From: "Stephen C. Tweedie" <sct@redhat.com>
To: Stephen Smalley <sds@tislabs.com>
Cc: "Stephen C. Tweedie" <sct@redhat.com>,
Russell Coker <russell@coker.com.au>,
linux-kernel@vger.kernel.org, linux-security-module@wirex.com
Subject: Re: [PATCH] remove sys_security
Date: Wed, 23 Oct 2002 15:54:57 +0100 [thread overview]
Message-ID: <20021023155457.L2732@redhat.com> (raw)
In-Reply-To: <Pine.GSO.4.33.0210230942210.7042-100000@raven>; from sds@tislabs.com on Wed, Oct 23, 2002 at 10:27:27AM -0400
Hi,
On Wed, Oct 23, 2002 at 10:27:27AM -0400, Stephen Smalley wrote:
> On Wed, 23 Oct 2002, Stephen C. Tweedie wrote:
> > setfsuid() creates credentials which are _only_ applied to file
> > operations. The namespace happens to be the same one that applies to
> > processes, but there's nothing that requires that to be the case
> Would we need a separate call for setting the SIDs to use for each
> "namespace", i.e. fs (for open, mkdir, mknod, and symlink calls), IPC
> (for semget, msgget, and shmget calls), process (for execve calls), and
> socket (for socket, connect, listen, sendmsg, and sendto calls, requiring
> two SIDs for send*)?
The BSD socket API already has a clean and extensible way of dealing
with multiple namespaces, so there's plenty of precedent about how to
do this without requiring multiple syscalls.
> While your approach would work for calls that take input SID parameters,
> what about the various calls that return SIDs either directly or via
> output SID parameters, e.g. extended forms of *stat, msgrcv, recvmsg,
> getpeername/accept plus new calls like (sem|shm|msg)sid and getsecsid?
Good question --- what is the reason you need these, and are other
security modules likely to need similar functionality? If so, there's
an argument for new syscalls which take a credentials/sid area as a
return argument.
--Stephen
next prev parent reply other threads:[~2002-10-23 14:48 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-17 18:50 [PATCH] remove sys_security Christoph Hellwig
2002-10-17 18:53 ` Greg KH
2002-10-17 18:58 ` Christoph Hellwig
2002-10-17 19:07 ` Greg KH
2002-10-17 20:04 ` Christoph Hellwig
2002-10-17 20:10 ` Greg KH
2002-10-17 20:12 ` Christoph Hellwig
2002-10-18 7:04 ` Crispin Cowan
2002-10-18 7:07 ` David S. Miller
2002-10-18 8:31 ` Crispin Cowan
2002-10-18 8:29 ` David S. Miller
2002-10-18 12:52 ` Christoph Hellwig
2002-10-18 15:04 ` Greg KH
2002-10-19 2:05 ` Crispin Cowan
2002-10-18 7:11 ` Greg KH
2002-10-18 7:28 ` Alexander Viro
2002-10-18 9:02 ` Crispin Cowan
2002-10-18 13:05 ` Christoph Hellwig
2002-10-18 15:14 ` Valdis.Kletnieks
2002-10-18 15:18 ` Christoph Hellwig
2002-10-18 16:30 ` Russell Coker
2002-10-18 16:33 ` Christoph Hellwig
2002-10-18 16:53 ` Greg KH
2002-10-18 16:54 ` Russell Coker
2002-10-18 17:15 ` Stephen Smalley
2002-10-18 22:36 ` Chris Wright
2002-10-21 13:54 ` Mike Wray
2002-10-21 14:09 ` Christoph Hellwig
2002-10-21 16:44 ` Mike Wray
2002-10-21 17:36 ` Christoph Hellwig
2002-10-18 20:36 ` David Wagner
2002-10-18 17:44 ` Stephen Smalley
2002-10-18 16:38 ` Russell Coker
2002-10-18 16:52 ` Richard B. Johnson
2002-10-18 9:09 ` David Wagner
2002-10-18 10:14 ` Russell Coker
2002-10-18 12:50 ` Christoph Hellwig
2002-10-17 20:30 ` Jeff Garzik
2002-10-17 21:00 ` Russell Coker
2002-10-17 21:10 ` Jeff Garzik
2002-10-17 21:37 ` Russell Coker
2002-10-17 21:49 ` Alexander Viro
2002-10-17 22:14 ` Russell Coker
2002-10-17 22:22 ` Andreas Dilger
2002-10-23 0:35 ` Stephen C. Tweedie
2002-10-23 11:43 ` Russell Coker
2002-10-23 11:59 ` Stephen C. Tweedie
2002-10-23 14:27 ` Stephen Smalley
2002-10-23 14:54 ` Stephen C. Tweedie [this message]
2002-10-23 16:09 ` Stephen Smalley
2002-10-23 16:24 ` Christoph Hellwig
2002-10-23 16:34 ` Stephen Smalley
2002-10-23 16:36 ` Christoph Hellwig
2002-10-23 16:51 ` Stephen Smalley
2002-10-24 6:26 ` Nathan Scott
2002-10-24 8:45 ` Russell Coker
2002-10-17 20:45 ` Russell Coker
2002-10-21 13:57 ` Alan Cox
2002-10-21 21:12 ` Crispin Cowan
2002-10-21 21:17 ` Greg KH
2002-10-22 12:22 ` Stephen Smalley
2002-10-17 20:20 ` Russell Coker
2002-10-17 20:27 ` Christoph Hellwig
2002-10-17 20:28 ` Greg KH
2002-10-17 19:05 ` Alexander Viro
2002-10-17 20:18 ` David S. Miller
2002-10-17 20:36 ` Greg KH
2002-10-17 20:38 ` David S. Miller
2002-10-17 20:58 ` Greg KH
2002-10-17 20:58 ` David S. Miller
2002-10-17 22:09 ` Greg KH
2002-10-17 22:07 ` David S. Miller
2002-10-17 22:19 ` Greg KH
2002-10-18 8:00 ` Crispin Cowan
2002-10-18 7:57 ` David S. Miller
2002-10-18 13:08 ` Christoph Hellwig
2002-10-17 21:54 ` David Wagner
2002-10-17 22:36 ` David S. Miller
2002-10-17 23:04 ` Chris Wright
2002-10-17 23:08 ` David S. Miller
2002-10-18 14:24 ` Jakob Oestergaard
2002-10-17 22:51 ` Andreas Steinmetz
2002-10-17 22:51 ` David S. Miller
2002-10-18 17:47 ` Daniel Egger
2002-10-17 23:00 ` Jeff Garzik
2002-10-17 22:56 ` David S. Miller
2002-10-17 23:09 ` Greg KH
2002-10-17 23:10 ` Chris Wright
2002-10-17 23:10 ` Andreas Steinmetz
2002-10-18 13:11 ` Christoph Hellwig
2002-10-17 23:11 ` Greg KH
[not found] <20021017201030.GA384@kroah.com.suse.lists.linux.kernel>
[not found] ` <20021017211223.A8095@infradead.org.suse.lists.linux.kernel>
[not found] ` <3DAFB260.5000206@wirex.com.suse.lists.linux.kernel>
[not found] ` <20021018.000738.05626464.davem@redhat.com.suse.lists.linux.kernel>
[not found] ` <3DAFC6E7.9000302@wirex.com.suse.lists.linux.kernel>
2002-10-18 9:25 ` Andi Kleen
2002-10-18 9:36 ` Crispin Cowan
2002-10-18 9:44 ` Andi Kleen
2002-10-18 9:55 ` Russell Coker
2002-10-18 10:13 ` Andi Kleen
2002-10-18 17:24 ` Rik van Riel
2002-10-18 11:43 ` Andreas Ferber
[not found] <20021023155457.L2732@redhat.com.suse.lists.linux.kernel>
[not found] ` <Pine.GSO.4.33.0210231112420.7042-100000@raven.suse.lists.linux.kernel>
2002-10-23 16:33 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021023155457.L2732@redhat.com \
--to=sct@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=russell@coker.com.au \
--cc=sds@tislabs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox