From: Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org>
To: David Drysdale <drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
Cc: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
LSM List
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Alexander Viro
<viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
Meredydd Luff <meredydd-zPN50pYk8eUaUu29zAJCuw@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
James Morris
<james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH 09/11] capsicum: implementations of new LSM hooks
Date: Wed, 02 Jul 2014 09:49:24 -0400 [thread overview]
Message-ID: <1871630.hB3tXi0r3a@sifl> (raw)
In-Reply-To: <CALCETrUBCL1jKfooLaqrJCb-uYrMwYPQL2v-M04NTVf2LoD_fw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Monday, June 30, 2014 09:05:38 AM Andy Lutomirski wrote:
> On Mon, Jun 30, 2014 at 3:28 AM, David Drysdale <drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> wrote:
> > If the LSM does not provide implementations of the .file_lookup and
> > .file_install LSM hooks, always use the Capsicum implementations.
> >
> > The Capsicum implementation of file_lookup checks for a Capsicum
> > capability wrapper file and unwraps to if the appropriate rights
> > are available.
> >
> > The Capsicum implementation of file_install checks whether the file
> > has restricted rights associated with it. If it does, it is replaced
> > with a Capsicum capability wrapper file before installation into the
> > fdtable.
>
> I think I fall on the "no LSM" side of the fence. This kind of stuff
> should be available regardless of selected LSM (as it is in your
> code) ...
I agree. Looking quickly at the patches, the code seems to take an odd
approach of living largely outside the LSM framework, but then relying on a
couple of LSM hooks. Capsicum should either live fully as a LSM or fully
outside of it, this mix seems a bit silly to me.
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2014-07-02 13:49 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-30 10:28 [RFC PATCH 00/11] Adding FreeBSD's Capsicum security framework (part 1) David Drysdale
2014-06-30 10:28 ` [PATCH 01/11] fs: add O_BENEATH_ONLY flag to openat(2) David Drysdale
2014-06-30 14:49 ` Andy Lutomirski
2014-06-30 15:49 ` David Drysdale
2014-06-30 15:53 ` Andy Lutomirski
[not found] ` <CALCETrWJ-rqDo8OvSZWPUt1806gObNtwVHvC4M6kfQgvd3Eg9w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-08 12:07 ` Christoph Hellwig
[not found] ` <20140708120702.GB30459-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2014-07-08 12:48 ` Meredydd Luff
[not found] ` <CAD=T17FQEZV+iy91wQAvAdd0PW2tsfjpU7atp-xeatm5sEGz5Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-08 12:51 ` Christoph Hellwig
[not found] ` <20140708125138.GA4749-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2014-07-08 13:04 ` Meredydd Luff
2014-07-08 13:12 ` Christoph Hellwig
2014-06-30 20:40 ` Andi Kleen
2014-06-30 21:11 ` Andy Lutomirski
[not found] ` <87mwcuw2pj.fsf-KWJ+5VKanrL29G5dvP0v1laTQe2KTcn/@public.gmane.org>
2014-07-01 9:53 ` David Drysdale
2014-07-01 18:58 ` Loganaden Velvindron
[not found] ` <1404124096-21445-2-git-send-email-drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-07-08 12:03 ` Christoph Hellwig
[not found] ` <20140708120331.GA30459-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2014-07-08 16:54 ` David Drysdale
2014-07-09 8:48 ` Christoph Hellwig
[not found] ` <1404124096-21445-1-git-send-email-drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-06-30 10:28 ` [PATCH 02/11] selftests: Add test of O_BENEATH_ONLY & openat(2) David Drysdale
2014-06-30 10:28 ` [PATCH 03/11] capsicum: rights values and structure definitions David Drysdale
2014-06-30 10:28 ` [PATCH 04/11] capsicum: implement fgetr() and friends David Drysdale
2014-06-30 10:28 ` [PATCH 05/11] capsicum: convert callers to use fgetr() etc David Drysdale
2014-06-30 10:28 ` [PATCH 06/11] capsicum: implement sockfd_lookupr() David Drysdale
2014-06-30 10:28 ` [PATCH 07/11] capsicum: convert callers to use sockfd_lookupr() etc David Drysdale
2014-06-30 10:28 ` [PATCH 08/11] capsicum: add new LSM hooks on FD/file conversion David Drysdale
2014-06-30 10:28 ` [PATCH 09/11] capsicum: implementations of new LSM hooks David Drysdale
[not found] ` <1404124096-21445-10-git-send-email-drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-06-30 16:05 ` Andy Lutomirski
[not found] ` <CALCETrUBCL1jKfooLaqrJCb-uYrMwYPQL2v-M04NTVf2LoD_fw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-02 13:49 ` Paul Moore [this message]
2014-07-02 17:09 ` David Drysdale
2014-06-30 10:28 ` [PATCH 10/11] capsicum: invocation " David Drysdale
2014-06-30 10:28 ` [PATCH 11/11] capsicum: add syscalls to limit FD rights David Drysdale
2014-06-30 10:28 ` [PATCH 1/5] man-pages: open.2: describe O_BENEATH_ONLY flag David Drysdale
2014-06-30 22:22 ` Andy Lutomirski
2014-06-30 10:28 ` [PATCH 2/5] man-pages: capsicum.7: describe Capsicum capability framework David Drysdale
2014-06-30 10:28 ` [PATCH 3/5] man-pages: rights.7: Describe Capsicum primary rights David Drysdale
2014-06-30 10:28 ` [PATCH 4/5] man-pages: cap_rights_limit.2: limit FD rights for Capsicum David Drysdale
[not found] ` <1404124096-21445-16-git-send-email-drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-06-30 14:53 ` Andy Lutomirski
[not found] ` <CALCETrUi71FgVABRF4C+n_STc02j=GxRwBqDaoC+NLeAP9Ui3w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-30 15:35 ` David Drysdale
[not found] ` <20140630153503.GA10375-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-06-30 16:06 ` Andy Lutomirski
2014-06-30 16:32 ` David Drysdale
2014-06-30 10:28 ` [PATCH 5/5] man-pages: cap_rights_get: retrieve Capsicum fd rights David Drysdale
[not found] ` <1404124096-21445-17-git-send-email-drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-06-30 22:28 ` Andy Lutomirski
2014-07-01 9:19 ` David Drysdale
2014-07-01 14:18 ` Andy Lutomirski
2014-07-03 9:12 ` [RFC PATCH 00/11] Adding FreeBSD's Capsicum security framework (part 1) Paolo Bonzini
2014-07-03 10:01 ` Loganaden Velvindron
[not found] ` <53B51E81.4090700-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-07-03 18:39 ` David Drysdale
[not found] ` <20140703183927.GA1629-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-07-04 7:03 ` Paolo Bonzini
2014-07-07 10:29 ` David Drysdale
2014-07-07 12:20 ` Paolo Bonzini
[not found] ` <53BA9094.9080401-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-07-07 14:11 ` David Drysdale
2014-07-07 22:33 ` Alexei Starovoitov
[not found] ` <CAADnVQ+c2E6eG_juEDh-GyheveqScxQ=98jqO1ZOjp1PgfVBGQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-08 14:58 ` Kees Cook
2014-08-16 15:41 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1871630.hB3tXi0r3a@sifl \
--to=paul-r2n+y4ga6xfzrors9yw3xa@public.gmane.org \
--cc=drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=meredydd-zPN50pYk8eUaUu29zAJCuw@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).