From: "John Stoffel" <john@stoffel.org>
To: Eric Paris <eparis@redhat.com>
Cc: xfs-masters@oss.sgi.com, linux-btrfs@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-ext4@vger.kernel.org,
cluster-devel@redhat.com, linux-mtd@lists.infradead.org,
jfs-discussion@lists.sourceforge.net, ocfs2-devel@oss.oracle.com,
reiserfs-devel@vger.kernel.org, xfs@oss.sgi.com,
linux-mm@kvack.org, linux-security-module@vger.kernel.org,
chris.mason@oracle.com, jack@suse.cz, akpm@linux-foundation.org,
adilger.kernel@dilger.ca, tytso@mit.edu, swhiteho@redhat.com,
dwmw2@infradead.org, shaggy@linux.vnet.ibm.com, mfasheh@suse.com,
joel.becker@oracle.com, aelder@sgi.com, hughd@google.com,
jmorris@namei.org, sds@tycho.nsa.gov, eparis@parisplace.org,
hch@lst.de, dchinner@redhat.com, viro@zeniv.linux.org.uk,
tao.ma@oracle.com, shemminger@vyatta.com, jeffm@suse.com,
serue@us.ibm.com, paul.moore@hp.com,
penguin-kernel@I-love.SAKURA.ne.jp, casey@schaufler-ca.com,
kees.cook@can
Subject: Re: [PATCH] fs/vfs/security: pass last path component to LSM on inode creation
Date: Thu, 9 Dec 2010 10:05:47 -0500 [thread overview]
Message-ID: <19712.61515.201226.938553@quad.stoffel.home> (raw)
In-Reply-To: <20101208194527.13537.77202.stgit@paris.rdu.redhat.com>
>>>>> "Eric" == Eric Paris <eparis@redhat.com> writes:
Eric> SELinux would like to implement a new labeling behavior of newly
Eric> created inodes. We currently label new inodes based on the
Eric> parent and the creating process. This new behavior would also
Eric> take into account the name of the new object when deciding the
Eric> new label. This is not the (supposed) full path, just the last
Eric> component of the path.
Eric> This is very useful because creating /etc/shadow is different
Eric> than creating /etc/passwd but the kernel hooks are unable to
Eric> differentiate these operations. We currently require that
Eric> userspace realize it is doing some difficult operation like that
Eric> and than userspace jumps through SELinux hoops to get things set
Eric> up correctly. This patch does not implement new behavior, that
Eric> is obviously contained in a seperate SELinux patch, but it does
Eric> pass the needed name down to the correct LSM hook. If no such
Eric> name exists it is fine to pass NULL.
I've looked this patch over, and maybe I'm missing something, but how
does knowing the name of the file really tell you anything, esp when
you only get the filename, not the path? What threat are you
addressing with this change?
So what happens when I create a file /home/john/shadow, does selinux
(or LSM in general) then run extra checks because the filename is
'shadow' in your model?
I *think* the overhead shouldn't be there if SELINUX is disabled, but
have you confirmed this? How you run performance tests before/after
this change when doing lots of creations of inodes to see what sort of
performance changes might be there?
Thanks,
John
next prev parent reply other threads:[~2010-12-09 15:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-08 19:45 [PATCH] fs/vfs/security: pass last path component to LSM on inode creation Eric Paris
2010-12-09 15:05 ` John Stoffel [this message]
2010-12-09 15:52 ` Eric Paris
2010-12-09 17:48 ` John Stoffel
2010-12-09 18:05 ` Eric Paris
2010-12-09 16:05 ` Serge Hallyn
2011-07-08 16:17 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19712.61515.201226.938553@quad.stoffel.home \
--to=john@stoffel.org \
--cc=adilger.kernel@dilger.ca \
--cc=aelder@sgi.com \
--cc=akpm@linux-foundation.org \
--cc=casey@schaufler-ca.com \
--cc=chris.mason@oracle.com \
--cc=cluster-devel@redhat.com \
--cc=dchinner@redhat.com \
--cc=dwmw2@infradead.org \
--cc=eparis@parisplace.org \
--cc=eparis@redhat.com \
--cc=hch@lst.de \
--cc=hughd@google.com \
--cc=jack@suse.cz \
--cc=jeffm@suse.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=jmorris@namei.org \
--cc=joel.becker@oracle.com \
--cc=kees.cook@can \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mfasheh@suse.com \
--cc=ocfs2-devel@oss.oracle.com \
--cc=paul.moore@hp.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=reiserfs-devel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=serue@us.ibm.com \
--cc=shaggy@linux.vnet.ibm.com \
--cc=shemminger@vyatta.com \
--cc=swhiteho@redhat.com \
--cc=tao.ma@oracle.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs-masters@oss.sgi.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).