All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Paris <eparis@redhat.com>
To: "Sakkinen, Jarkko" <jarkko.sakkinen@intel.com>
Cc: Eric Paris <eparis@parisplace.org>,
	Casey Schaufler <casey@schaufler-ca.com>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH] Smack: SMACK_IOCLOADACCESS
Date: Fri, 26 Aug 2011 13:01:50 -0400	[thread overview]
Message-ID: <4E57D17E.9020806@redhat.com> (raw)
In-Reply-To: <CADjiTvBkwusfjdE=PQ5B=MPMxr1bewR6v9qoqq6yMNWjp-BeLQ@mail.gmail.com>

On 08/26/2011 12:05 PM, Sakkinen, Jarkko wrote:
> On Fri, Aug 26, 2011 at 3:50 PM, Eric Paris <eparis@parisplace.org> wrote:
>> On Fri, Aug 26, 2011 at 1:52 AM, Jarkko Sakkinen
>> <jarkko.sakkinen@intel.com> wrote:
>>> IOCTL call for /smack/load that takes access rule in
>>> the same format as they are written into /smack/load.
>>> Sets errno to zero if access is allowed and to EACCES
>>> if not.
>>>
>>> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
>>
>> [SELinux maintainer here, but Casey knew to already take what I say
>> with a grain of salt]
>>
>> I'm not telling you to do anything differently, just telling you what
>> SELinux does, and why we do it.  SELinux has a file in selinuxfs
>> called 'access.'  The file can be opened and one can write a rule into
>> the file.  One then calls read and gets back a structure which
>> contains all of the permissions information allowed for the
>> source/target/class.  In SELinux we calculate all of the permissions
>> for the tuple at once so providing all of the information at once can
>> make a lot of sense.  libselinux provides libraries that will cache
>> these decisions in the userspace program and quickly answer the same
>> (or similar) questions later.
>>
>> http://userspace.selinuxproject.org/trac/browser/libselinux/src/compute_av.c
> 
> Thank you for this information. One thing that concerns
> me in this approach is the scenario where things serialize
> to the following sequence:
> 
> - Process A does open()
> - Process B does open()
> - Process A does write()
> - Process B does write()
> - Process A does read()
> - ... (sequence continues)
> 
> What's the end result?

SELinux attaches the information needed to the struct file private area
inside the kernel using the kernel provided fs/libfs.c functions
simple_transation_*.  Which means that 2 processes have no issues
interfering with each other.  A multi threaded or misbehaving
application may get EBUSY on write() if another write()/read() combo is
in progress.  Its nice that the kernel has libraries which solve this
problem for us!

I don't know SMACK internals, but if one ever wants to have SMACK
userspace object managers the ability for the interface to only be able
to return a single value might be an eventual bottleneck.

Like I said, do whatever you guys think is best, but I'm constantly
going to point out and ask for LSM similarities when possible!

-Eric

  reply	other threads:[~2011-08-26 17:41 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-26  5:52 [PATCH] Smack: SMACK_IOCLOADACCESS Jarkko Sakkinen
2011-08-26 12:50 ` Eric Paris
2011-08-26 13:14   ` Alan Cox
2011-08-26 17:36     ` Stephen Smalley
2011-08-26 16:05   ` Sakkinen, Jarkko
2011-08-26 17:01     ` Eric Paris [this message]
2011-08-26 21:59       ` Casey Schaufler
2011-08-27  0:16         ` Eric Paris
2011-08-27  5:57       ` Sakkinen, Jarkko
2011-08-26 16:26   ` Casey Schaufler
2011-08-26 17:28     ` Stephen Smalley
2011-08-26 21:47       ` Casey Schaufler
2011-08-26 17:26 ` Randy Dunlap

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E57D17E.9020806@redhat.com \
    --to=eparis@redhat.com \
    --cc=casey@schaufler-ca.com \
    --cc=eparis@parisplace.org \
    --cc=jarkko.sakkinen@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.