From: "Serge Hallyn (shallyn)" <shallyn@cisco.com>
To: "Dr. Greg" <greg@enjellic.com>
Cc: "linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 04/14] Implement CAP_TRUST capability.
Date: Mon, 6 Feb 2023 17:28:06 +0000 [thread overview]
Message-ID: <Y+E4pe8T7Z1ekJqo@jerom> (raw)
In-Reply-To: <20230204050954.11583-5-greg@enjellic.com>
On Fri, Feb 03, 2023 at 11:09:44PM -0600, Dr. Greg wrote:
> TSEM was designed to support a Trust Orchestration System (TOS)
> security architecture. A TOS based system uses the concept of a
> minimum Trusted Computing Base of utilities, referred to as trust
> orchestrators, that maintain workloads in a trusted execution
> state. The trust orchestrators are thus, from a security
> perspective, the most privileged assets on the platform.
>
> Introduce the CAP_TRUST capability that is defined as a
> capability that allows a process to alter the trust status of the
This sounds like CAP_MAC_ADMIN. Any reason not to re-use that?
> platform. In a fully trust orchestrated system only the
> orchestrators carry this capability bit.
>
> In TSEM the CAP_TRUST capability allows the holder to access the
> control plane of the LSM. This ability allows subordinate
> modeling domains to be created and managed. Most principally the
> CAP_TRUST capability allows the holder to designate whether or
> not a process should be trusted or untrusted.
>
> The proposed Integrity Measurement Architecture namespaces would
> also be a candidate to use the CAP_TRUST capability.
>
> Signed-off-by: Greg Wettstein <greg@enjellic.com>
> ---
> include/uapi/linux/capability.h | 6 +++++-
> security/selinux/include/classmap.h | 2 +-
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
> index 3d61a0ae055d..af677b534949 100644
> --- a/include/uapi/linux/capability.h
> +++ b/include/uapi/linux/capability.h
> @@ -417,7 +417,11 @@ struct vfs_ns_cap_data {
>
> #define CAP_CHECKPOINT_RESTORE 40
>
> -#define CAP_LAST_CAP CAP_CHECKPOINT_RESTORE
> +/* Allow modifications to the trust status of the system */
> +
> +#define CAP_TRUST 41
> +
> +#define CAP_LAST_CAP CAP_TRUST
>
> #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
>
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index a3c380775d41..e8c497c16271 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -30,7 +30,7 @@
> "wake_alarm", "block_suspend", "audit_read", "perfmon", "bpf", \
> "checkpoint_restore"
>
> -#if CAP_LAST_CAP > CAP_CHECKPOINT_RESTORE
> +#if CAP_LAST_CAP > CAP_TRUST
> #error New capability defined, please update COMMON_CAP2_PERMS.
> #endif
>
> --
> 2.39.1
>
next prev parent reply other threads:[~2023-02-06 17:28 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-04 5:09 [PATCH 00/14] Implement Trusted Security Event Modeling Dr. Greg
2023-02-04 5:09 ` [PATCH 01/14] Update MAINTAINERS file Dr. Greg
2023-02-04 5:09 ` [PATCH 02/14] Add TSEM specific documentation Dr. Greg
2023-02-09 11:47 ` Greg KH
2023-02-09 23:47 ` Dr. Greg
2023-02-13 4:33 ` Paul Moore
2023-02-14 11:58 ` Dr. Greg
2023-02-14 12:18 ` Roberto Sassu
2023-02-15 16:26 ` Dr. Greg
2023-03-03 4:15 ` Paul Moore
2023-03-13 22:52 ` Dr. Greg
2023-03-22 23:45 ` Paul Moore
2023-03-30 3:34 ` Dr. Greg
2023-04-05 20:45 ` Paul Moore
2023-04-07 14:10 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 03/14] Add magic number for tsemfs Dr. Greg
2023-02-04 5:09 ` [PATCH 04/14] Implement CAP_TRUST capability Dr. Greg
2023-02-06 17:28 ` Serge Hallyn (shallyn) [this message]
2023-02-11 0:32 ` Dr. Greg
[not found] ` <a12483d1-9d57-d429-789b-9e47ff575546@schaufler-ca.com>
2023-02-13 11:43 ` Dr. Greg
2023-02-13 18:02 ` Casey Schaufler
2023-02-16 21:47 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 05/14] Add TSEM master header file Dr. Greg
[not found] ` <ecb168ef-b82d-fd61-f2f8-54a4ef8c3b48@schaufler-ca.com>
2023-02-06 0:10 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 06/14] Add primary TSEM implementation file Dr. Greg
2023-02-04 5:09 ` [PATCH 07/14] Add root domain trust implementation Dr. Greg
2023-02-04 5:09 ` [PATCH 08/14] Implement TSEM control plane Dr. Greg
2023-02-09 11:30 ` Greg KH
2023-02-11 0:18 ` Dr. Greg
2023-02-11 10:59 ` Greg KH
2023-02-12 6:54 ` Dr. Greg
2023-02-16 6:53 ` Greg KH
2023-02-18 18:03 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 09/14] Add namespace implementation Dr. Greg
2023-02-04 5:09 ` [PATCH 10/14] Add security event description export facility Dr. Greg
2023-02-04 5:09 ` [PATCH 11/14] Add event description implementation Dr. Greg
2023-02-04 5:09 ` [PATCH 12/14] Implement security event mapping Dr. Greg
2023-02-04 5:09 ` [PATCH 13/14] Implement an internal Trusted Modeling Agent Dr. Greg
2023-02-04 5:09 ` [PATCH 14/14] Activate the configuration and build of the TSEM LSM Dr. Greg
2023-02-08 22:15 ` Casey Schaufler
2023-02-09 22:21 ` Dr. Greg
[not found] ` <20230204115917.1015-1-hdanton@sina.com>
2023-02-23 18:41 ` [PATCH 09/14] Add namespace implementation Dr. Greg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y+E4pe8T7Z1ekJqo@jerom \
--to=shallyn@cisco.com \
--cc=greg@enjellic.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox