From: Amir Goldstein <amir73il@gmail.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: fsdevel <linux-fsdevel@vger.kernel.org>,
Linux Audit <linux-audit@redhat.com>, Jan Kara <jack@suse.cz>
Subject: Re: [PATCH 1/1] Fanotify: Introduce a permissive mode
Date: Tue, 15 Aug 2017 12:19:50 +0200 [thread overview]
Message-ID: <CAOQ4uxjA_DWN7c1_Vo9_s1ckrXYfS7mJ7c0P7Y0sjhxuVj47fQ@mail.gmail.com> (raw)
In-Reply-To: <3663877.NZSPRKlUQW@x2>
On Mon, Aug 14, 2017 at 5:04 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> Hello,
>
> The fanotify interface can be used as an access control subsystem. If
> for some reason the policy is bad, there is potentially no good way to
> recover the system. This patch introduces a new command line variable,
> fanotify_enforce, to allow overriding the access decision from user
> space. The initialization status is recorded as an audit event so that
> there is a record of being in permissive mode for the security officer.
:-/ overriding the security access decision sounds like a bad practice
*if* at all this method is acceptable overriding access decision should
probably be accompanied with pr_warn_ratelimited and a big warning
for fanotify_init with FAN_CLASS_{,PRE_}CONTENT priority.
If the proposed kernel param is acceptable by others, I would prefer
that it prevents setting up FAN_CLASS_{,PRE_}CONTENT priority
watches, instead of setting them up and ignoring the user daemon response.
B.T.W Jan,
I hope I am not out of line to propose:
--- a/MAINTAINERS
+++ b/MAINTAINERS
FANOTIFY
-M: Eric Paris <eparis@redhat.com>
+M: Jan Kara <jack@suse.com>
+R: Amir Goldstein <amir73il@gmail.com>
+L: linux-fsdevel@vger.kernel.org
S: Maintained
F: fs/notify/fanotify/
F: include/linux/fanotify.h
next prev parent reply other threads:[~2017-08-15 10:19 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-14 15:04 [PATCH 1/1] Fanotify: Introduce a permissive mode Steve Grubb
2017-08-15 10:19 ` Amir Goldstein [this message]
2017-08-15 11:48 ` Jan Kara
2017-08-15 14:44 ` Steve Grubb
2017-08-15 15:37 ` Amir Goldstein
2017-08-15 16:23 ` Steve Grubb
2017-08-15 19:19 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOQ4uxjA_DWN7c1_Vo9_s1ckrXYfS7mJ7c0P7Y0sjhxuVj47fQ@mail.gmail.com \
--to=amir73il@gmail.com \
--cc=jack@suse.cz \
--cc=linux-audit@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).