From: Samir Bellabes <sam@synack.fr>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
Rik van Riel <riel@redhat.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>, Ingo Molnar <mingo@elte.hu>,
James Morris <jmorris@namei.org>,
linux-kernel@vger.kernel.org, Kyle McMartin <kyle@mcmartin.ca>,
Alexander Viro <viro@ftp.linux.org.uk>
Subject: Re: Upstream first policy
Date: Tue, 09 Mar 2010 14:09:07 +0100 [thread overview]
Message-ID: <m2pr3dlk0c.fsf@ssh.synack.fr> (raw)
In-Reply-To: <alpine.LFD.2.00.1003081955010.3669@localhost.localdomain> (Linus Torvalds's message of "Mon, 8 Mar 2010 19:58:25 -0800 (PST)")
Linus Torvalds <torvalds@linux-foundation.org> writes:
> On Mon, 8 Mar 2010, Casey Schaufler wrote:
>>
>> Those of you who say we ought to come up with a single framework
>> that we can use to Do The Right Thing haven't been reading the code.
>> We have such a framework in the LSM.
>
> .. and people are also interested in using (and expanding) the 'notify'
> layer, probably because it is obviously designed for efficiently talking
> at a user-level program about the relevant accesses. Whether that is
> because they are just crazy ("malware detection") or whether it is an
> indication that the LSM layer and current security models are just not
> convenient enough, I dunno.
LSM layer gives enough to push the policy manager in userspace. Even
after that to a centralized server.
I worked on this, regarding networking. Next move should be to include
the LSM hooks regarding filesystem. [0]
I have concern about the way to do this, ie should we use the LSM layer
to do this, or should we put the features directly in the filesystem
stack or networking stack ?
At this point, it reminds me, ipchains (kernel 2.2) vs netfilter (kernel
2.4-2.6). At the beginning, with ipchains, filtering code was directly
in the network stack, and it wasn't the solution. So netfilter's hooks
was designed.
with LSM, we have a layer, and as sure as every one will come with his
own approach, I think we should keep code in stack (network, filesystem,
..) clean, and make the defering to userspace approach as a security
module. Then let the user/distro decided which features he want to use.
thanks,
sam
[0] http://lkml.org/lkml/2010/3/2/295
next prev parent reply other threads:[~2010-03-09 13:09 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-07 21:23 Upstream first policy James Morris
2010-03-07 21:31 ` Linus Torvalds
2010-03-07 21:36 ` Linus Torvalds
2010-03-08 9:46 ` Ingo Molnar
2010-03-08 17:30 ` Alan Cox
2010-03-08 18:08 ` Linus Torvalds
2010-03-08 18:45 ` Al Viro
2010-03-08 18:53 ` Al Viro
2010-03-08 18:59 ` Linus Torvalds
2010-03-08 19:15 ` Linus Torvalds
2010-03-08 19:17 ` Alan Cox
2010-03-08 19:32 ` Linus Torvalds
2010-03-09 0:48 ` Kyle McMartin
2010-03-08 21:20 ` Chris Adams
2010-03-08 19:18 ` Al Viro
2010-03-09 1:18 ` Luca Barbieri
2010-03-09 1:25 ` Al Viro
2010-03-09 1:51 ` Luca Barbieri
2010-03-09 1:55 ` Al Viro
2010-03-09 2:09 ` Luca Barbieri
2010-03-08 19:08 ` Alan Cox
2010-03-08 19:18 ` Linus Torvalds
2010-03-08 19:27 ` Alan Cox
2010-03-08 19:34 ` Linus Torvalds
2010-03-09 7:29 ` Ingo Molnar
2010-03-09 8:46 ` Dave Airlie
2010-03-09 14:58 ` Ulrich Drepper
2010-03-08 23:02 ` Eric W. Biederman
2010-03-08 23:18 ` Eric Paris
2010-03-09 15:16 ` Florian Mickler
2010-03-09 22:49 ` Alan Cox
2010-03-11 3:52 ` Eric W. Biederman
2010-03-08 22:12 ` Ulrich Drepper
2010-03-08 23:12 ` Eric Paris
2010-03-08 23:21 ` Linus Torvalds
2010-03-08 23:18 ` Rik van Riel
2010-03-08 23:37 ` Linus Torvalds
2010-03-08 23:51 ` Rik van Riel
2010-03-09 0:10 ` Linus Torvalds
2010-03-09 3:26 ` Casey Schaufler
2010-03-09 3:58 ` Linus Torvalds
2010-03-09 13:09 ` Samir Bellabes [this message]
2010-03-09 0:15 ` Al Viro
2010-03-09 0:48 ` Al Viro
2010-03-09 1:49 ` Linus Torvalds
2010-03-09 2:05 ` Al Viro
2010-03-09 2:18 ` Linus Torvalds
2010-03-23 13:59 ` Pavel Machek
[not found] <elwcV-406-1@gated-at.bofh.it>
[not found] ` <elHL4-42q-5@gated-at.bofh.it>
[not found] ` <elP5U-6Ku-29@gated-at.bofh.it>
[not found] ` <elPyV-7zE-7@gated-at.bofh.it>
[not found] ` <elQbE-8ll-7@gated-at.bofh.it>
[not found] ` <elQv0-vu-13@gated-at.bofh.it>
[not found] ` <elQEG-Hn-33@gated-at.bofh.it>
2010-03-08 19:40 ` James Kosin
-- strict thread matches above, loose matches on Subject: below --
2010-03-04 18:39 [git pull] drm request 3 Jesse Barnes
2010-03-04 18:51 ` Linus Torvalds
2010-03-04 18:56 ` Jesse Barnes
2010-03-04 19:08 ` Linus Torvalds
2010-03-04 19:25 ` Dave Airlie
2010-03-04 20:01 ` Linus Torvalds
2010-03-04 22:06 ` Dave Airlie
2010-03-05 0:08 ` Linus Torvalds
2010-03-05 0:28 ` Ben Skeggs
2010-03-05 0:41 ` Linus Torvalds
2010-03-05 1:19 ` Upstream first policy Kyle McMartin
2010-03-05 1:28 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2pr3dlk0c.fsf@ssh.synack.fr \
--to=sam@synack.fr \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=kyle@mcmartin.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=riel@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).