From: jamal <hadi@cyberus.ca>
To: Thomas Graf <tgraf@suug.ch>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
"David S. Miller" <davem@davemloft.net>,
netdev@vger.kernel.org, Evgeniy Polyakov <johnpol@2ka.mipt.ru>,
James Morris <jmorris@namei.org>
Subject: Re: Refactor Netlink connector?
Date: Wed, 31 May 2006 08:20:55 -0400 [thread overview]
Message-ID: <1149078055.5462.55.camel@jzny2> (raw)
In-Reply-To: <20060531030046.GC7844@postel.suug.ch>
On Wed, 2006-31-05 at 05:00 +0200, Thomas Graf wrote:
> * James Morris <jmorris@namei.org> 2006-05-27 13:21
> > Actually, a possible solution here is to completely remove all internal
> > knowledge of netlink messages from SELinux and have the netfilter
> > framework and protocols provide methods to determine message types and
> > permissions.
>
> Right, regarding generic netlink we can extend struct genl_ops to
> include a policy stating what permissions are required.
The challenge is how to inform SELinux of these permissions.
The access limit could be done by putting a SELinux hook at the time the
skb gets to the generic netlink code?
Note: There's actually two things that can be classified for access
control, the genl family as well as the ops.
> Besides
> that we can extend struct nla_policy to support validating of
> attributes.
This is even further granularity that opens a whole new can of worms.
BTW, I abused the term "attribute" in my other email to James. In that
context it means metadata for the command and in the above case it means
the "T" in TLV. Despite that they are strongly related, just that
the packet offsets are different and the checks are for different
things: SELinux policy is a simple accept/deny based on some policy
(provisioned in user space??) and nla_policy is richer with a range
check for sanity reasons as opposed to access control and then
accept/deny.
cheers,
jamal
next prev parent reply other threads:[~2006-05-31 12:21 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-26 20:04 Refactor Netlink connector? James Morris
2006-05-26 23:06 ` Patrick McHardy
2006-05-27 13:46 ` Evgeniy Polyakov
2006-05-27 16:45 ` James Morris
2006-05-27 17:21 ` James Morris
2006-05-28 15:33 ` Evgeniy Polyakov
2006-05-29 6:36 ` David Miller
2006-05-29 12:11 ` jamal
2006-05-30 14:22 ` James Morris
2006-05-31 12:00 ` jamal
2006-05-31 13:09 ` Thomas Graf
2006-05-30 14:18 ` James Morris
2006-05-30 18:03 ` Evgeniy Polyakov
2006-05-30 18:58 ` James Morris
2006-05-30 19:09 ` Evgeniy Polyakov
2006-05-31 3:00 ` Thomas Graf
2006-05-31 12:20 ` jamal [this message]
2006-05-31 13:06 ` Thomas Graf
2006-05-31 13:22 ` jamal
2006-05-31 15:42 ` James Morris
2006-06-01 10:45 ` Thomas Graf
2006-06-01 14:24 ` James Morris
2006-06-14 12:36 ` jamal
2006-06-14 15:19 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1149078055.5462.55.camel@jzny2 \
--to=hadi@cyberus.ca \
--cc=davem@davemloft.net \
--cc=jmorris@namei.org \
--cc=johnpol@2ka.mipt.ru \
--cc=netdev@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).