to see what they do because I don't
believe for a minute that the problem
of system security is solved.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
at Heathrow,
where half the people had too much luggage
to go through security, but had already
gone through once at the previous airport.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More
. In this case
they are simple enough.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
down results in an integrity model. Trusted
Irix uses (used?) both Biba and BLP.
(as well as MLS systems work in general that is).
Doh! He had to get the dig in.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body
--- Tetsuo Handa [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
Putting access control on ports rather than sockets is a novel
approach. It is a lot simpler underneath and more consistant with
the way other object name spaces are treated.
I prefer Novell's approach. It is easy like
--- Andreas Gruenbacher [EMAIL PROTECTED] wrote:
On Friday 25 May 2007 21:06, Casey Schaufler wrote:
--- Jeremy Maitin-Shepard [EMAIL PROTECTED] wrote:
...
Well, my point was exactly that App Armor doesn't (as far as I know) do
anything to enforce the argv[0] convention,
Sounds
be hair splitting in the current context, but
could be significant later if the thread continues.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
for them.
Also, just extend implies that it would be easy to do. I
suggest you go read the SELinux MLS code, and go read some
of the discussions about getting MLS working for the RedHat LSP
before you go throwing just around.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Fri, 2007-06-15 at 11:01 -0700, Casey Schaufler wrote:
--- Greg KH [EMAIL PROTECTED] wrote:
A daemon using inotify can instantly[1] detect this and label the file
properly if it shows up.
In our 1995 B1 evaluation of Trusted
--- Greg KH [EMAIL PROTECTED] wrote:
On Fri, Jun 15, 2007 at 01:43:31PM -0700, Casey Schaufler wrote:
Yup, I see that once you accept the notion that it is OK for a
file to be misslabeled for a bit and that having a fixxerupperd
is sufficient it all falls out.
My point
ought I expect to have to start
dealing with this?
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
--- Chris Wright [EMAIL PROTECTED] wrote:
* Casey Schaufler ([EMAIL PROTECTED]) wrote:
So, for planning purposes, when ought I expect to have to start
dealing with this?
What is your specific concern or use case?
Just hoping to avoid a change collision. If I have to deal
with this today
complete MAC which Casey Schaufler
explained in below mail?
http://marc.info/?l=linux-kernelm=118252843017261w=2
No. Your mechanism can be descretionary if you like. It can be
based on user IDs, phase of the moon, or any other scheme you
like. The arguments you've seen claiming that a module
with LSM from the
inception those many years ago. He's been working on getting this
module in for over a year. If you don't like his module go write
your own and put him out of business.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module
can give date
the capability to reset the clock without giving it the capability
to remove other people's files without changing the code or running
it setuid.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body
--- Andrew Morgan [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Casey Schaufler wrote:
Would there be a difference between that and setting either fI or fP
(depending on your intent) to those caps, and setting fE=1 in Andrew's
scheme?
Arg, you're making
with your email. I didn't
think you were that far behind!
Andrew's more current position, from Tue, 26 Jun 2007 19:47:00:
Sigh. Please don't put us in this position again. Get stuff upstream
before shipping it to customers, OK? It ain't rocket science.
Casey Schaufler
[EMAIL PROTECTED
that describe BellLaPadula
sensitivity, Biba integrity, and a variety of interesting
configurations. Smack rule sets can be modified on the fly to
accomodate changes in the operating environment or even the time
of day.
That's enough description for now. Have a look and enjoy.
Thank you.
Casey Schaufler
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Sat, 2007-07-14 at 14:47 -0700, Casey Schaufler wrote:
The patch exceeds the 40k size rule, coming in at about 100k.
I would be happy to send the patch to anyone who has trouble
with the project site. The patch can be found under
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Mon, 2007-07-16 at 08:32 -0700, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Mon, 2007-07-16 at 07:41 -0700, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Sat, 2007-07-14
--- Paul Moore [EMAIL PROTECTED] wrote:
On Saturday, July 14 2007 5:47:38 pm Casey Schaufler wrote:
Smack is the Simplified Mandatory Access Control Kernel.
One general comment I have, and this is more of a nit really, is that the
kdoc
comment blocks at the top of functions are _really_
.
Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
--- Paul Moore [EMAIL PROTECTED] wrote:
On Monday, July 16 2007 10:59:41 pm Casey Schaufler wrote:
--- Paul Moore [EMAIL PROTECTED] wrote:
On Saturday, July 14 2007 5:47:38 pm Casey Schaufler wrote:
+#include ../../net/netlabel/netlabel_domainhash.h
+#include net/cipso_ipv4.h
that
the default domain has to be cached?
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
--- Paul Moore [EMAIL PROTECTED] wrote:
On Tuesday, July 17 2007 2:51:14 pm Casey Schaufler wrote:
--- Paul Moore [EMAIL PROTECTED] wrote:
Also, any reason why you don't just use the NetLabel default domain
mapping?
Uh, only that I couldn't figure out how to go about doing
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Tue, 2007-07-17 at 15:28 -0400, Stephen Smalley wrote:
On Mon, 2007-07-16 at 21:18 -0700, Casey Schaufler wrote:
Thank you for the valuable comments. I have incorporated a good number
in the updated patch:
http://www.schaufler
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Sat, 2007-07-14 at 14:47 -0700, Casey Schaufler wrote:
Smack is the Simplified Mandatory Access Control Kernel.
...
A file always gets the Smack label of the task that created it.
Smack defines and uses these labels
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
...
I do have a hackish newsmack command, which I should probably include.
All it does is write the new label to /proc/self/attr/current and
exec the desired program. That's not good enough for a production
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Tue, 2007-07-17 at 19:59 -0700, Casey Schaufler wrote:
- Speaking of which, are you ok with your MAC model being overridden by
all uid 0 processes? Or do you plan to change securebits and use file
caps?
I've been tracking
.
I wonder if it'd be worth setting up a mailing list specifically for this.
We currently have too much off-list discussion happening, and nowhere
really good to have it on-list.
Thoughts?
Yes, please.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Wed, 2007-07-18 at 20:46 -0700, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Tue, 2007-07-17 at 19:59 -0700, Casey Schaufler wrote:
- Speaking of which, are you ok with your MAC model being
overridden
. Be careful about the relationship
between the events and the placement of your checks.
* Stephen had good comments on the details on list earlier.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message
--- Seth Arnold [EMAIL PROTECTED] wrote:
On Sun, Jul 22, 2007 at 09:44:49PM -0700, Casey Schaufler wrote:
I appears that everyone else took the weekend to read
Deathly Hallows* as it's been pretty quiet here. Well,
my wife took first dibs on our copy so I did some polishing
on smack
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
+static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
+{
+ smack_t *ssp = smack_of_shm(shp);
+ int rc;
+
+ if (ssp == NULL)
+ return 0;
+
+ rc = smk_curacc(ssp, MAY_READWRITE
--- James Morris [EMAIL PROTECTED] wrote:
On Tue, 24 Jul 2007, Casey Schaufler wrote:
Thank you again for the help so far.
Please include the patch inline so it can be replied to.
In
+static ssize_t smk_write_cipso(struct file *file, const char __user *buf
you have a wmb() here ? The mutex lock acts as a full memory
barrier.
Out come the wmb() calls. I'm still working on learning the details
of the locking models and I wasn't looking at a large enough scope
in the example to which I'd been pointed.
Thank you again.
Casey Schaufler
[EMAIL
to the SELinux policy.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
/smack_lsm.c 2007-07-24 15:02:16.0
-0700
@@ -0,0 +1,1989 @@
+/*
+ * Simplified MAC Kernel (smack) security module
+ *
+ * This file contains the smack hook function implementations.
+ *
+ * Author:
+ * Casey Schaufler [EMAIL PROTECTED]
+ *
+ * Copyright (C) 2007 Casey Schaufler [EMAIL
, and smackfs. 2/2 contains
the LSM hooks.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
@@
+/*
+ * Copyright (C) 2007 Casey Schaufler [EMAIL PROTECTED]
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ *
+ * Author
it will work under SELinux.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
about my priorities.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
--- Joshua Brindle [EMAIL PROTECTED] wrote:
... On the guard
implementation I'd like to note that assured pipelines are pretty hard
to get right. Without object class and create granularity (at the very
:16.0
-0700
@@ -0,0 +1,1989 @@
+/*
+ * Simplified MAC Kernel (smack) security module
+ *
+ * This file contains the smack hook function implementations.
+ *
+ * Author:
+ * Casey Schaufler [EMAIL PROTECTED]
+ *
+ * Copyright (C) 2007 Casey Schaufler [EMAIL PROTECTED
From: Casey Schaufler [EMAIL PROTECTED]
This patch removes SELinux specific code from the kernel auditing
system, replacing it with LSM hook invocations that perform the
functions appropriate to those behaviors.
The LSM interface is extended to provide interfaces for a module
to add audit
--- Casey Schaufler [EMAIL PROTECTED] wrote:
diff -uprN -X linux-2.6.22-base/Documentation/dontdiff
linux-2.6.22-base/include/linux/security.h
linux-2.6.22-audit/include/linux/security.h
--- linux-2.6.22-base/include/linux/security.h2007-07-08
16:32:17.0
-0700
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
--- Joshua Brindle [EMAIL PROTECTED] wrote:
... On the guard
implementation I'd like to note that assured pipelines
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
--- Joshua Brindle [EMAIL PROTECTED
From: Casey Schaufler [EMAIL PROTECTED]
This patch interposes LSM interfaces between the audit system
and SELinux. This helps make SELinux a cleaner LSM and clarifies
the interfaces provided by the audit system. The audit system
no longer requires SELinux functions or data structures, making
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Since unprivileged programs (the origin, guard, and publication
daemons in smackguard run without privilege) can't change their
Smack labels establishing a pipe between
--- Casey Schaufler [EMAIL PROTECTED] wrote:
Date: Thu, 9 Aug 2007 11:43:53 -0700 (PDT)
From: Casey Schaufler [EMAIL PROTECTED]
Subject: Re: Upstreaming shared LSM interfaces
To: David P. Quigley [EMAIL PROTECTED],
Stephen Smalley [EMAIL PROTECTED], James Morris
[EMAIL PROTECTED
for it.
Grumble. Yet another thing to undo in the near future. I still
hope to suggest what I would consider a viable alternative soon.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED
in the presence of other LSMs
and I doubt you would either.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
--- David Howells [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] wrote:
How would you expect an LSM that is not SELinux to interface with
CacheFiles?
You have to understand that I didn't know that much about the LSM interface,
so I asked advice of the Red Hat security
--- Kyle Moffett [EMAIL PROTECTED] wrote:
On Aug 11, 2007, at 13:57:31, Casey Schaufler wrote:
Smack implements mandatory access control (MAC) using labels
attached to tasks and data containers, including files, SVIPC, and
other tasks. Smack is a kernel based scheme that requires
--- Jan Engelhardt [EMAIL PROTECTED] wrote:
On Aug 11 2007 10:57, Casey Schaufler wrote:
* - pronounced star
wall
_ - pronounced floor
floor
^ - pronounced hat
roof
? - pronounced huh
it's dark in here :)
It's almost worth considering the change for the joke. Almost
--- Andi Kleen [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] writes:
Smack is the Simplified Mandatory Access Control Kernel.
I like the simplified part.
+static int smk_get_access(smack_t sub, smack_t obj)
+{
+ struct smk_list_entry *sp = smack_list
--- Andi Kleen [EMAIL PROTECTED] wrote:
Entries are never deleted, although they can be modified.
The modification case still seems racy then.
Fair enough. I'll look into real list management.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
--- Andi Kleen [EMAIL PROTECTED] wrote:
On Sun, Aug 12, 2007 at 10:48:05AM -0700, Casey Schaufler wrote:
--- Andi Kleen [EMAIL PROTECTED] wrote:
Entries are never deleted, although they can be modified.
The modification case still seems racy then.
Fair enough. I'll look
successfully on an 2 megahertz ARM processor with 8 meg
of ram, and no labeled file systems? I don't know that Smack
will ever be as appropriate for an enterprise server as SELinux is
today, but time will tell.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
--- David Howells [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] wrote:
Sigh. So it's not only SELinux specific, but RedHat specific as well.
*Blink*. How did you come to that conclusion?
(3) The cache driver wants to access the files in the cache, but it's
attractive for the latter case.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
--- David Howells [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] wrote:
With Smack you can leave the label alone, raise CAP_MAC_OVERRIDE,
do your business of setting the label correctly, and then drop
the capability. No new hooks required.
That sounds like a contradiction
the relevant security
information.
Similarly, page I/O operations would also not need alteration as the VMA
covering the region points to a file struct, which holds the appropriate
security.
David
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Tue, 2007-08-14 at 08:53 -0700, Casey Schaufler wrote:
--- David Howells [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] wrote:
With Smack you can leave the label alone, raise CAP_MAC_OVERRIDE,
do your business
just don't want the rock star lifestyle.
... And thank you for suggestions.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo
.
I believe that you build complex things on top of simple things,
not the other way around.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
--- Thomas Bleher [EMAIL PROTECTED] wrote:
* Casey Schaufler [EMAIL PROTECTED] [2007-08-27 22:51]:
Smack is the Simplified Mandatory Access Control Kernel.
Smack implements mandatory access control (MAC) using labels
attached to tasks and data containers, including files, SVIPC
. action_sid is
used
to govern actions made by the task.
So put all these fields into one blob and attach them to the cred.
Actually, if you put all these fields in the task blob maybe you
don't need to do your COW thing at all.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list
pointer and an effective cred pointer, with the contents
of
/proc coming from the real, but the effective governing what actually goes
on.
I think you want the effective values to show up in /proc.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
--- David Howells [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] wrote:
One thing I'm not certain about is how this should interact with /proc,
which can display some of the stuff in the cred struct. I think it may
be
necessary to have a real cred pointer
you will need to have the ability
to filter on either. It's no different from the euid/ruid split.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
--- Andrew Morton [EMAIL PROTECTED] wrote:
On Sat, 29 Sep 2007 17:20:36 -0700 Casey Schaufler [EMAIL PROTECTED]
wrote:
Smack is the Simplified Mandatory Access Control Kernel.
I don't know enough about security even to be dangerous. I went back and
reviewed the August thread from
questionable network support.
That would break sockets. I really doubt that you're suggesting that
cryptographic authentication is required on the loopback interface.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body
initializations for the spinlocks and mutex currently initializes in
smack_init. Also the -Inet/netlabel looks rather odd, please work with
the netlabel maintainer to move the required files to the include/
hierachy.
Paul and I discussed this earlier, and will again.
Thank you.
Casey Schaufler
[EMAIL
CAP_LINUX_IMMUTABLE?
I would be delighted to have a bit of my very own. The granularity
advocates might suggest I use more than one.
Thank you for the comments.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message
on everyone's
machine.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
is not for everyone.
Smack has a different focus than SELinux. I see no need for hostility.
If SELinux wants to incorporate Smack features, that's OK with me,
but it won't make SELinux simpler. Heaven knows I have leaned heavily
on the implementation example of SELinux.
Casey Schaufler
[EMAIL
there are undoubtedly systems that don't
care about permission checking[1])
-Andi
[1] I bet I gave the linux-tiny crowd an idea now ;-)
You would need authoritative LSM hooks for this. The current LSM
additional restrictions model does not provide for this.
Casey Schaufler
[EMAIL PROTECTED
--- Al Viro [EMAIL PROTECTED] wrote:
On Tue, Oct 02, 2007 at 09:45:42PM -0700, Casey Schaufler wrote:
From: Casey Schaufler [EMAIL PROTECTED]
Smack is the Simplified Mandatory Access Control Kernel.
Smack implements mandatory access control (MAC) using labels
attached to tasks
--- Al Viro [EMAIL PROTECTED] wrote:
On Wed, Oct 03, 2007 at 10:21:08AM -0700, Casey Schaufler wrote:
what
happens if we want it in two chroot jails with different layouts?
As you can only have /smack mounted once, this isn't an issue,
but it does present an interesting use case
but that does
have applications that require separation, perhaps a moble communication
device with application download capability, is just one example
where the smack symlink implementation provides the required
function without requiring application support.
Casey Schaufler
[EMAIL PROTECTED
arbitarily to meet interesting or bizarre real world
cases.
I admit to being impressed by the wide variety of mount options
currently available. In many cases this will be the best approach.
/tmp is a typical use for a smack symlink, but not the only one.
Casey Schaufler
[EMAIL PROTECTED
--- Al Viro [EMAIL PROTECTED] wrote:
On Wed, Oct 03, 2007 at 12:51:08PM -0700, Casey Schaufler wrote:
Because you throw simple out the window when you require userland
assistance to perform this function.
Any more than having /tmp replaced with a symlink?
Yes. By the way
I have broken the Smack patch into the netlabel changes from Paul Moore
(1/2) and the Smack LSM (2/2), at Paul's kind suggestion.
The smackfs symlinks have proven too contentious. I have removed the
facility. Al and Alan are correct that the rich set of mount options
currently available can
From: Paul Moore [EMAIL PROTECTED]
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem without
relying on assistance from userspace.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Signed-off-by: Casey Schaufler
--- Tetsuo Handa [EMAIL PROTECTED] wrote:
Hello.
Casey Schaufler wrote:
There is work required to audit, SELinux, and LSM that will be
required before Smack or any other module can really use audit
properly. Smack using audit would be nice, but there are already
interesting cases
loaded in the
kernel.
Cheers,
Kyle Moffett
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
I am reposting yesterday's Version 5 patch set because I know that
it didn't get everywhere it was supposed to.
I have broken the Smack patch into the netlabel changes from Paul Moore
(1/2) and the Smack LSM (2/2), at Paul's kind suggestion.
The smackfs symlinks have proven too contentious. I
From: Paul Moore [EMAIL PROTECTED]
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem without
relying on assistance from userspace.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
---
include/net/netlabel.h
--- Serge E. Hallyn [EMAIL PROTECTED] wrote:
Quoting Casey Schaufler ([EMAIL PROTECTED]):
...
Good suggestion. In fact, that is exactly how I approached my
first two attempts at the problem. What you get if you take that
route is an imposing infrastructure that has virually nothing
. I sure hope so.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
and Smack share is that they only really
provide security if all processes involved are under their control,
just like the preemption behavior.
This is not necessarily true of all possible LSMs. In that case it may
be practicle to have different behavior for different containers.
Casey Schaufler
--- Eric W. Biederman [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] writes:
--- Eric W. Biederman [EMAIL PROTECTED] wrote:
Likely. Until we have a generalized LSM interface with 1000 config
options like netfilter I don't expect we will have grounds to talk
or agree
From: Paul Moore [EMAIL PROTECTED]
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem without
relying on assistance from userspace.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
---
This update fixes a memory
--- Ahmed S. Darwish [EMAIL PROTECTED] wrote:
Hi Casey,
On Sun, Oct 14, 2007 at 10:15:42AM -0700, Casey Schaufler wrote:
+
+CIPSO Configuration
+
+It is normally unnecessary to specify the CIPSO configuration. The default
+values used by the system handle all internal cases
that capget64() and capget64() are the way to go. Any objections?
Not from me. Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
--- Al Viro [EMAIL PROTECTED] wrote:
On Tue, Oct 16, 2007 at 09:17:40PM -0700, Casey Schaufler wrote:
At random:
+static int smack_netlabel(struct sock *sk)
+{
+ static int initialized;
+ struct socket_smack *ssp = sk-sk_security;
+ struct netlbl_lsm_secattr secattr
--- Chris Wright [EMAIL PROTECTED] wrote:
* Casey Schaufler ([EMAIL PROTECTED]) wrote:
And don't give me the old LKML is a tough crowd feldercarb.
Security modules have been much worse. Innovation, even in
security, is a good thing and treating people harshly, even
for their own good
The Smack patch and Paul Moore's netlabel API patch,
together for 2.6.24-rc1. Paul's changes are identical
to the previous posting, but it's been a while so they're
here again.
The sole intent of change has been to address locking
and/or list processing issues. Please don't hesitate to
point out
1 - 100 of 190 matches
Mail list logo