From: Casey Schaufler <casey@schaufler-ca.com>
To: Andi Kleen <andi@firstfloor.org>, casey@schaufler-ca.com
Cc: linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, akpm@osdl.org, torvalds@osdl.org
Subject: Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
Date: Sat, 11 Aug 2007 18:36:02 -0700 (PDT) [thread overview]
Message-ID: <515984.88226.qm@web36611.mail.mud.yahoo.com> (raw)
In-Reply-To: <p73zm0xslyk.fsf@bingen.suse.de>
--- Andi Kleen <andi@firstfloor.org> wrote:
> Casey Schaufler <casey@schaufler-ca.com> writes:
>
> > Smack is the Simplified Mandatory Access Control Kernel.
>
> I like the simplified part.
>
> > +static int smk_get_access(smack_t sub, smack_t obj)
> > +{
> > + struct smk_list_entry *sp = smack_list;
> > +
> > + for (; sp != NULL; sp = sp->smk_next)
> > + if (sp->smk_rule.smk_subject == sub &&
> > + sp->smk_rule.smk_object == obj)
> > + return sp->smk_rule.smk_access;
>
> Do I miss something, or is there really no locking for the reader side
> of the list? That looks dangerous. Of course a global lock for readers
> would be likely a scaling disaster. You could use RCU.
Entries are never deleted, although they can be modified.
> Or if you assume rules are changed only very infrequently it might
> be more cache friendly to compile all the rules into a linear buffer
> and then just replace the whole buffer atomically with a RCU
> grace period on cahnges.
Individual entries can be modified without changing the whole
thing, but they shouldn't change often.
> It doesn't look like it would scale to larger numbers of rules though.
> Is that intended? Would caching of decisions fit into the design?
I put some thought into clever schemes for supporting large rule sets
well but decided to go ahead with the simplest possible mechanism
because I expect that in real deployments the number of rules will
be small. In fact, experiance says that virtually all access choices
will be covered either by the subject==object case or the subject can
read floor case. Cacheing, hashing, and 2D structures are all
possibilties that I would be happy to entertain as enhancements.
> Also in general code style would need some improvements;
> e.g. no externs in .c; no ../.. include hacks etc.
> You also seem weak on the Documentation front.
Yes, it is pretty sparse.
> Other than that it looks reasonably clean (haven't read all of it)
Thank you for your comments. I think the next version will be improved.
Casey Schaufler
casey@schaufler-ca.com
next prev parent reply other threads:[~2007-08-12 1:36 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-11 17:57 [PATCH] Smack: Simplified Mandatory Access Control Kernel Casey Schaufler
2007-08-11 19:12 ` Arjan van de Ven
2007-08-11 19:56 ` Casey Schaufler
2007-08-12 3:39 ` Keith Owens
2007-08-11 19:18 ` Kyle Moffett
2007-08-11 21:01 ` Casey Schaufler
2007-08-11 21:47 ` Kyle Moffett
2007-08-12 1:21 ` Casey Schaufler
2007-08-12 4:32 ` Kyle Moffett
2007-08-12 19:41 ` Casey Schaufler
2007-08-12 23:18 ` Crispin Cowan
2007-08-13 1:38 ` Kyle Moffett
2007-08-13 2:36 ` Joshua Brindle
2007-08-13 2:45 ` Kyle Moffett
2007-08-13 4:23 ` Casey Schaufler
2007-08-16 20:58 ` Pavel Machek
2007-08-17 4:56 ` Casey Schaufler
2007-08-17 9:46 ` Miguel Ojeda
2007-08-18 5:29 ` Kyle Moffett
2007-08-19 21:12 ` Valdis.Kletnieks
2007-08-21 13:16 ` Kyle Moffett
2007-08-21 15:50 ` Casey Schaufler
2007-08-22 3:43 ` Kyle Moffett
2007-08-22 4:08 ` Casey Schaufler
2007-09-07 16:02 ` Casey Schaufler
2007-08-20 14:29 ` Casey Schaufler
2007-08-21 7:37 ` Pavel Machek
2007-08-21 15:35 ` Casey Schaufler
2007-08-22 8:05 ` Pavel Machek
2007-08-22 18:47 ` Casey Schaufler
2007-08-23 7:14 ` Jan Engelhardt
2007-08-11 20:26 ` Jan Engelhardt
2007-08-11 23:22 ` Casey Schaufler
2007-08-12 11:16 ` Jan Engelhardt
2007-08-12 19:50 ` Casey Schaufler
2007-08-11 23:14 ` Andi Kleen
2007-08-12 1:36 ` Casey Schaufler [this message]
2007-08-12 11:49 ` Andi Kleen
2007-08-12 17:48 ` Casey Schaufler
2007-08-12 21:36 ` Andi Kleen
2007-08-12 21:46 ` Casey Schaufler
2007-08-12 3:45 ` Keith Owens
2007-08-12 17:16 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=515984.88226.qm@web36611.mail.mud.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=akpm@osdl.org \
--cc=andi@firstfloor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox