Re: [Fwd: type class key] - Casey Schaufler

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Casey Schaufler <casey@schaufler-ca.com>
To: David Howells <dhowells@redhat.com>
Cc: dhowells@redhat.com, Stephen Smalley <sds@tycho.nsa.gov>,
	Daniel J Walsh <dwalsh@redhat.com>,
	Stefan Schulze Frielinghaus <stefan@seekline.net>,
	selinux@tycho.nsa.gov
Subject: Re: [Fwd: type class key]
Date: Fri, 16 Nov 2007 11:53:41 -0800 (PST)	[thread overview]
Message-ID: <310872.79777.qm@web36613.mail.mud.yahoo.com> (raw)
In-Reply-To: <26736.1195148091@redhat.com>


--- David Howells <dhowells@redhat.com> wrote:

> David Howells <dhowells@redhat.com> wrote:
> 
> > I've attached the patch I've come up with so far.
> 
> Oops.  One error - I forgot to connect up the new function.
> 
> 	# LD_PRELOAD=/tmp/libkeyutils-1.2.so /tmp/keyctl add user a a @s
> 	762693819
> 	# LD_PRELOAD=/tmp/libkeyutils-1.2.so /tmp/keyctl security 762693819
> 	root:system_r:unconfined_t:s0-s0:c0.c1023
> 
> That what you want?
> 
> New patch attached.
> 
> David
> ---
> KEYS: Add keyctl function to get a security label
> 
> From: David Howells <dhowells@redhat.com>
> 
> Add a keyctl() function to get the security label of a key.
> 
> The following is added to Documentation/keys.txt:
> 
>  (*) Get the LSM security context attached to a key.
> 
> 	long keyctl(KEYCTL_GET_SECURITY, key_serial_t key, char *buffer,
> 		    size_t buflen)
> 
>      This function returns a string that represents the LSM security context
>      attached to a key in the buffer provided.
> 
>      Unless there's an error, it always returns the amount of data it could
>      produce, even if that's too big for the buffer, but it won't copy more
>      than requested to userspace. If the buffer pointer is NULL then no copy
>      will take place.
> 
>      A NUL character is included at the end of the string if the buffer is
>      sufficiently big.  This is included in the returned count.  If no LSM is
>      in force then an empty string will be returned.
> 
>      A process must have view permission on the key for this function to be
>      successful.
> 
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
> 
>  Documentation/keys.txt   |   21 +++++++++++++++
>  include/linux/keyctl.h   |    1 +
>  include/linux/security.h |   20 +++++++++++++-
>  security/dummy.c         |    8 ++++++
>  security/keys/compat.c   |    3 ++
>  security/keys/keyctl.c   |   66
> ++++++++++++++++++++++++++++++++++++++++++++++
>  security/security.c      |    5 +++
>  security/selinux/hooks.c |   21 +++++++++++++--
>  8 files changed, 141 insertions(+), 4 deletions(-)

If you're changing the LSM interface you should cross post this to
the LSM list.


Casey Schaufler
casey@schaufler-ca.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2007-11-16 19:54 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1194628263.3630.14.camel@vogon>
     [not found] ` <1194554589.3198.24.camel@moss-spartans.epoch.ncsc.mil>
     [not found]   ` <24708.1194612682@redhat.com>
     [not found]     ` <22421.1194637689@redhat.com>
2007-11-09 19:51       ` [Fwd: type class key] Stephen Smalley
2007-11-09 20:00         ` Stephen Smalley
2007-11-09 20:35           ` Casey Schaufler
2007-11-10 12:26           ` David Howells
2007-11-14 20:23             ` Daniel J Walsh
2007-11-15 12:17               ` David Howells
2007-11-15 13:33                 ` Daniel J Walsh
2007-11-15 13:57                 ` Stephen Smalley
2007-11-15 14:41                   ` David Howells
2007-11-15 14:52                     ` Stephen Smalley
2007-11-15 14:53               ` David Howells
2007-11-15 14:56                 ` Stephen Smalley
2007-11-15 14:58                 ` David Howells
2007-11-15 15:02                   ` Stephen Smalley
2007-11-15 16:04                     ` David Howells
2007-11-15 17:34                       ` David Howells
2007-11-15 18:26                         ` Stephen Smalley
2007-11-15 19:04                           ` David Howells
2007-11-16 19:53                         ` Casey Schaufler [this message]
2007-11-15 20:40                   ` James Morris
2007-11-15 13:08           ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=310872.79777.qm@web36613.mail.mud.yahoo.com \
    --to=casey@schaufler-ca.com \
    --cc=dhowells@redhat.com \
    --cc=dwalsh@redhat.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=stefan@seekline.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.