makes SELinux unhappy
Date: Fri, 24 Oct 2008 13:28:32 -0400	[thread overview]
Message-ID: <1224869312.3404.80.camel@localhost.localdomain> (raw)
In-Reply-To: <1224860899.9353.6.camel@moss-spartans.epoch.ncsc.mil>

On Fri, 2008-10-24 at 11:08 -0400, Stephen Smalley wrote:
> On Fri, 2008-10-24 at 11:05 -0400, Eric Paris wrote:

> > Do others have thoughts?
> 
> Seems similar to the vm_enough_memory() case, where we likewise
> introduced a separate security hook that internally checks without
> auditing.
> 
> The OOM killer likewise ought to be using a non-auditing form of
> capability checks.

So would you suggest a generic non-auditing capability checking
mechanism or a specific hook for "things to use"

* capable_noaudit(current, cap)
* security_capable_noaudit(current, cap)
* security_cap_sys_resource(current)

Looks like oom also checks CAP_SYS_ADMIN so maybe a generic cap
interface would be best.

esandeen: I still think it would be a good idea to simplify
ext4_claim_free_blocks() and ext4_has_free_blocks() which seems to have
a lot of code duplication and both have the unconditional capable
calls...

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2008-10-24 17:28 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-24 15:05 ext4_has_free_blocks always checks cap_sys_resource and makes SELinux unhappy Eric Paris
2008-10-24 15:05 ` Eric Paris
2008-10-24 15:08 ` Stephen Smalley
2008-10-24 15:08   ` Stephen Smalley
2008-10-24 17:28   ` Eric Paris [this message]
2008-10-24 17:28     ` Eric Paris
2008-10-24 17:38     ` Stephen Smalley
2008-10-24 17:38       ` Stephen Smalley
2008-10-24 16:56 ` Eric Sandeen
2008-10-24 19:00   ` Mingming Cao
2008-10-24 19:02     ` Eric Sandeen
2008-10-27  1:39 ` Eric Sandeen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1224869312.3404.80.camel@localhost.localdomain \
    --to=eparis@redhat.com \
    --cc=dwalsh@redhat.com \
    --cc=esandeen@redhat.com \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.