From: Kurt Garloff <garloff@suse.de>
To: Amon Ott <ao@rsbac.org>
Cc: rsbac@rsbac.org,
"Lorenzo Hernández García-Hierro" <lorenzo@gnu.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-security-module@wirex.com"
<linux-security-module@wirex.com>
Subject: Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims
Date: Thu, 24 Feb 2005 01:55:51 +0100 [thread overview]
Message-ID: <20050224005551.GD18216@tpkurt.garloff.de> (raw)
In-Reply-To: <200502211119.24845.ao@rsbac.org>
[-- Attachment #1: Type: text/plain, Size: 1337 bytes --]
Hi Amon,
On Mon, Feb 21, 2005 at 11:19:16AM +0100, Amon Ott wrote:
> > -> 5. Posix Capabilities Without Stacking Support
> >
> > I don't get the point of these claims.
> > The LSM framework currently has full support for dynamic and
> > logic-changeable POSIX.1e capabilities, using the capable() hook and
> > calling capable(from whatever location inside any other hook to apply
> > further logic checks (ie. in capable() check for jailed @current process
> > and deny use of CAP_SYS_CHROOT and CAP_SYS_ADMIN or what-ever-else
> > capabilities) or in syslog() to deny access to kernel messages stack to
> > unprivileged users.
>
> Without rechecking the current state: At least the last time I
> checked, the hardwired kernel capabilities were explicitely disabled
> when LSM got switched on. You had to use the capabilities LSM module
> instead, which was not able to stack. It always had to be the last in
> the chain, thus effectively sealing against any other LSM module to
> be loaded later.
My patches posted Feb 13 fix this.
If you apply them (and I hope Linus will), capabilities is default
and you can replace that by loading an LSM. You can stack capability
on top of the primary LSM again, if the latter supports this.
Best regards,
--
Kurt Garloff, Director SUSE Labs, Novell Inc.
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-02-24 1:01 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-15 22:38 Thoughts on the "No Linux Security Modules framework" old claims Lorenzo Hernández García-Hierro
2005-02-16 4:21 ` Valdis.Kletnieks
2005-02-16 13:29 ` Lorenzo Hernández García-Hierro
2005-02-16 13:30 ` Stephen Smalley
2005-02-16 16:07 ` Casey Schaufler
2005-02-16 15:52 ` Casey Schaufler
2005-02-16 17:41 ` Valdis.Kletnieks
2005-02-21 10:19 ` [rsbac] " Amon Ott
2005-02-21 17:15 ` Lorenzo Hernández García-Hierro
2005-02-21 17:50 ` Casey Schaufler
2005-02-22 8:57 ` Amon Ott
2005-02-22 15:23 ` Casey Schaufler
2005-02-24 0:55 ` Kurt Garloff [this message]
2005-02-24 8:28 ` Amon Ott
2005-02-25 10:14 ` Kurt Garloff
2005-02-23 21:37 ` Crispin Cowan
2005-02-23 22:00 ` Lorenzo Hernández García-Hierro
2005-02-23 22:07 ` Crispin Cowan
2005-02-23 22:34 ` Lorenzo Hernández García-Hierro
2005-02-24 13:23 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050224005551.GD18216@tpkurt.garloff.de \
--to=garloff@suse.de \
--cc=ao@rsbac.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=lorenzo@gnu.org \
--cc=rsbac@rsbac.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox