From: Thomas Graf <tgraf@suug.ch>
To: jamal <hadi@cyberus.ca>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
"David S. Miller" <davem@davemloft.net>,
netdev@vger.kernel.org, Evgeniy Polyakov <johnpol@2ka.mipt.ru>,
James Morris <jmorris@namei.org>
Subject: Re: Refactor Netlink connector?
Date: Wed, 31 May 2006 15:06:49 +0200 [thread overview]
Message-ID: <20060531130649.GD7844@postel.suug.ch> (raw)
In-Reply-To: <1149078055.5462.55.camel@jzny2>
* jamal <hadi@cyberus.ca> 2006-05-31 08:20
> The challenge is how to inform SELinux of these permissions.
> The access limit could be done by putting a SELinux hook at the time the
> skb gets to the generic netlink code?
> Note: There's actually two things that can be classified for access
> control, the genl family as well as the ops.
We already have the flag GENL_ADMIN_PERM which when set for a
struct genl_ops calls security_netlink_recv(). It's not as
fine grained as it could be though. The point is that adding
fine grained SELinux support is no problem and even easier than
for casual netlink families.
> This is even further granularity that opens a whole new can of worms.
I agree, the advantage is that the genetlink code already takes
care of validating the attributes, all we have to do is allow
genetlink families to provide a policy.
> BTW, I abused the term "attribute" in my other email to James. In that
> context it means metadata for the command and in the above case it means
> the "T" in TLV. Despite that they are strongly related, just that
> the packet offsets are different and the checks are for different
> things: SELinux policy is a simple accept/deny based on some policy
> (provisioned in user space??) and nla_policy is richer with a range
> check for sanity reasons as opposed to access control and then
> accept/deny.
Right, the important point is that for genetlink we already have
a point where we peek at the attributes and adding a hook is
trivial unlike for other netlink families where they'd have to be
spread in the code.
next prev parent reply other threads:[~2006-05-31 13:06 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-26 20:04 Refactor Netlink connector? James Morris
2006-05-26 23:06 ` Patrick McHardy
2006-05-27 13:46 ` Evgeniy Polyakov
2006-05-27 16:45 ` James Morris
2006-05-27 17:21 ` James Morris
2006-05-28 15:33 ` Evgeniy Polyakov
2006-05-29 6:36 ` David Miller
2006-05-29 12:11 ` jamal
2006-05-30 14:22 ` James Morris
2006-05-31 12:00 ` jamal
2006-05-31 13:09 ` Thomas Graf
2006-05-30 14:18 ` James Morris
2006-05-30 18:03 ` Evgeniy Polyakov
2006-05-30 18:58 ` James Morris
2006-05-30 19:09 ` Evgeniy Polyakov
2006-05-31 3:00 ` Thomas Graf
2006-05-31 12:20 ` jamal
2006-05-31 13:06 ` Thomas Graf [this message]
2006-05-31 13:22 ` jamal
2006-05-31 15:42 ` James Morris
2006-06-01 10:45 ` Thomas Graf
2006-06-01 14:24 ` James Morris
2006-06-14 12:36 ` jamal
2006-06-14 15:19 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060531130649.GD7844@postel.suug.ch \
--to=tgraf@suug.ch \
--cc=davem@davemloft.net \
--cc=hadi@cyberus.ca \
--cc=jmorris@namei.org \
--cc=johnpol@2ka.mipt.ru \
--cc=netdev@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).