Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* Greg KH ([EMAIL PROTECTED]) wrote: > On Wed, Aug 24, 2005 at 06:20:33PM -0700, Chris Wright wrote: > > Now that capability functions are default, rootplug no longer needs to > > manually add them to its security_ops. > > > > Cc: Greg Kroah <[EMAIL PROTECTED]> > > Signed-off-by: Chris Wright <[EMAIL PROTECTED]> > > You can add: > > Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]> > > to this one when you send it on. Thanks, will do. -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
On Wed, Aug 24, 2005 at 06:20:33PM -0700, Chris Wright wrote: > Now that capability functions are default, rootplug no longer needs to > manually add them to its security_ops. > > Cc: Greg Kroah <[EMAIL PROTECTED]> > Signed-off-by: Chris Wright <[EMAIL PROTECTED]> You can add: Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]> to this one when you send it on. thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
On Wed, Aug 24, 2005 at 06:20:33PM -0700, Chris Wright wrote: Now that capability functions are default, rootplug no longer needs to manually add them to its security_ops. Cc: Greg Kroah [EMAIL PROTECTED] Signed-off-by: Chris Wright [EMAIL PROTECTED] You can add: Signed-off-by: Greg Kroah-Hartman [EMAIL PROTECTED] to this one when you send it on. thanks, greg k-h - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* Greg KH ([EMAIL PROTECTED]) wrote: On Wed, Aug 24, 2005 at 06:20:33PM -0700, Chris Wright wrote: Now that capability functions are default, rootplug no longer needs to manually add them to its security_ops. Cc: Greg Kroah [EMAIL PROTECTED] Signed-off-by: Chris Wright [EMAIL PROTECTED] You can add: Signed-off-by: Greg Kroah-Hartman [EMAIL PROTECTED] to this one when you send it on. Thanks, will do. -chris - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > @@ -1527,7 +1533,8 @@ static int selinux_vm_enough_memory(long > int rc, cap_sys_admin = 0; > struct task_security_struct *tsec = current->security; > > - rc = secondary_ops->capable(current, CAP_SYS_ADMIN); > + rc = secondary_ops->capable ? > + secondary_ops->capable(current, CAP_SYS_ADMIN) : 0; I don't think this really makes sense. It says the default secondary thinks you have the capablity. Safe since SELinux double checks, but not really accurate. thanks, -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* Chris Wright ([EMAIL PROTECTED]) wrote: > * Stephen Smalley ([EMAIL PROTECTED]) wrote: > > e.g. if secondary_ops->capable is null, the SELinux tests aren't going > > to show that, because they will still see that the SELinux permission > > checks are working correctly. They only test failure/success for the > > SELinux permission checks, not for the capability checks, so if you > > unhook capabilities, they won't notice. > > Yes, I see. I thought the tests you were referring to were > "if (secondary_ops->capable)" not LTP tests. Capability is still a > module that can be loaded (or built-in). So the only issue is it's > security_ops is now NULL where it was a trivial return 0 function. > Aside from the oversight Serge fixed, I don't think there's any issue. Bah, of course, that's inaccurate because you unconditionally set the secondary to the default. So, indeed, the default case (nothing actively loaded as secondary) will get secondary_ops filled with NULL only. Seems simplest to just fill the default with cap calls where applicable, but I had hoped to eliminate that. Thoughts? thanks, -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* Stephen Smalley ([EMAIL PROTECTED]) wrote: > On Thu, 2005-08-25 at 09:21 -0700, Chris Wright wrote: > > * Stephen Smalley ([EMAIL PROTECTED]) wrote: > > > On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: > > > > Ok, with the attached patch SELinux seems to work correctly. You'll > > > > probably want to make it a little prettier :) Note I have NOT ran the > > > > ltp tests for correctness. I'll do some performance runs, though > > > > unfortunately can't do so on ppc right now. > > > > > > Note that the selinux tests there _only_ test the SELinux checking. So > > > if these changes interfere with proper stacking of SELinux with > > > capabilities, that won't show up there. > > > > Sorry, I'm not parsing that? > > e.g. if secondary_ops->capable is null, the SELinux tests aren't going > to show that, because they will still see that the SELinux permission > checks are working correctly. They only test failure/success for the > SELinux permission checks, not for the capability checks, so if you > unhook capabilities, they won't notice. Yes, I see. I thought the tests you were referring to were "if (secondary_ops->capable)" not LTP tests. Capability is still a module that can be loaded (or built-in). So the only issue is it's security_ops is now NULL where it was a trivial return 0 function. Aside from the oversight Serge fixed, I don't think there's any issue. thanks, -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
Quoting Chris Wright ([EMAIL PROTECTED]): > * Stephen Smalley ([EMAIL PROTECTED]) wrote: > > On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: > > > Ok, with the attached patch SELinux seems to work correctly. You'll > > > probably want to make it a little prettier :) Note I have NOT ran the > > > ltp tests for correctness. I'll do some performance runs, though > > > unfortunately can't do so on ppc right now. > > > > Note that the selinux tests there _only_ test the SELinux checking. So > > if these changes interfere with proper stacking of SELinux with > > capabilities, that won't show up there. > > Sorry, I'm not parsing that? > -chris That was in reference to running the LTP selinux tests: that running them successfully will not mean selinux and capability are working together correct. thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
On Thu, 2005-08-25 at 09:21 -0700, Chris Wright wrote: > * Stephen Smalley ([EMAIL PROTECTED]) wrote: > > On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: > > > Ok, with the attached patch SELinux seems to work correctly. You'll > > > probably want to make it a little prettier :) Note I have NOT ran the > > > ltp tests for correctness. I'll do some performance runs, though > > > unfortunately can't do so on ppc right now. > > > > Note that the selinux tests there _only_ test the SELinux checking. So > > if these changes interfere with proper stacking of SELinux with > > capabilities, that won't show up there. > > Sorry, I'm not parsing that? e.g. if secondary_ops->capable is null, the SELinux tests aren't going to show that, because they will still see that the SELinux permission checks are working correctly. They only test failure/success for the SELinux permission checks, not for the capability checks, so if you unhook capabilities, they won't notice. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* Stephen Smalley ([EMAIL PROTECTED]) wrote: > On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: > > Ok, with the attached patch SELinux seems to work correctly. You'll > > probably want to make it a little prettier :) Note I have NOT ran the > > ltp tests for correctness. I'll do some performance runs, though > > unfortunately can't do so on ppc right now. > > Note that the selinux tests there _only_ test the SELinux checking. So > if these changes interfere with proper stacking of SELinux with > capabilities, that won't show up there. Sorry, I'm not parsing that? -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: > Ok, with the attached patch SELinux seems to work correctly. You'll > probably want to make it a little prettier :) Note I have NOT ran the > ltp tests for correctness. I'll do some performance runs, though > unfortunately can't do so on ppc right now. Note that the selinux tests there _only_ test the SELinux checking. So if these changes interfere with proper stacking of SELinux with capabilities, that won't show up there. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
Ok, with the attached patch SELinux seems to work correctly. You'll
probably want to make it a little prettier :) Note I have NOT ran the
ltp tests for correctness. I'll do some performance runs, though
unfortunately can't do so on ppc right now.
thanks,
-serge
Signed-off-by: Serge Hallyn <[EMAIL PROTECTED]
--
hooks.c | 93 ++--
1 files changed, 62 insertions(+), 31 deletions(-)
Index: linux-2.6.12/security/selinux/hooks.c
===
--- linux-2.6.12.orig/security/selinux/hooks.c 2005-08-25 12:56:51.0
-0500
+++ linux-2.6.12/security/selinux/hooks.c 2005-08-25 14:27:53.0
-0500
@@ -1352,7 +1352,7 @@ static int selinux_ptrace(struct task_st
struct task_security_struct *csec = child->security;
int rc;
- rc = secondary_ops->ptrace(parent,child);
+ rc = secondary_ops->ptrace ? secondary_ops->ptrace(parent,child) : 0;
if (rc)
return rc;
@@ -1372,7 +1372,9 @@ static int selinux_capget(struct task_st
if (error)
return error;
- return secondary_ops->capget(target, effective, inheritable, permitted);
+ return secondary_ops->capget ?
+ secondary_ops->capget(target, effective, inheritable,
+ permitted) : 0;
}
static int selinux_capset_check(struct task_struct *target, kernel_cap_t
*effective,
@@ -1380,7 +1382,9 @@ static int selinux_capset_check(struct t
{
int error;
- error = secondary_ops->capset_check(target, effective, inheritable,
permitted);
+ error = secondary_ops->capset_check ?
+ secondary_ops->capset_check(target, effective,
+ inheritable, permitted) : 0;
if (error)
return error;
@@ -1390,14 +1394,16 @@ static int selinux_capset_check(struct t
static void selinux_capset_set(struct task_struct *target, kernel_cap_t
*effective,
kernel_cap_t *inheritable, kernel_cap_t
*permitted)
{
- secondary_ops->capset_set(target, effective, inheritable, permitted);
+ if (secondary_ops->capset_set)
+ secondary_ops->capset_set(target, effective, inheritable,
+ permitted);
}
static int selinux_capable(struct task_struct *tsk, int cap)
{
int rc;
- rc = secondary_ops->capable(tsk, cap);
+ rc = secondary_ops->capable ? secondary_ops->capable(tsk, cap) : 0;
if (rc)
return rc;
@@ -1412,7 +1418,7 @@ static int selinux_sysctl(ctl_table *tab
u32 tsid;
int rc;
- rc = secondary_ops->sysctl(table, op);
+ rc = secondary_ops->sysctl ? secondary_ops->sysctl(table, op) : 0;
if (rc)
return rc;
@@ -1484,7 +1490,7 @@ static int selinux_syslog(int type)
{
int rc;
- rc = secondary_ops->syslog(type);
+ rc = secondary_ops->syslog ? secondary_ops->syslog(type) : 0;
if (rc)
return rc;
@@ -1527,7 +1533,8 @@ static int selinux_vm_enough_memory(long
int rc, cap_sys_admin = 0;
struct task_security_struct *tsec = current->security;
- rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
+ rc = secondary_ops->capable ?
+ secondary_ops->capable(current, CAP_SYS_ADMIN) : 0;
if (rc == 0)
rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
SECCLASS_CAPABILITY,
@@ -1570,7 +1577,8 @@ static int selinux_bprm_set_security(str
struct avc_audit_data ad;
int rc;
- rc = secondary_ops->bprm_set_security(bprm);
+ rc = secondary_ops->bprm_set_security ?
+ secondary_ops->bprm_set_security(bprm) : 0;
if (rc)
return rc;
@@ -1637,7 +1645,8 @@ static int selinux_bprm_set_security(str
static int selinux_bprm_check_security (struct linux_binprm *bprm)
{
- return secondary_ops->bprm_check_security(bprm);
+ return secondary_ops->bprm_check_security ?
+ secondary_ops->bprm_check_security(bprm) : 0;
}
@@ -1655,7 +1664,9 @@ static int selinux_bprm_secureexec (stru
PROCESS__NOATSECURE, NULL);
}
- return (atsecure || secondary_ops->bprm_secureexec(bprm));
+ return (atsecure ||
+ secondary_ops->bprm_secureexec ?
+ secondary_ops->bprm_secureexec(bprm) : 0);
}
static void selinux_bprm_free_security(struct linux_binprm *bprm)
@@ -1756,7 +1767,8 @@ static void selinux_bprm_apply_creds(str
u32 sid;
int rc;
- secondary_ops->bprm_apply_creds(bprm, unsafe);
+ if (secondary_ops->bprm_apply_creds)
+ secondary_ops->bprm_apply_creds(bprm, unsafe);
tsec = current->security;
@@ -1982,7 +1994,8 @@ static int selinux_mount(char *
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
Ok, with the attached patch SELinux seems to work correctly. You'll
probably want to make it a little prettier :) Note I have NOT ran the
ltp tests for correctness. I'll do some performance runs, though
unfortunately can't do so on ppc right now.
thanks,
-serge
Signed-off-by: Serge Hallyn [EMAIL PROTECTED]
--
hooks.c | 93 ++--
1 files changed, 62 insertions(+), 31 deletions(-)
Index: linux-2.6.12/security/selinux/hooks.c
===
--- linux-2.6.12.orig/security/selinux/hooks.c 2005-08-25 12:56:51.0
-0500
+++ linux-2.6.12/security/selinux/hooks.c 2005-08-25 14:27:53.0
-0500
@@ -1352,7 +1352,7 @@ static int selinux_ptrace(struct task_st
struct task_security_struct *csec = child-security;
int rc;
- rc = secondary_ops-ptrace(parent,child);
+ rc = secondary_ops-ptrace ? secondary_ops-ptrace(parent,child) : 0;
if (rc)
return rc;
@@ -1372,7 +1372,9 @@ static int selinux_capget(struct task_st
if (error)
return error;
- return secondary_ops-capget(target, effective, inheritable, permitted);
+ return secondary_ops-capget ?
+ secondary_ops-capget(target, effective, inheritable,
+ permitted) : 0;
}
static int selinux_capset_check(struct task_struct *target, kernel_cap_t
*effective,
@@ -1380,7 +1382,9 @@ static int selinux_capset_check(struct t
{
int error;
- error = secondary_ops-capset_check(target, effective, inheritable,
permitted);
+ error = secondary_ops-capset_check ?
+ secondary_ops-capset_check(target, effective,
+ inheritable, permitted) : 0;
if (error)
return error;
@@ -1390,14 +1394,16 @@ static int selinux_capset_check(struct t
static void selinux_capset_set(struct task_struct *target, kernel_cap_t
*effective,
kernel_cap_t *inheritable, kernel_cap_t
*permitted)
{
- secondary_ops-capset_set(target, effective, inheritable, permitted);
+ if (secondary_ops-capset_set)
+ secondary_ops-capset_set(target, effective, inheritable,
+ permitted);
}
static int selinux_capable(struct task_struct *tsk, int cap)
{
int rc;
- rc = secondary_ops-capable(tsk, cap);
+ rc = secondary_ops-capable ? secondary_ops-capable(tsk, cap) : 0;
if (rc)
return rc;
@@ -1412,7 +1418,7 @@ static int selinux_sysctl(ctl_table *tab
u32 tsid;
int rc;
- rc = secondary_ops-sysctl(table, op);
+ rc = secondary_ops-sysctl ? secondary_ops-sysctl(table, op) : 0;
if (rc)
return rc;
@@ -1484,7 +1490,7 @@ static int selinux_syslog(int type)
{
int rc;
- rc = secondary_ops-syslog(type);
+ rc = secondary_ops-syslog ? secondary_ops-syslog(type) : 0;
if (rc)
return rc;
@@ -1527,7 +1533,8 @@ static int selinux_vm_enough_memory(long
int rc, cap_sys_admin = 0;
struct task_security_struct *tsec = current-security;
- rc = secondary_ops-capable(current, CAP_SYS_ADMIN);
+ rc = secondary_ops-capable ?
+ secondary_ops-capable(current, CAP_SYS_ADMIN) : 0;
if (rc == 0)
rc = avc_has_perm_noaudit(tsec-sid, tsec-sid,
SECCLASS_CAPABILITY,
@@ -1570,7 +1577,8 @@ static int selinux_bprm_set_security(str
struct avc_audit_data ad;
int rc;
- rc = secondary_ops-bprm_set_security(bprm);
+ rc = secondary_ops-bprm_set_security ?
+ secondary_ops-bprm_set_security(bprm) : 0;
if (rc)
return rc;
@@ -1637,7 +1645,8 @@ static int selinux_bprm_set_security(str
static int selinux_bprm_check_security (struct linux_binprm *bprm)
{
- return secondary_ops-bprm_check_security(bprm);
+ return secondary_ops-bprm_check_security ?
+ secondary_ops-bprm_check_security(bprm) : 0;
}
@@ -1655,7 +1664,9 @@ static int selinux_bprm_secureexec (stru
PROCESS__NOATSECURE, NULL);
}
- return (atsecure || secondary_ops-bprm_secureexec(bprm));
+ return (atsecure ||
+ secondary_ops-bprm_secureexec ?
+ secondary_ops-bprm_secureexec(bprm) : 0);
}
static void selinux_bprm_free_security(struct linux_binprm *bprm)
@@ -1756,7 +1767,8 @@ static void selinux_bprm_apply_creds(str
u32 sid;
int rc;
- secondary_ops-bprm_apply_creds(bprm, unsafe);
+ if (secondary_ops-bprm_apply_creds)
+ secondary_ops-bprm_apply_creds(bprm, unsafe);
tsec = current-security;
@@ -1982,7 +1994,8 @@ static int selinux_mount(char * dev_name
{
int rc;
- rc =
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: Ok, with the attached patch SELinux seems to work correctly. You'll probably want to make it a little prettier :) Note I have NOT ran the ltp tests for correctness. I'll do some performance runs, though unfortunately can't do so on ppc right now. Note that the selinux tests there _only_ test the SELinux checking. So if these changes interfere with proper stacking of SELinux with capabilities, that won't show up there. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* Stephen Smalley ([EMAIL PROTECTED]) wrote: On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: Ok, with the attached patch SELinux seems to work correctly. You'll probably want to make it a little prettier :) Note I have NOT ran the ltp tests for correctness. I'll do some performance runs, though unfortunately can't do so on ppc right now. Note that the selinux tests there _only_ test the SELinux checking. So if these changes interfere with proper stacking of SELinux with capabilities, that won't show up there. Sorry, I'm not parsing that? -chris - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
On Thu, 2005-08-25 at 09:21 -0700, Chris Wright wrote: * Stephen Smalley ([EMAIL PROTECTED]) wrote: On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: Ok, with the attached patch SELinux seems to work correctly. You'll probably want to make it a little prettier :) Note I have NOT ran the ltp tests for correctness. I'll do some performance runs, though unfortunately can't do so on ppc right now. Note that the selinux tests there _only_ test the SELinux checking. So if these changes interfere with proper stacking of SELinux with capabilities, that won't show up there. Sorry, I'm not parsing that? e.g. if secondary_ops-capable is null, the SELinux tests aren't going to show that, because they will still see that the SELinux permission checks are working correctly. They only test failure/success for the SELinux permission checks, not for the capability checks, so if you unhook capabilities, they won't notice. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
Quoting Chris Wright ([EMAIL PROTECTED]): * Stephen Smalley ([EMAIL PROTECTED]) wrote: On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: Ok, with the attached patch SELinux seems to work correctly. You'll probably want to make it a little prettier :) Note I have NOT ran the ltp tests for correctness. I'll do some performance runs, though unfortunately can't do so on ppc right now. Note that the selinux tests there _only_ test the SELinux checking. So if these changes interfere with proper stacking of SELinux with capabilities, that won't show up there. Sorry, I'm not parsing that? -chris That was in reference to running the LTP selinux tests: that running them successfully will not mean selinux and capability are working together correct. thanks, -serge - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* Stephen Smalley ([EMAIL PROTECTED]) wrote: On Thu, 2005-08-25 at 09:21 -0700, Chris Wright wrote: * Stephen Smalley ([EMAIL PROTECTED]) wrote: On Thu, 2005-08-25 at 09:38 -0500, [EMAIL PROTECTED] wrote: Ok, with the attached patch SELinux seems to work correctly. You'll probably want to make it a little prettier :) Note I have NOT ran the ltp tests for correctness. I'll do some performance runs, though unfortunately can't do so on ppc right now. Note that the selinux tests there _only_ test the SELinux checking. So if these changes interfere with proper stacking of SELinux with capabilities, that won't show up there. Sorry, I'm not parsing that? e.g. if secondary_ops-capable is null, the SELinux tests aren't going to show that, because they will still see that the SELinux permission checks are working correctly. They only test failure/success for the SELinux permission checks, not for the capability checks, so if you unhook capabilities, they won't notice. Yes, I see. I thought the tests you were referring to were if (secondary_ops-capable) not LTP tests. Capability is still a module that can be loaded (or built-in). So the only issue is it's security_ops is now NULL where it was a trivial return 0 function. Aside from the oversight Serge fixed, I don't think there's any issue. thanks, -chris - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* Chris Wright ([EMAIL PROTECTED]) wrote: * Stephen Smalley ([EMAIL PROTECTED]) wrote: e.g. if secondary_ops-capable is null, the SELinux tests aren't going to show that, because they will still see that the SELinux permission checks are working correctly. They only test failure/success for the SELinux permission checks, not for the capability checks, so if you unhook capabilities, they won't notice. Yes, I see. I thought the tests you were referring to were if (secondary_ops-capable) not LTP tests. Capability is still a module that can be loaded (or built-in). So the only issue is it's security_ops is now NULL where it was a trivial return 0 function. Aside from the oversight Serge fixed, I don't think there's any issue. Bah, of course, that's inaccurate because you unconditionally set the secondary to the default. So, indeed, the default case (nothing actively loaded as secondary) will get secondary_ops filled with NULL only. Seems simplest to just fill the default with cap calls where applicable, but I had hoped to eliminate that. Thoughts? thanks, -chris - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: @@ -1527,7 +1533,8 @@ static int selinux_vm_enough_memory(long int rc, cap_sys_admin = 0; struct task_security_struct *tsec = current-security; - rc = secondary_ops-capable(current, CAP_SYS_ADMIN); + rc = secondary_ops-capable ? + secondary_ops-capable(current, CAP_SYS_ADMIN) : 0; I don't think this really makes sense. It says the default secondary thinks you have the capablity. Safe since SELinux double checks, but not really accurate. thanks, -chris - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 5/5] Remove unnecesary capability hooks in rootplug.
Now that capability functions are default, rootplug no longer needs to
manually add them to its security_ops.
Cc: Greg Kroah <[EMAIL PROTECTED]>
Signed-off-by: Chris Wright <[EMAIL PROTECTED]>
---
security/root_plug.c | 14 +-
1 files changed, 1 insertion(+), 13 deletions(-)
Index: lsm-hooks-2.6/security/root_plug.c
===
--- lsm-hooks-2.6.orig/security/root_plug.c
+++ lsm-hooks-2.6/security/root_plug.c
@@ -83,19 +83,7 @@ static int rootplug_bprm_check_security
}
static struct security_operations rootplug_security_ops = {
- /* Use the capability functions for some of the hooks */
- .ptrace = cap_ptrace,
- .capget = cap_capget,
- .capset_check = cap_capset_check,
- .capset_set = cap_capset_set,
- .capable = cap_capable,
-
- .bprm_apply_creds = cap_bprm_apply_creds,
- .bprm_set_security =cap_bprm_set_security,
-
- .task_post_setuid = cap_task_post_setuid,
- .task_reparent_to_init =cap_task_reparent_to_init,
-
+ /* The capability functions are the defaults */
.bprm_check_security = rootplug_bprm_check_security,
};
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH 5/5] Remove unnecesary capability hooks in rootplug.
Now that capability functions are default, rootplug no longer needs to
manually add them to its security_ops.
Cc: Greg Kroah [EMAIL PROTECTED]
Signed-off-by: Chris Wright [EMAIL PROTECTED]
---
security/root_plug.c | 14 +-
1 files changed, 1 insertion(+), 13 deletions(-)
Index: lsm-hooks-2.6/security/root_plug.c
===
--- lsm-hooks-2.6.orig/security/root_plug.c
+++ lsm-hooks-2.6/security/root_plug.c
@@ -83,19 +83,7 @@ static int rootplug_bprm_check_security
}
static struct security_operations rootplug_security_ops = {
- /* Use the capability functions for some of the hooks */
- .ptrace = cap_ptrace,
- .capget = cap_capget,
- .capset_check = cap_capset_check,
- .capset_set = cap_capset_set,
- .capable = cap_capable,
-
- .bprm_apply_creds = cap_bprm_apply_creds,
- .bprm_set_security =cap_bprm_set_security,
-
- .task_post_setuid = cap_task_post_setuid,
- .task_reparent_to_init =cap_task_reparent_to_init,
-
+ /* The capability functions are the defaults */
.bprm_check_security = rootplug_bprm_check_security,
};
--
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
