Re: [RFC v4 0/2] WhiteEgret LSM module

This is an interesting idea, and an evolution since the initial approach which was submitted based upon xattr attributes. I still find the idea of using attributes simpler to manage though, since they're easy to add, and audit for. I suspect the biggest objection to this module is that maintainin

Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

> A configurable LSM is probably the right way to do this. I wonder how many out of tree LSM there are? Looking at the mainline kernel the only "small" LSM bundled is YAMA, and it seems that most of the patches proposing new ones eventually die out. I appreciate that there are probably a lot of

Re: [PATCH v2] Moved module init-functions into the module.

> > The module initialization code belongs in the module. > > The LSM infrastructure should have an absolute minimum > > of module specific information. I would rather see the > > "minor" modules (yama, loadpin) changed to use the module > > registration scheme used by the "major" modules, but that

[PATCH v2] Moved module init-functions into the module.

sane choice. This patch has been updated to use `security_init`, as per feedback from Ethan Zhao. This should ensure that the LSM init is called "early". Signed-off-by: Steve Kemp --- include/linux/lsm_hooks.h | 10 -- security/loadpin/loadpin.c | 5 - security/security.c

Re: [PATCH] Moved module init-functions into the module.

On Thu Jun 22, 2017 at 16:02:30 +0800, Ethan Zhao wrote: > Seems you moved the initialization of security module to > late_initcall stage, that is not right. Thanks for the feedback. > For security modules, you should use security_initcall() macro to define > the init functions.

[PATCH] Moved module init-functions into the module.

sane choice. Signed-off-by: Steve Kemp --- include/linux/lsm_hooks.h | 10 -- security/loadpin/loadpin.c | 5 - security/security.c| 2 -- security/yama/yama_lsm.c | 5 - 4 files changed, 8 insertions(+), 14 deletions(-) diff --git a/include/linux/lsm_hooks.h b

Re: [RFC 0/3] WhiteEgret LSM module

On Fri, Jun 2, 2017 at 10:00 PM, Casey Schaufler wrote: > A 'user' attribute can be set by the file owner. A 'security' > attribute requires privilege. SELinux and Smack use 'security' > attributes to prevent users from mucking with them. You need > to create module hooks for manipulating them,

Re: [RFC 0/3] WhiteEgret LSM module

> Create an security module that looks for the attribute For what it is worth I thought this seemed like an interesting project for a beginner, so I did just that. I wrote up the experience here: https://blog.steve.fi/so_i_accidentally_wrote_a_linux_security_module.html In short it was a very s