Audit, LSM, SELinux, and Smack

Audit, LSM, SELinux, and Smack

[Casey Schaufler]

I'm looking at getting audit into my Smack LSM module.
Stephen Smalley has suggested, and I concur, that this
may be the time to convert audit from using SELinux
specific interfaces to LSM based interfaces.

Before I start blasting away with patches, I want to
check and see if anyone else is looking into this.
There's a good chunk of work to be done for LSM, audit,
SELinux, and Smack. I also want to be sure that no one
will take umberage with the notion.

Thank you.


Casey Schaufler
casey@schaufler-ca.com

Re: Audit, LSM, SELinux, and Smack

[Steve Grubb]

On Wednesday 25 July 2007 04:19:26 pm Casey Schaufler wrote:
> Before I start blasting away with patches, I want to
> check and see if anyone else is looking into this.

Nope.

> There's a good chunk of work to be done for LSM, audit,
> SELinux, and Smack. I also want to be sure that no one
> will take umberage with the notion.

Well, I thought we were stable and could finish off the last couple kernel 
items.  :)   If you are making big changes, be ware of performance impacts as 
we've done a lot to make sure we don't slow everything down.

-Steve

Re: Audit, LSM, SELinux, and Smack

[Casey Schaufler]

--- Steve Grubb <sgrubb@redhat.com> wrote:

> On Wednesday 25 July 2007 04:19:26 pm Casey Schaufler wrote:
> > Before I start blasting away with patches, I want to
> > check and see if anyone else is looking into this.
> 
> Nope.

Schuckydarns.

> > There's a good chunk of work to be done for LSM, audit,
> > SELinux, and Smack. I also want to be sure that no one
> > will take umberage with the notion.
> 
> Well, I thought we were stable and could finish off the last couple kernel 
> items.  :)

This is one of those last couple items, right?

> If you are making big changes, be ware of performance impacts as
> 
> we've done a lot to make sure we don't slow everything down.

The design is early. I'll keep that as a primary criteria.
Thank you.


Casey Schaufler
casey@schaufler-ca.com

Re: Audit, LSM, SELinux, and Smack

[Stephen Smalley]

On Wed, 2007-07-25 at 13:19 -0700, Casey Schaufler wrote:
> I'm looking at getting audit into my Smack LSM module.
> Stephen Smalley has suggested, and I concur, that this
> may be the time to convert audit from using SELinux
> specific interfaces to LSM based interfaces.
> 
> Before I start blasting away with patches, I want to
> check and see if anyone else is looking into this.
> There's a good chunk of work to be done for LSM, audit,
> SELinux, and Smack.

Also netlink, if you need/want to be able to save the sending task's
label at send time for later use for permission checking and auditing at
receive time.  At present, netlink_sendmsg() calls
selinux_get_task_sid() to save the sending task SID in the
netlink_skb_parms struct, and that SID is later extracted by
selinux_netlink_recv and audit_receive_msg.  That parallels what happens
with the eff_cap set and the loginuid.

>  I also want to be sure that no one
> will take umberage with the notion.

At some point, objections may arise that the changes are too invasive or
costly, or that they aren't justified until such a time as it is shown
that smack or another user is actually going to be merged.  But in
abstract, I don't have a problem with converting these over to using LSM
hooks (as long as LSM remains).  What makes it a little harder is that
smack has no equivalent to a sid/secid, just the full labels (albeit
those are small and fixed size).

-- 
Stephen Smalley
National Security Agency