On Mon, 2007-07-16 at 21:18 -0700, Casey Schaufler wrote: > Thank you for the valuable comments. I have incorporated a good number > in the updated patch: > > http://www.schaufler-ca.com/data/smack-0716A-patch.tar
- Duplication of interfaces between /smack/self and /proc/self/attr/current? - Lack of CAP_MAC_OVERRIDE check in smack_setprocattr? - Lack of CAP_MAC_OVERRIDE checks on setxattr or removexattr for the SMACK attribute? cap_inode_*xattr will check CAP_SYS_ADMIN, but is that what you want? - Speaking of which, are you ok with your MAC model being overridden by all uid 0 processes? Or do you plan to change securebits and use file caps? - I suspect use of _IOC_DIR() or IOC_IN/OUT/INOUT would suit you better for file_ioctl. Just map each cmd to read/write/readwrite that way and avoid having to encode specific knowledge there. SELinux should likely do the same although compat may be a pain. - Consistency nit: if not rechecking on read/write (file_permission), why recheck on mmap? Likewise possibly for some if not all of the other file_ hooks. - On mmap, why always check readwrite, as prot may only be PROT_READ and even a PROT_WRITE mapping won't actually write back to the file unless the mapping is MAP_SHARED. See the selinux hook for comparison. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
