From: "Stephen C. Tweedie" <sct@redhat.com>
To: Stephen Smalley <sds@tislabs.com>
Cc: "Stephen C. Tweedie" <sct@redhat.com>,
Russell Coker <russell@coker.com.au>,
linux-kernel@vger.kernel.org, linux-security-module@wirex.com
Subject: Re: [PATCH] remove sys_security
Date: Wed, 23 Oct 2002 15:54:57 +0100 [thread overview]
Message-ID: <20021023155457.L2732@redhat.com> (raw)
In-Reply-To: <Pine.GSO.4.33.0210230942210.7042-100000@raven>; from sds@tislabs.com on Wed, Oct 23, 2002 at 10:27:27AM -0400
Hi,
On Wed, Oct 23, 2002 at 10:27:27AM -0400, Stephen Smalley wrote:
> On Wed, 23 Oct 2002, Stephen C. Tweedie wrote:
> > setfsuid() creates credentials which are _only_ applied to file
> > operations. The namespace happens to be the same one that applies to
> > processes, but there's nothing that requires that to be the case
> Would we need a separate call for setting the SIDs to use for each
> "namespace", i.e. fs (for open, mkdir, mknod, and symlink calls), IPC
> (for semget, msgget, and shmget calls), process (for execve calls), and
> socket (for socket, connect, listen, sendmsg, and sendto calls, requiring
> two SIDs for send*)?
The BSD socket API already has a clean and extensible way of dealing
with multiple namespaces, so there's plenty of precedent about how to
do this without requiring multiple syscalls.
> While your approach would work for calls that take input SID parameters,
> what about the various calls that return SIDs either directly or via
> output SID parameters, e.g. extended forms of *stat, msgrcv, recvmsg,
> getpeername/accept plus new calls like (sem|shm|msg)sid and getsecsid?
Good question --- what is the reason you need these, and are other
security modules likely to need similar functionality? If so, there's
an argument for new syscalls which take a credentials/sid area as a
return argument.
--Stephen
next prev parent reply other threads:[~2002-10-23 14:48 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-17 18:50 [PATCH] remove sys_security Christoph Hellwig
2002-10-17 18:53 ` Greg KH
2002-10-17 18:58 ` Christoph Hellwig
2002-10-17 19:07 ` Greg KH
2002-10-17 20:04 ` Christoph Hellwig
2002-10-17 20:10 ` Greg KH
2002-10-17 20:12 ` Christoph Hellwig
2002-10-18 7:04 ` Crispin Cowan
2002-10-18 7:07 ` David S. Miller
2002-10-18 8:31 ` Crispin Cowan
2002-10-18 8:29 ` David S. Miller
2002-10-18 12:52 ` Christoph Hellwig
2002-10-18 15:04 ` Greg KH
2002-10-19 2:05 ` Crispin Cowan
2002-10-18 7:11 ` Greg KH
2002-10-18 7:28 ` Alexander Viro
2002-10-18 9:02 ` Crispin Cowan
2002-10-18 13:05 ` Christoph Hellwig
2002-10-18 15:14 ` Valdis.Kletnieks
2002-10-18 15:18 ` Christoph Hellwig
2002-10-18 16:30 ` Russell Coker
2002-10-18 16:33 ` Christoph Hellwig
2002-10-18 16:53 ` Greg KH
2002-10-18 16:54 ` Russell Coker
2002-10-18 17:15 ` Stephen Smalley
2002-10-18 22:36 ` Chris Wright
2002-10-21 13:54 ` Mike Wray
2002-10-21 14:09 ` Christoph Hellwig
2002-10-21 16:44 ` Mike Wray
2002-10-21 17:36 ` Christoph Hellwig
2002-10-18 20:36 ` David Wagner
2002-10-18 17:44 ` Stephen Smalley
2002-10-18 16:38 ` Russell Coker
2002-10-18 16:52 ` Richard B. Johnson
2002-10-18 9:09 ` David Wagner
2002-10-18 10:14 ` Russell Coker
2002-10-18 12:50 ` Christoph Hellwig
2002-10-17 20:30 ` Jeff Garzik
2002-10-17 21:00 ` Russell Coker
2002-10-17 21:10 ` Jeff Garzik
2002-10-17 21:37 ` Russell Coker
2002-10-17 21:49 ` Alexander Viro
2002-10-17 22:14 ` Russell Coker
2002-10-17 22:22 ` Andreas Dilger
2002-10-23 0:35 ` Stephen C. Tweedie
2002-10-23 11:43 ` Russell Coker
2002-10-23 11:59 ` Stephen C. Tweedie
2002-10-23 14:27 ` Stephen Smalley
2002-10-23 14:54 ` Stephen C. Tweedie [this message]
2002-10-23 16:09 ` Stephen Smalley
2002-10-23 16:24 ` Christoph Hellwig
2002-10-23 16:34 ` Stephen Smalley
2002-10-23 16:36 ` Christoph Hellwig
2002-10-23 16:51 ` Stephen Smalley
2002-10-24 6:26 ` Nathan Scott
2002-10-24 8:45 ` Russell Coker
2002-10-17 20:45 ` Russell Coker
2002-10-21 13:57 ` Alan Cox
2002-10-21 21:12 ` Crispin Cowan
2002-10-21 21:17 ` Greg KH
2002-10-22 12:22 ` Stephen Smalley
2002-10-17 20:20 ` Russell Coker
2002-10-17 20:27 ` Christoph Hellwig
2002-10-17 20:28 ` Greg KH
2002-10-17 19:05 ` Alexander Viro
2002-10-17 20:18 ` David S. Miller
2002-10-17 20:36 ` Greg KH
2002-10-17 20:38 ` David S. Miller
2002-10-17 20:58 ` Greg KH
2002-10-17 20:58 ` David S. Miller
2002-10-17 22:09 ` Greg KH
2002-10-17 22:07 ` David S. Miller
2002-10-17 22:19 ` Greg KH
2002-10-18 8:00 ` Crispin Cowan
2002-10-18 7:57 ` David S. Miller
2002-10-18 13:08 ` Christoph Hellwig
2002-10-17 21:54 ` David Wagner
2002-10-17 22:36 ` David S. Miller
2002-10-17 23:04 ` Chris Wright
2002-10-17 23:08 ` David S. Miller
2002-10-18 14:24 ` Jakob Oestergaard
2002-10-17 22:51 ` Andreas Steinmetz
2002-10-17 22:51 ` David S. Miller
2002-10-18 17:47 ` Daniel Egger
2002-10-17 23:00 ` Jeff Garzik
2002-10-17 22:56 ` David S. Miller
2002-10-17 23:09 ` Greg KH
2002-10-17 23:10 ` Chris Wright
2002-10-17 23:10 ` Andreas Steinmetz
2002-10-18 13:11 ` Christoph Hellwig
2002-10-17 23:11 ` Greg KH
[not found] <20021017201030.GA384@kroah.com.suse.lists.linux.kernel>
[not found] ` <20021017211223.A8095@infradead.org.suse.lists.linux.kernel>
[not found] ` <3DAFB260.5000206@wirex.com.suse.lists.linux.kernel>
[not found] ` <20021018.000738.05626464.davem@redhat.com.suse.lists.linux.kernel>
[not found] ` <3DAFC6E7.9000302@wirex.com.suse.lists.linux.kernel>
2002-10-18 9:25 ` Andi Kleen
2002-10-18 9:36 ` Crispin Cowan
2002-10-18 9:44 ` Andi Kleen
2002-10-18 9:55 ` Russell Coker
2002-10-18 10:13 ` Andi Kleen
2002-10-18 17:24 ` Rik van Riel
2002-10-18 11:43 ` Andreas Ferber
[not found] <20021023155457.L2732@redhat.com.suse.lists.linux.kernel>
[not found] ` <Pine.GSO.4.33.0210231112420.7042-100000@raven.suse.lists.linux.kernel>
2002-10-23 16:33 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021023155457.L2732@redhat.com \
--to=sct@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=russell@coker.com.au \
--cc=sds@tislabs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.