From: Casey Schaufler <casey@schaufler-ca.com>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: jmorris@namei.org, linux-security-module@vger.kernel.org,
selinux@tycho.nsa.gov, john.johansen@canonical.com,
eparis@redhat.com, keescook@chromium.org,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH v12 3/9] LSM: Multiple concurrent LSMs
Date: Mon, 21 Jan 2013 15:45:25 -0800 [thread overview]
Message-ID: <50FDD315.7090606@schaufler-ca.com> (raw)
In-Reply-To: <201301220819.AFB21360.OFOQHJFSFVtLMO@I-love.SAKURA.ne.jp>
On 1/21/2013 3:19 PM, Tetsuo Handa wrote:
> Casey Schaufler wrote:
>> On 1/21/2013 4:42 AM, Tetsuo Handa wrote:
>>> Below is what I think we need for "current v12 patchset" + "LKM-based LSM
>>> support" + "Require a valid ->order value to all LSM" approach.
>>> What other mechanism we are missing?
>> The big trouble is cleaning up blobs that an LSM has allocated
>> at the time an LSM is unloaded. I am only including the ability
>> to unregister via reset_security_ops (which I plan to rename,
>> more on that later) because SELinux depends on it.
> Right. I agree that it is difficult to clean up blobs that an LSM has allocated
> at the time an LSM is unloaded. But not all LSM modules want to allocate blobs.
True enough, but the one example we have of LSM unloading is going
to leave droppings. I don't want to go anywhere near module unloading,
even for LSMs that don't use the official mechanisms, without a story
on how they're going to get cleaned up.
>> I'm renaming reset_security_ops to security_module_disable to match
>> up with security_module_enable. I know it's unnecessary, but I think
>> it's the right thing to do.
> I think that unregister_security() is better named, for we want both
> security_module_enable() and register_security() (since built-in LSM modules in
> Ubuntu kernels need to be able to distinguish whether to try to load or not).
I'm addressing this is v13 without introducing unregister_security.
Patch coming later this week most likely.
> I'm OK to rename reset_security_ops() to security_module_disable() if
> security_module_enable() is changed to return "0 or -ve" so that
> security_module_enable() can return the caller the reason of registration
> failure.
I'm doing that in v13 as well.
>>> +EXPORT_SYMBOL_GPL(security_module_enable);
>> I am disinclined to put in what might appear to be support
>> for dynamic security modules when I'm not yet willing to
>> sign up for that.
> I'm ready to convert TOMOYO into LKM-based LSM and TOMOYO-like modules as well.
> Sorry, I still have not understood what other mechanism we are missing...
I'm not sure that we're missing anything beyond locking
(as you have pointed out) and cleaning up, which you're
less concerned about than I. What I am *not* ready to do
is stand up and say that I believe all the bases are covered.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2013-01-21 23:45 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-08 1:54 [PATCH v12 0/9] LSM: Multiple concurrent LSMs Casey Schaufler
2013-01-08 1:54 ` Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 1/9] " Casey Schaufler
2013-01-08 2:09 ` Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 2/9] " Casey Schaufler
2013-01-08 2:09 ` Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 3/9] " Casey Schaufler
2013-01-08 2:09 ` Casey Schaufler
[not found] ` <201301092211.CGF18746.LMOHJFOOFQtVSF@I-love.SAKURA.ne.jp>
2013-01-09 16:26 ` Casey Schaufler
[not found] ` <50EE9BAE.5010101@canonical.com>
[not found] ` <201301102159.JAE81243.tOFLQVOMHSJOFF@I-love.SAKURA.ne.jp>
[not found] ` <50EEBD8B.2090000@canonical.com>
2013-01-10 16:20 ` Casey Schaufler
[not found] ` <201301212142.FGF86433.OVQJFMHFLtFSOO@I-love.SAKURA.ne.jp>
2013-01-21 22:31 ` Casey Schaufler
[not found] ` <201301220819.AFB21360.OFOQHJFSFVtLMO@I-love.SAKURA.ne.jp>
2013-01-21 23:45 ` Casey Schaufler [this message]
[not found] ` <201301221009.JDB30838.tFFMVFLOQJSOOH@I-love.SAKURA.ne.jp>
2013-01-22 2:10 ` Casey Schaufler
[not found] ` <201301221623.JIH35408.LFSJQFOFOOHVMt@I-love.SAKURA.ne.jp>
2013-01-22 19:43 ` Casey Schaufler
[not found] ` <201301232030.HAH52121.VFtOSLHQFJOOMF@I-love.SAKURA.ne.jp>
2013-01-23 16:18 ` Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 4/9] " Casey Schaufler
2013-01-08 2:09 ` Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 5/9] " Casey Schaufler
2013-01-08 2:09 ` Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 6/9] " Casey Schaufler
2013-01-08 2:09 ` Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 7/9] " Casey Schaufler
2013-01-08 2:09 ` Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 8/9] " Casey Schaufler
2013-01-08 2:09 ` Casey Schaufler
2013-01-08 2:09 ` [PATCH v12 9/9] " Casey Schaufler
2013-01-08 2:09 ` Casey Schaufler
2013-01-08 3:01 ` [PATCH v12 0/9] " Stephen Rothwell
2013-01-08 3:59 ` Stephen Rothwell
2013-01-08 4:11 ` Casey Schaufler
2013-01-08 4:11 ` Casey Schaufler
2013-01-08 6:34 ` Vasily Kulikov
2013-01-08 4:02 ` Casey Schaufler
2013-01-08 4:02 ` Casey Schaufler
2013-01-08 6:38 ` Vasily Kulikov
2013-01-08 9:12 ` James Morris
2013-01-08 9:12 ` James Morris
2013-01-08 17:14 ` Casey Schaufler
2013-01-08 17:14 ` Casey Schaufler
2013-01-08 20:19 ` Kees Cook
2013-01-09 13:42 ` James Morris
2013-01-09 13:42 ` James Morris
2013-01-09 17:07 ` Casey Schaufler
2013-01-09 17:07 ` Casey Schaufler
2013-01-08 20:40 ` John Johansen
2013-01-09 13:28 ` James Morris
2013-01-09 13:28 ` James Morris
2013-01-10 10:25 ` John Johansen
2013-01-10 13:23 ` Tetsuo Handa
2013-01-11 0:46 ` Eric W. Biederman
2013-01-11 0:46 ` Eric W. Biederman
2013-01-11 0:57 ` John Johansen
2013-01-11 1:13 ` Eric W. Biederman
2013-01-11 1:13 ` Eric W. Biederman
2013-01-11 1:15 ` John Johansen
2013-01-11 18:13 ` Casey Schaufler
2013-01-11 18:13 ` Casey Schaufler
2013-01-11 19:35 ` Eric W. Biederman
2013-01-11 19:35 ` Eric W. Biederman
2013-01-08 17:47 ` Stephen Smalley
2013-01-08 17:47 ` Stephen Smalley
2013-01-08 18:17 ` Casey Schaufler
2013-01-08 18:17 ` Casey Schaufler
2013-01-08 20:01 ` John Johansen
2013-01-15 4:17 ` Casey Schaufler
2013-01-15 4:17 ` Casey Schaufler
2013-01-08 20:22 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50FDD315.7090606@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.