All of lore.kernel.org
 help / color / mirror / Atom feed
From: dac.override@gmail.com (Dominick Grift)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] How to handle glibc-triggered behavior?
Date: Thu, 10 Dec 2015 16:56:59 +0100	[thread overview]
Message-ID: <20151210155658.GH22216@x250> (raw)
In-Reply-To: <56699FEC.4070701@tresys.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, Dec 10, 2015 at 10:53:16AM -0500, Christopher J. PeBenito wrote:
> On 12/10/2015 10:40 AM, Dominick Grift wrote:
> > On Thu, Dec 10, 2015 at 03:59:33PM +0100, Laurent Bigonville wrote:
> >> Hey,
> > 
> >> Le 21/12/14 13:15, Sven Vermeulen a ?crit :
> >>> glibc's malloc implementation, in multithreaded applications, might read
> >>> /proc/sys/vm/overcommit_memory to check if the heap can be shrunk or not
> >>> (when the allocated memory is part of the non-main arena). That means that
> >>> read access to sysctl_vm_t becomes a wide request.
> >>>
> >>> Not granting privileges might result in different memory behavior, where the
> >>> system administrator might have tuned/tweaked memory allocations on Linux,
> >>> but malloc() ignoring this due to SELinux denying access to the settings.
> >>>
> >>> I'm wondering how to properly tackle this. Granting this on a per-domain
> >>> level is probably not manageable, but granting this for all domains (through
> >>> the "domain" attribute) might be overshooting.
> >>>
> >>> Are there specific risks that I should take into account when granting read
> >>> access to sysctl_vm_t?
> >>>
> >> I'm bumping this again topic again.
> > 
> >> Is there anything blocking a fix for this?
> > 
> > if we decide to do anything like this then lets start by implementing a
> > proc_vm_overcommit_t type and associate that with
> > /proc/sys/vm/overcommit_memory so that we have more control over this.
> 
> There are a couple things:
> * Yes, to address this, it would warrant adding a new type for the
> sysctl, though I'd probably call it sysctl_vm_overcommit_t.

Agreed, that was a "typo" on my end

> * This should trigger some auditing of domains that have access to
> sysctl_vm_t to see if it is only because of this sysctl, and if so,
> adjust the access accordingly.
> 
> -- 
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

- -- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
https://sks-keyservers.net/pks/lookup?op=get&search=0x314883A202DFF788
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCgAGBQJWaaDEAAoJENAR6kfG5xmczSoL/RduwltBoEGjn56v7Jl3Nf4t
3UZayObpVRlRqhAp0HkO57KjWMYEbzlyfeRojF2/z74ikby39z8F1b0Phbjs+Xxr
6tUIReCxmkIIph/ZNkBZmxbyf6eFfwztxIA46r13PdUHQpnl6gs4jJ8cnxMmJlgK
O2NkmuXzg0X2gBEgQ80MVuG0y/KCH79kVKVXtHWezAfOSWp5UymFn96j0ag9ltOU
E3n7+/rGnRKMidp+f+wcEA52qNBz3FG9OeI0Yx5DBdtgN64DWK52KKCFvJzfcs1C
9fvMy3oxqIGYKD0oCjT58fxUrZKcCd+QnM7Hx3vxYRS5wbXMi8wXXCpiRfJoN6kT
cqpYIfUlDgDm5yFmj4/am7UmBtr0Hey58rD4IiACc1ov3jSQcpINWKfJLfmhDznY
rhYUI9bMJZ5EjGLKf9mFFvoIMOHrnPeByAfT8dcocLlPaKKbOGbCyR/O3YROk5+D
oOGotA1GKs3TfF+4WQbRElcNzLLvmlcqjNoiwZGmhQ==
=NN34
-----END PGP SIGNATURE-----

  reply	other threads:[~2015-12-10 15:56 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-21 12:15 [refpolicy] How to handle glibc-triggered behavior? Sven Vermeulen
2015-01-12 14:03 ` Christopher J. PeBenito
2015-04-03 13:47   ` Miroslav Grepl
2015-04-03 15:44     ` Dominick Grift
2015-12-10 14:59 ` Laurent Bigonville
2015-12-10 15:11   ` Dominick Grift
2015-12-10 15:13     ` Dominick Grift
2015-12-10 15:44       ` Christopher J. PeBenito
2015-12-10 15:49         ` Dominick Grift
2015-12-10 15:51           ` Dominick Grift
2015-12-10 15:20   ` Dominick Grift
2015-12-10 15:29     ` Dominick Grift
2015-12-10 15:40   ` Dominick Grift
2015-12-10 15:53     ` Christopher J. PeBenito
2015-12-10 15:56       ` Dominick Grift [this message]
2015-12-10 16:00       ` Dominick Grift

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151210155658.GH22216@x250 \
    --to=dac.override@gmail.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.