From: Paul Moore <pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
Cc: Stephen Smalley <sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
Paul Osmialowski
<p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>,
James Morris
<james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
"Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Tetsuo Handa
<penguin-kernel-1yMVhJb1mP/7nzcFbJAaVXf5DAMn2ifp@public.gmane.org>,
Neil Brown <neilb-l3A5Bk7waGM@public.gmane.org>,
Mark Rustad
<mark.d.rustad-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Daniel Mack <daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org>,
David Herrmann
<dh.herrmann-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>,
Djalal Harouni <tixxdz-Umm1ozX2/EEdnm+yROfE0A@public.gmane.org>,
Shuah Khan <shuahkh-JPH+aEBZ4P+UEJcrhfAQsw@public.gmane.org>,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Karol Lewandowski
<k.lewandowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>,
Lukasz Skalski
<l.skalski-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
Subject: Re: [RFC 4/8] lsm: smack: smack callbacks for kdbus security hooks
Date: Wed, 08 Jul 2015 16:07:11 -0400 [thread overview]
Message-ID: <2412238.IhG4IMMuSs@sifl> (raw)
In-Reply-To: <559D5201.6060400-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
On Wednesday, July 08, 2015 09:38:25 AM Casey Schaufler wrote:
> On 7/8/2015 6:42 AM, Stephen Smalley wrote:
> > On 07/08/2015 06:25 AM, Paul Osmialowski wrote:
...
> > If Smack only truly needs 3 hooks, then it begs the question of why
> > there are so many other hooks defined. Are the other hooks just to
> > support finer-grained distinctions, or is Smack's coverage incomplete?
>
> I haven't been following kdbus closely for a while, but the original
> intent for Smack and kdbus was that it Smack controls would be on the
> objects involved, and that to accomplish that only a small number of
> hooks would be necessary. After all, Smack uses fewer hooks than SELinux
> on other things. I do agree that without a user there is no point in
> having hooks. If SELinux requires the other hooks we might want to
> hold off on asking for the hooks until the SELinux implementation is
> exposed. I also think that AppArmor should be examined as a potential
> user of the hooks, just to make sure the hooks aren't excessively
> oriented toward subject/object based security modules.
In Paul O.'s defense, we did have some discussion about the reasons for these
hooks, although that seems like ages ago and I would need to dig through the
archives (my inbox?) to find the reasoning for each.
However, I don't remember being very comfortable with the hooks back them
largely due to uncertainty about how we were treating kdbus with respect to
subjects/objects. I think it's worth restarting that discussion now before we
nit pick the patches themselves.
--
paul moore
security @ redhat
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <pmoore@redhat.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
Paul Osmialowski <p.osmialowsk@samsung.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Kees Cook <keescook@chromium.org>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Neil Brown <neilb@suse.de>, Mark Rustad <mark.d.rustad@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Daniel Mack <daniel@zonque.org>,
David Herrmann <dh.herrmann@googlemail.com>,
Djalal Harouni <tixxdz@opendz.org>,
Shuah Khan <shuahkh@osg.samsung.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
Karol Lewandowski <k.lewandowsk@samsung.com>,
Lukasz Skalski <l.skalski@samsung.com>
Subject: Re: [RFC 4/8] lsm: smack: smack callbacks for kdbus security hooks
Date: Wed, 08 Jul 2015 16:07:11 -0400 [thread overview]
Message-ID: <2412238.IhG4IMMuSs@sifl> (raw)
In-Reply-To: <559D5201.6060400@schaufler-ca.com>
On Wednesday, July 08, 2015 09:38:25 AM Casey Schaufler wrote:
> On 7/8/2015 6:42 AM, Stephen Smalley wrote:
> > On 07/08/2015 06:25 AM, Paul Osmialowski wrote:
...
> > If Smack only truly needs 3 hooks, then it begs the question of why
> > there are so many other hooks defined. Are the other hooks just to
> > support finer-grained distinctions, or is Smack's coverage incomplete?
>
> I haven't been following kdbus closely for a while, but the original
> intent for Smack and kdbus was that it Smack controls would be on the
> objects involved, and that to accomplish that only a small number of
> hooks would be necessary. After all, Smack uses fewer hooks than SELinux
> on other things. I do agree that without a user there is no point in
> having hooks. If SELinux requires the other hooks we might want to
> hold off on asking for the hooks until the SELinux implementation is
> exposed. I also think that AppArmor should be examined as a potential
> user of the hooks, just to make sure the hooks aren't excessively
> oriented toward subject/object based security modules.
In Paul O.'s defense, we did have some discussion about the reasons for these
hooks, although that seems like ages ago and I would need to dig through the
archives (my inbox?) to find the reasoning for each.
However, I don't remember being very comfortable with the hooks back them
largely due to uncertainty about how we were treating kdbus with respect to
subjects/objects. I think it's worth restarting that discussion now before we
nit pick the patches themselves.
--
paul moore
security @ redhat
next prev parent reply other threads:[~2015-07-08 20:07 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-08 10:25 [RFC 0/8] Introduce LSM to KDBUS Paul Osmialowski
2015-07-08 10:25 ` [RFC 1/8] lsm: make security_file_receive available for external modules Paul Osmialowski
[not found] ` <1436351110-5902-1-git-send-email-p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 10:25 ` [RFC 2/8] lsm: smack: Make ipc/kdbus includes visible so smack callbacks could see them Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
2015-07-08 16:43 ` Daniel Mack
2015-07-08 10:25 ` [RFC 3/8] lsm: kdbus security hooks Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
[not found] ` <1436351110-5902-4-git-send-email-p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 11:00 ` Lukasz Pawelczyk
2015-07-08 11:00 ` Lukasz Pawelczyk
2015-07-08 14:14 ` Greg Kroah-Hartman
2015-07-08 10:25 ` [RFC 4/8] lsm: smack: smack callbacks for " Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
2015-07-08 13:42 ` Stephen Smalley
2015-07-08 16:38 ` Casey Schaufler
[not found] ` <559D5201.6060400-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2015-07-08 20:07 ` Paul Moore [this message]
2015-07-08 20:07 ` Paul Moore
2015-07-09 10:08 ` Sergei Zviagintsev
[not found] ` <20150709100808.GH25971-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2015-07-09 15:24 ` Casey Schaufler
2015-07-09 15:24 ` Casey Schaufler
2015-07-08 10:25 ` [RFC 5/8] kdbus: use LSM hooks in kdbus code Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
[not found] ` <1436351110-5902-6-git-send-email-p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 11:06 ` Lukasz Pawelczyk
2015-07-08 11:06 ` Lukasz Pawelczyk
2015-07-08 11:09 ` Lukasz Pawelczyk
2015-07-08 11:09 ` Lukasz Pawelczyk
[not found] ` <1436353775.2331.2.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 12:12 ` Paul Osmialowski
2015-07-08 12:12 ` Paul Osmialowski
2015-07-09 10:55 ` Sergei Zviagintsev
[not found] ` <20150709105510.GI25971-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2015-07-09 11:28 ` Paul Osmialowski
2015-07-09 11:28 ` Paul Osmialowski
2015-07-08 14:13 ` Greg Kroah-Hartman
2015-07-08 14:13 ` Greg Kroah-Hartman
2015-07-08 13:37 ` Stephen Smalley
[not found] ` <559D27AB.4010402-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2015-07-10 16:56 ` Stephen Smalley
2015-07-10 16:56 ` Stephen Smalley
2015-07-10 18:20 ` Stephen Smalley
2015-07-10 18:20 ` Stephen Smalley
2015-07-08 16:24 ` Casey Schaufler
2015-07-08 10:25 ` [RFC 6/8] kdbus: TEST_CREATE_CONN now does no depend on TEST_CREATE_BUS Paul Osmialowski
2015-07-08 10:25 ` [RFC 7/8] kdbus: selftests extended Paul Osmialowski
2015-07-08 10:25 ` [RFC 8/8] kdbus: Ability to run kdbus test by executable binary name Paul Osmialowski
2015-07-08 14:16 ` Greg Kroah-Hartman
2015-07-08 14:58 ` Paul Osmialowski
2015-07-08 16:46 ` [RFC 0/8] Introduce LSM to KDBUS Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2412238.IhG4IMMuSs@sifl \
--to=pmoore-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org \
--cc=daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org \
--cc=dh.herrmann-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=k.lewandowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=l.skalski-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mark.d.rustad-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=neilb-l3A5Bk7waGM@public.gmane.org \
--cc=p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=penguin-kernel-1yMVhJb1mP/7nzcFbJAaVXf5DAMn2ifp@public.gmane.org \
--cc=sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org \
--cc=shuahkh-JPH+aEBZ4P+UEJcrhfAQsw@public.gmane.org \
--cc=tixxdz-Umm1ozX2/EEdnm+yROfE0A@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.