From: Karl MacMillan <kmacmillan@mentalrootkit.com>
To: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>,
Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
trond.myklebust@fys.uio.no, selinux@tycho.nsa.gov,
linux-kernel@vger.kernel.org, aviro@redhat.com,
steved@redhat.com
Subject: Re: [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden
Date: Wed, 15 Nov 2006 12:52:07 -0500 [thread overview]
Message-ID: <455B53C7.1060604@mentalrootkit.com> (raw)
In-Reply-To: <26860.1163607813@redhat.com>
David Howells wrote:
> James Morris <jmorris@namei.org> wrote:
>
>> Well, the value can be changed at any time, so you could be using a
>> temporary fscreate value, or your new value could be overwritten
>> immediately by writing to /proc/$$/attr/fscreate
>
> Ah. Hmmm. By whom? In selinux_setprocattr():
>
> if (current != p) {
> /* SELinux only allows a process to change its own
> security attributes. */
> return -EACCES;
> }
>
> But current busy inside the cache and can't do this.
>
>> I think we need to add a separate field for this purpose, which can only
>> be written to via the in-kernel API and overrides fscreate.
>
> So, like my acts-as security ID patch?
>
> Would it still need to be controlled by MAC policy in that case?
Yes - if we are going to perform some MAC checks for this kernel process
we need to have all checks performed.
Doing so is
> a bit of a pain as it means I have a whole bunch of extra failures I still
> need to check for,
This is true for going this route in general rather than simply
bypassing MAC. I don't think halfway makes any sense.
and the race in which the rules might change is still a
> possibility I have to deal with.
>
I don't think this is a race, it is revocation of access. If you check
the access at every operation and correctly deal with access failures,
then this shouldn't be a problem. Yes it is a pain, but that is how
SELinux is supposed to work.
Karl
next prev parent reply other threads:[~2006-11-15 17:52 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-14 20:06 [PATCH 00/19] Permit filesystem local caching and NFS superblock sharing David Howells
2006-11-14 20:06 ` [PATCH 02/19] FS-Cache: Provide a filesystem-specific sync'able page bit David Howells
2006-11-14 20:06 ` [PATCH 03/19] FS-Cache: Release page->private after failed readahead David Howells
2006-11-14 20:06 ` [PATCH 04/19] FS-Cache: Make kAFS use FS-Cache David Howells
2006-11-14 20:06 ` [PATCH 05/19] NFS: Use local caching David Howells
2006-11-15 12:38 ` Steve Dickson
2006-11-15 15:09 ` Trond Myklebust
2006-11-15 16:00 ` David Howells
2006-11-15 16:52 ` Trond Myklebust
2006-11-15 17:07 ` David Howells
2006-11-15 17:53 ` Trond Myklebust
2006-11-14 20:06 ` [PATCH 06/19] FS-Cache: NFS: Only obtain cache cookies on file open, not on inode read David Howells
2006-11-15 11:23 ` Steve Dickson
2006-11-14 20:06 ` [PATCH 07/19] CacheFiles: Add missing copy_page export for ia64 David Howells
2006-11-14 20:06 ` [PATCH 08/19] CacheFiles: Add a function to write a single page of data to an inode David Howells
2006-11-14 20:06 ` [PATCH 09/19] CacheFiles: Permit the page lock state to be monitored David Howells
2006-11-14 20:06 ` [PATCH 10/19] CacheFiles: Export things for CacheFiles David Howells
2006-11-14 20:06 ` [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden David Howells
2006-11-14 21:19 ` James Morris
2006-11-20 18:41 ` Stephen Smalley
2006-11-20 19:56 ` Karl MacMillan
2006-11-20 22:29 ` James Morris
2006-11-15 12:26 ` David Howells
2006-11-15 16:19 ` James Morris
2006-11-15 16:23 ` David Howells
2006-11-15 17:52 ` Karl MacMillan [this message]
2006-11-15 18:21 ` David Howells
2006-11-20 18:49 ` Stephen Smalley
2006-11-15 19:09 ` David Howells
2006-11-15 19:11 ` David Howells
2006-11-15 13:50 ` David Howells
2006-11-15 16:22 ` James Morris
2006-11-15 17:54 ` Karl MacMillan
2006-11-14 20:06 ` [PATCH 13/19] CacheFiles: Add an act-as SID override in task_security_struct David Howells
2006-11-14 20:06 ` [PATCH 14/19] CacheFiles: Permit an inode's security ID to be obtained David Howells
2006-11-14 20:06 ` [PATCH 15/19] CacheFiles: Get the SID under which the CacheFiles module should operate David Howells
2006-11-14 20:06 ` [PATCH 16/19] CacheFiles: Deal with LSM when accessing the cache David Howells
2006-11-14 21:27 ` James Morris
2006-11-14 20:06 ` [PATCH 17/19] CacheFiles: Use the VFS wrappers for inode ops David Howells
2006-11-14 20:07 ` [PATCH 18/19] CacheFiles: Use VFS lookup services David Howells
2006-11-14 20:07 ` [PATCH 19/19] CacheFiles: Permit daemon to probe inuseness of a cache file David Howells
2006-11-15 15:52 ` Christoph Hellwig
2006-11-15 16:10 ` David Howells
2006-11-15 10:10 ` [PATCH 20/19] CacheFiles: Use secid not sid lest confusion arise with session IDs David Howells
2006-11-15 13:17 ` [PATCH 21/19] CacheFiles: Set the file creation security ID whilst binding the cache David Howells
2006-11-15 13:23 ` [PATCH 22/19] FS-Cache: NFS: Rename NFS_INO_CACHEABLE David Howells
2006-11-15 16:42 ` [PATCH 23/19] FS-Cache: NFS: Don't invoke FS-Cache from nfs_zap_caches() David Howells
2006-11-15 16:51 ` [PATCH 24/19] FS-Cache: NFS: Remove old support for R/W caching David Howells
2006-11-15 17:22 ` [PATCH 25/19] FS-Cache: NFS: Wait in releasepage() if FS-Cache is busy and __GFP_WAIT is set David Howells
2006-11-17 10:01 ` [PATCH 26/19] CacheFiles: Don't include linux/proc_fs.h David Howells
2006-11-23 13:10 ` [PATCH 27/19] FS-Cache: Apply the PG_checked -> PG_fs_misc conversion to Ext4 David Howells
2006-11-23 13:17 ` [PATCH 28/19] FS-Cache: NFS: Handle caching being disabled correctly David Howells
2006-11-23 20:13 ` [PATCH 29/19] CacheFiles: Remove old obsolete cull function David Howells
2006-11-29 16:47 ` [PATCH 30/19] CacheFiles: Fix the allocate_page() op David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=455B53C7.1060604@mentalrootkit.com \
--to=kmacmillan@mentalrootkit.com \
--cc=akpm@osdl.org \
--cc=aviro@redhat.com \
--cc=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=steved@redhat.com \
--cc=torvalds@osdl.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).