From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] How to handle glibc-triggered behavior?
Date: Thu, 10 Dec 2015 10:53:16 -0500 [thread overview]
Message-ID: <56699FEC.4070701@tresys.com> (raw)
In-Reply-To: <20151210154001.GE22216@x250>
On 12/10/2015 10:40 AM, Dominick Grift wrote:
> On Thu, Dec 10, 2015 at 03:59:33PM +0100, Laurent Bigonville wrote:
>> Hey,
>
>> Le 21/12/14 13:15, Sven Vermeulen a ?crit :
>>> glibc's malloc implementation, in multithreaded applications, might read
>>> /proc/sys/vm/overcommit_memory to check if the heap can be shrunk or not
>>> (when the allocated memory is part of the non-main arena). That means that
>>> read access to sysctl_vm_t becomes a wide request.
>>>
>>> Not granting privileges might result in different memory behavior, where the
>>> system administrator might have tuned/tweaked memory allocations on Linux,
>>> but malloc() ignoring this due to SELinux denying access to the settings.
>>>
>>> I'm wondering how to properly tackle this. Granting this on a per-domain
>>> level is probably not manageable, but granting this for all domains (through
>>> the "domain" attribute) might be overshooting.
>>>
>>> Are there specific risks that I should take into account when granting read
>>> access to sysctl_vm_t?
>>>
>> I'm bumping this again topic again.
>
>> Is there anything blocking a fix for this?
>
> if we decide to do anything like this then lets start by implementing a
> proc_vm_overcommit_t type and associate that with
> /proc/sys/vm/overcommit_memory so that we have more control over this.
There are a couple things:
* Yes, to address this, it would warrant adding a new type for the
sysctl, though I'd probably call it sysctl_vm_overcommit_t.
* This should trigger some auditing of domains that have access to
sysctl_vm_t to see if it is only because of this sysctl, and if so,
adjust the access accordingly.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
next prev parent reply other threads:[~2015-12-10 15:53 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-21 12:15 [refpolicy] How to handle glibc-triggered behavior? Sven Vermeulen
2015-01-12 14:03 ` Christopher J. PeBenito
2015-04-03 13:47 ` Miroslav Grepl
2015-04-03 15:44 ` Dominick Grift
2015-12-10 14:59 ` Laurent Bigonville
2015-12-10 15:11 ` Dominick Grift
2015-12-10 15:13 ` Dominick Grift
2015-12-10 15:44 ` Christopher J. PeBenito
2015-12-10 15:49 ` Dominick Grift
2015-12-10 15:51 ` Dominick Grift
2015-12-10 15:20 ` Dominick Grift
2015-12-10 15:29 ` Dominick Grift
2015-12-10 15:40 ` Dominick Grift
2015-12-10 15:53 ` Christopher J. PeBenito [this message]
2015-12-10 15:56 ` Dominick Grift
2015-12-10 16:00 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56699FEC.4070701@tresys.com \
--to=cpebenito@tresys.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.