From: Casey Schaufler <casey@schaufler-ca.com>
To: "David P. Quigley" <dpquigl@tycho.nsa.gov>,
hch@infradead.org, viro@ftp.linux.org.uk,
trond.myklebust@fys.uio.no, bfields@fieldses.org
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
"David P. Quigley" <dpquigl@tycho.nsa.gov>
Subject: Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name
Date: Wed, 27 Feb 2008 15:42:34 -0800 (PST) [thread overview]
Message-ID: <822822.4853.qm@web36614.mail.mud.yahoo.com> (raw)
In-Reply-To: <1204150294-4678-2-git-send-email-dpquigl@tycho.nsa.gov>
--- "David P. Quigley" <dpquigl@tycho.nsa.gov> wrote:
> Before the inode_xattr_getsecurity call was removed the caller would
> concatenate the security namespace prefix and the suffix provided by the lsm
> to
> obtain the security xattr. This hook provides the functionality to obtain the
> full
> LSM xattr name. The patch also provides implementations for the dummy
> security
> module and SELinux. This method is used instead of restoring the old method
> since it only requires an offset into the returned pointer to obtain the
> suffix. This approach is more efficient than concatenating the security xattr
> namespace string with the suffix to get a usable string.
>
> Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
> ---
> include/linux/security.h | 8 ++++++++
> security/dummy.c | 6 ++++++
> security/security.c | 6 ++++++
> security/selinux/hooks.c | 10 ++++++++--
> 4 files changed, 28 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index fe52cde..c80bee4 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -1394,6 +1394,7 @@ struct security_operations {
> int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
> int (*secctx_to_secid)(char *secdata, u32 seclen, u32 *secid);
> void (*release_secctx)(char *secdata, u32 seclen);
> + const char *(*maclabel_getname) (void);
I think that calling this a maclabel is a really bad idea. For one
thing, it assumes that all interesting security attributes are for
Mandatory Access Control. Also, it assumes that they are stored as
xattrs. While these conditions are both met by the two current LSMs
I would suggest that this is not a fair assumption for the long
haul unless the intention is to lock the lSM into only supporting
xattr based label based MAC modules.
If you are only interested in supporting one LSM then the code should
go into that LSM specific code, not the LSM proper.
> #ifdef CONFIG_SECURITY_NETWORK
> int (*unix_stream_connect) (struct socket * sock,
> @@ -1633,6 +1634,7 @@ int security_netlink_recv(struct sk_buff *skb, int
> cap);
> int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
> int security_secctx_to_secid(char *secdata, u32 seclen, u32 *secid);
> void security_release_secctx(char *secdata, u32 seclen);
> +const char *security_maclabel_getname(void);
>
> #else /* CONFIG_SECURITY */
>
> @@ -2316,6 +2318,12 @@ static inline int security_secctx_to_secid(char
> *secdata,
> static inline void security_release_secctx(char *secdata, u32 seclen)
> {
> }
> +
> +static inline const char *security_maclabel_getname(void)
> +{
> + return NULL;
> +}
> +
> #endif /* CONFIG_SECURITY */
>
> #ifdef CONFIG_SECURITY_NETWORK
> diff --git a/security/dummy.c b/security/dummy.c
> index 649326b..928ef41 100644
> --- a/security/dummy.c
> +++ b/security/dummy.c
> @@ -960,6 +960,11 @@ static void dummy_release_secctx(char *secdata, u32
> seclen)
> {
> }
>
> +static const char *dummy_maclabel_getname(void)
> +{
> + return NULL;
> +}
> +
> #ifdef CONFIG_KEYS
> static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx,
> unsigned long flags)
> @@ -1118,6 +1123,7 @@ void security_fixup_ops (struct security_operations
> *ops)
> set_to_dummy_if_null(ops, secid_to_secctx);
> set_to_dummy_if_null(ops, secctx_to_secid);
> set_to_dummy_if_null(ops, release_secctx);
> + set_to_dummy_if_null(ops, maclabel_getname);
> #ifdef CONFIG_SECURITY_NETWORK
> set_to_dummy_if_null(ops, unix_stream_connect);
> set_to_dummy_if_null(ops, unix_may_send);
> diff --git a/security/security.c b/security/security.c
> index d15e56c..1a84eb1 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -845,6 +845,12 @@ void security_release_secctx(char *secdata, u32 seclen)
> }
> EXPORT_SYMBOL(security_release_secctx);
>
> +const char *security_maclabel_getname(void)
> +{
> + return security_ops->maclabel_getname();
> +}
> +EXPORT_SYMBOL(security_maclabel_getname);
> +
> #ifdef CONFIG_SECURITY_NETWORK
>
> int security_unix_stream_connect(struct socket *sock, struct socket *other,
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 75c2e99..e7fc9c9 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -5163,6 +5163,11 @@ static void selinux_release_secctx(char *secdata, u32
> seclen)
> kfree(secdata);
> }
>
> +static const char *selinux_maclabel_getname(void)
> +{
> + return XATTR_NAME_SELINUX;
> +}
> +
> #ifdef CONFIG_KEYS
>
> static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
> @@ -5351,8 +5356,9 @@ static struct security_operations selinux_ops = {
> .secid_to_secctx = selinux_secid_to_secctx,
> .secctx_to_secid = selinux_secctx_to_secid,
> .release_secctx = selinux_release_secctx,
> -
> - .unix_stream_connect = selinux_socket_unix_stream_connect,
> + .maclabel_getname = selinux_maclabel_getname,
> +
> + .unix_stream_connect = selinux_socket_unix_stream_connect,
> .unix_may_send = selinux_socket_unix_may_send,
>
> .socket_create = selinux_socket_create,
> --
> 1.5.3.8
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
>
>
Casey Schaufler
casey@schaufler-ca.com
next prev parent reply other threads:[~2008-02-27 23:42 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-27 22:11 RFC Labeled NFS Initial Code Review David P. Quigley
2008-02-27 22:11 ` [PATCH 01/11] Security: Add hook to get full maclabel xattr name David P. Quigley
2008-02-27 23:42 ` Casey Schaufler [this message]
2008-02-28 0:12 ` Dave Quigley
2008-02-28 1:07 ` Casey Schaufler
2008-02-28 13:43 ` Stephen Smalley
2008-02-28 19:23 ` Casey Schaufler
2008-02-28 19:30 ` Stephen Smalley
2008-02-28 19:59 ` Casey Schaufler
2008-02-28 23:48 ` Christoph Hellwig
2008-02-29 0:04 ` Dave Quigley
2008-02-29 0:39 ` Christoph Hellwig
2008-02-29 0:32 ` Dave Quigley
2008-02-29 1:00 ` Christoph Hellwig
2008-02-29 0:42 ` Dave Quigley
2008-02-29 2:07 ` Casey Schaufler
2008-02-29 1:48 ` Dave Quigley
2008-02-29 13:30 ` Stephen Smalley
2008-02-29 14:45 ` Stephen Smalley
2008-02-29 1:47 ` Casey Schaufler
2008-02-29 1:33 ` Dave Quigley
2008-02-29 2:15 ` James Morris
2008-02-29 0:50 ` Trond Myklebust
2008-02-29 0:51 ` Christoph Hellwig
2008-02-29 1:00 ` Trond Myklebust
2008-02-29 1:55 ` Casey Schaufler
2008-02-29 5:04 ` Trond Myklebust
2008-02-29 17:46 ` Casey Schaufler
2008-02-29 18:28 ` Trond Myklebust
2008-02-29 18:52 ` Casey Schaufler
2008-02-29 19:50 ` Trond Myklebust
2008-02-29 21:07 ` Casey Schaufler
2008-02-29 21:00 ` Dave Quigley
2008-02-29 22:27 ` Casey Schaufler
2008-02-29 22:15 ` Dave Quigley
2008-02-29 22:58 ` Casey Schaufler
2008-03-01 0:09 ` Trond Myklebust
2008-03-01 0:41 ` Casey Schaufler
2008-02-29 1:26 ` Casey Schaufler
2008-02-29 5:01 ` Trond Myklebust
2008-02-29 17:26 ` Casey Schaufler
2008-02-29 1:04 ` Casey Schaufler
2008-02-29 0:52 ` Dave Quigley
2008-02-29 2:29 ` Casey Schaufler
2008-02-29 2:09 ` Dave Quigley
2008-02-29 1:15 ` James Morris
2008-02-29 13:31 ` Stephen Smalley
2008-02-29 17:52 ` Casey Schaufler
2008-02-29 21:50 ` Dave Quigley
2008-02-27 22:11 ` [PATCH 02/11] Security: Add hook to calculate context based on a negative dentry David P. Quigley
2008-02-27 22:11 ` [PATCH 03/11] VFS: Add security label support to *notify David P. Quigley
2008-02-28 1:20 ` James Morris
2008-02-28 16:07 ` Dave Quigley
2008-02-28 23:54 ` Christoph Hellwig
2008-02-28 23:44 ` Dave Quigley
2008-02-29 0:23 ` Christoph Hellwig
2008-02-29 0:06 ` Dave Quigley
2008-02-29 1:52 ` Dave Quigley
2008-02-29 20:19 ` Dave Quigley
2008-02-27 22:11 ` [PATCH 04/11] KConfig: Add KConfig entries for SELinux labeled NFS David P. Quigley
2008-02-27 22:11 ` [PATCH 05/11] NFSv4: Add label recommended attribute and NFSv4 flags David P. Quigley
2008-02-28 1:52 ` James Morris
2008-02-28 1:45 ` Dave Quigley
2008-02-28 13:55 ` Stephen Smalley
2008-02-27 22:11 ` [PATCH 06/11] SELinux: Add new labeling type native labels David P. Quigley
2008-02-27 22:11 ` [PATCH 07/11] NFS/SELinux: Add security_label text mount option to nfs and add handling code to the security server David P. Quigley
2008-02-28 14:22 ` Eric Paris
2008-02-27 22:11 ` [PATCH 08/11] NFS: Introduce lifecycle management for label attribute David P. Quigley
2008-02-28 4:13 ` James Morris
2008-02-28 16:24 ` Dave Quigley
2008-02-28 16:46 ` Dave Quigley
2008-02-27 22:11 ` [PATCH 09/11] NFS: Client implementation of Labeled-NFS David P. Quigley
2008-02-27 22:11 ` [PATCH 10/11] NFS: Extend nfs xattr handlers to accept the security namespace David P. Quigley
2008-02-27 22:11 ` [PATCH 11/11] NFSD: Server implementation of MAC Labeling David P. Quigley
2008-02-28 1:46 ` James Morris
2008-02-28 0:48 ` RFC Labeled NFS Initial Code Review Dave Quigley
2008-02-28 1:23 ` Dave Quigley
-- strict thread matches above, loose matches on Subject: below --
2008-02-27 20:39 David P. Quigley
2008-02-27 20:39 ` [PATCH 01/11] Security: Add hook to get full maclabel xattr name David P. Quigley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=822822.4853.qm@web36614.mail.mud.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=bfields@fieldses.org \
--cc=dpquigl@tycho.nsa.gov \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).