On Sat, 23 Dec 2000, Kurt Garloff wrote:
I wonder how their approach compares to the RSBAC stuff, though.
The RSBAC (by Amon Ott) has all the infrastructure available to have
policy based access control; whenever an access decision has to be
taken, a call via some interface is made to a
into an
acceptable form.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
view in AA, just a bunch of disconnected
profiles.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read
the filesystem
namespace has been set up by a trusted agent and is correct.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo
a
desktop application, you can't limit yourself to the kernel. And the
label model provides a unifying abstraction for dealing with all of
these various objects, whereas the path/natural abstraction model has
no unifying abstraction at all.
--
Stephen Smalley
National Security Agency
directories, where
pathnames are largely useless as an indicator.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, 2007-04-19 at 20:08 +, David Wagner wrote:
Stephen Smalley wrote:
Confinement in its traditional sense (e.g. the 1973 Lampson paper, ACM
Vol 16 No 10) means information flow control, which you have agreed
AppArmor does not and cannot provide.
Right, that's how I understand
On Thu, 2007-04-19 at 20:54 +, David Wagner wrote:
Stephen Smalley wrote:
Integrity protection requires information flow control; you can't
protect a high integrity process from being corrupted by a low integrity
process if you don't control the flow of information. Plenty of attacks
be directly integrated into SELinux,
not stacked as a separate module.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
4.8875 476 0.6239 311.3766
udp_v4_lookup_longway
if dnsfilter had used epoll, security_port_sid would
probably (?) be number one (or two or three) CPU user in kernel.
also note that 17.6% of mispredicted branches occurr in security_port_sid.
--
Stephen Smalley
On Mon, 2007-02-19 at 11:01 -0600, Serge E. Hallyn wrote:
From: Serge E. Hallyn [EMAIL PROTECTED]
Subject: [PATCH -mm] file caps: make on-disk capabilities future-proof
Stephen Smalley has pointed out that the current file capabilities
will eventually pose a problem.
As the capability set
in there is a bit odd-looking.
The new __audit_fd_pair() has unneeded braces in it.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
On Thu, 2007-02-22 at 13:19 -0800, Andrew Morton wrote:
On Thu, 22 Feb 2007 08:22:47 -0500 Stephen Smalley [EMAIL PROTECTED]
wrote:
On Wed, 2007-02-21 at 16:03 -0800, Andrew Morton wrote:
Looking at the changes to audit_receive_msg():
if (sid
, ala:
svn co http://oss.tresys.com/repos/refpolicy/trunk refpolicy
cd refpolicy/policy/flask
vi security_classes access_vectors
add new class to end
make
make LINUX_D=/path/to/linux-2.6 tokern
Dan knows how to do that.
--
Stephen Smalley
National Security Agency
--
To unsubscribe from
On Wed, 2008-01-09 at 18:56 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
Right, the latter is reasonable.
Requires adding the class and permission definition to
policy/flask/security_classes and policy/flask/access_vectors and then
regenerating the kernel
On Wed, 2007-09-12 at 17:51 +0900, Yuichi Nakamura wrote:
Hi.
Stephen Smalley pointed out possibility of race condition
in off-list discussion.
Stephen Smalley said:
One other observation about the patch: it presently leaves open a
(small) race window in which the file could get
labels have
changed or the policy has changed since the open-time check. A new LSM
hook, security_dentry_open, is added to capture the necessary state at
open time to allow this optimization.
Signed-off-by: Yuichi Nakamura[EMAIL PROTECTED]
Thanks, looks good.
Acked-by: Stephen Smalley [EMAIL
On Tue, 2007-12-18 at 19:28 -0800, Crispin Cowan wrote:
Stephen Smalley wrote:
It is if I have to maintain a special pieces of code for each possible LSM.
One piece for SELinux, one piece for AppArmour, one piece for Smack, one
piece
for Casey's security system. That sounds like a pain
of the selinux mailing list.
If you no longer wish to subscribe, send mail to [EMAIL PROTECTED] with
the words unsubscribe selinux without quotes as the message.
--
Stephen Smalley
National Security Agency
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message
obsolete entries from the prior policy when we load a new policy.
Is the only real problem here the clearing of f_op? If so, we can
likely remove that from sel_remove_entries() without harm, and fix the
checks for it to use something more reliable.
--
Stephen Smalley
National Security Agency
On Tue, 2007-11-20 at 15:17 +, Christoph Hellwig wrote:
On Tue, Nov 20, 2007 at 10:05:05AM -0500, Stephen Smalley wrote:
Nice, getting rid of this is a very good step formwards. Unfortunately
we have another copy of this junk in
security/selinux/selinuxfs.c:sel_remove_entries
On Tue, 2007-11-20 at 15:17 +, Christoph Hellwig wrote:
On Tue, Nov 20, 2007 at 10:05:05AM -0500, Stephen Smalley wrote:
Nice, getting rid of this is a very good step formwards. Unfortunately
we have another copy of this junk in
security/selinux/selinuxfs.c:sel_remove_entries
- other MAC modules like SELinux won't honor it. Maybe it should
be CAP_SMACK_OVERRIDE.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
On Wed, 2007-11-21 at 09:21 -0800, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Wed, 2007-11-21 at 09:48 -0600, Serge E. Hallyn wrote:
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
+/*
+ * There are not enough CAP bits available to make this
+ * real
,
.task_setgid = selinux_task_setgid,
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to [EMAIL PROTECTED] with
the words unsubscribe selinux without quotes as the message.
--
Stephen Smalley
On Mon, 2007-12-10 at 17:07 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
+ tsec-create_sid = SECINITSID_UNLABELED;
+ tsec-keycreate_sid = SECINITSID_UNLABELED;
+ tsec-sockcreate_sid = SECINITSID_UNLABELED;
Cleared means what? Setting to 0? Or is there some
On Mon, 2007-12-10 at 21:08 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
Otherwise, only other issue I have with this interface is it won't
generalize to dealing with nfsd, where we want to set the acting context
to a context we obtain from or determine based upon
On Mon, 2007-12-10 at 14:26 -0800, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Mon, 2007-12-10 at 21:08 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
Otherwise, only other issue I have with this interface is it won't
generalize
On Mon, 2007-12-10 at 23:36 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
From a config file whose pathname would be provided by libselinux (ala
the way in which dbusd imports contexts), or directly as a context
returned by a libselinux function.
That sounds too
On Mon, 2007-12-10 at 15:46 -0800, Casey Schaufler wrote:
--- David Howells [EMAIL PROTECTED] wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
From a config file whose pathname would be provided by libselinux (ala
the way in which dbusd imports contexts), or directly as a context
On Tue, 2007-12-11 at 11:26 -0800, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Mon, 2007-12-10 at 14:26 -0800, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Mon, 2007-12-10 at 21:08 +, David Howells wrote:
Stephen Smalley
On Tue, 2007-12-11 at 20:42 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
That sounds too SELinux specific. How do I do it so that it works for any
LSM?
You can't. There is no LSM for userspace; LSM specifically disavowed
any common userspace API
On Tue, 2007-12-11 at 15:04 -0800, Casey Schaufler wrote:
--- David Howells [EMAIL PROTECTED] wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
All your code has to do is invoke a function provided by libselinux.
Calling libselinux means it's a special case for a specific LSM.
I
On Wed, 2007-12-12 at 08:51 -0800, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Tue, 2007-12-11 at 15:04 -0800, Casey Schaufler wrote:
--- David Howells [EMAIL PROTECTED] wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
All your code has to do
On Wed, 2007-12-12 at 18:29 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
That sounds workable, although I think he will want a more specific hook
than security_secctx_to_secid(), or possibly a second hook call, that
would not only validate the context but authorize
]
--
Stephen Smalley
National Security Agency
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
/cachefiles.conf. Have cachefilesd read it and pass
it downward.
More likely, run it at build time in your .spec file to generate
cachefiles.conf, then run it again maybe upon a policy update or if the
user selects a different policy.
--
Stephen Smalley
National Security Agency
--
To unsubscribe from
On Wed, 2007-12-12 at 22:49 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
Have you example code for the security hook you mention? I'm not sure I
understand why security_secctx_to_secid() is not sufficient.
security_secctx_to_secid() would just validate
On Wed, 2007-12-12 at 22:55 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
More likely, run it at build time in your .spec file to generate
cachefiles.conf,
I don't think sticking it in cachefiles.conf is a good idea necessarily.
That has to be an administrator
On Thu, 2007-12-13 at 15:36 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
It is just a way of carving up the permission space, typically based on
object type, but it can essentially be arbitrary. The check in this
case seems specific to cachefiles since
On Thu, 2007-12-13 at 17:01 +, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
They would correspond with the operations provided by the /dev/cachefiles
interface, at the granularity you want to support distinctions to be made.
Can this be made simpler by the fact
On Wed, 2007-10-24 at 20:46 -0700, Casey Schaufler wrote:
From: Casey Schaufler [EMAIL PROTECTED]
Smack is the Simplified Mandatory Access Control Kernel.
Smack implements mandatory access control (MAC) using labels
attached to tasks and data containers, including files, SVIPC,
and other
return -EEXIST;
if (IS_DEADDIR(dir))
return -ENOENT;
+ if (nd)
+ nd-flags |= LOOKUP_CONTINUE;
return permission(dir,MAY_WRITE | MAY_EXEC, nd);
}
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send
== 0)
+ strcpy(ssp-smk_packet, smack);
+ ssp-smk_depth++;
Ditto.
+
+ return 0;
+}
+
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
is permitted within same session */
+ if (sig == SIGCONT (task_session_nr(current)==task_session_nr(p)))
+ return 0;
+
if (secid)
/*
* Signal sent as a particular user.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from
for its existence?
Looks unused now.
Similarly for some of the other security structs.
Only inode, superblock, and sock back pointers still seem to be in use.
--
Stephen Smalley
National Security Agency
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
On Wed, 2007-09-26 at 14:30 +0100, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
Precisely when to use one identity vs. the other though isn't always
clear, and the potential for accidental divergence is also a concern.
What should auditing use in audit_filter_rules
than a strict
subset of SELinux (MAC, label-based, should be easily emulated on top of
SELinux or via fairly simple extension to it to make such emulation
simpler or more optimal), then what isn't mergeable as a separate
security module?
--
Stephen Smalley
National Security Agency
for userland so that you don't need separate
versions of ls, ps, sshd, etc for Smack vs SELinux vs. whatever.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
to be more like SELinux. I don't believe the former is even
possible, given that Smack is strictly less expressive and granular by
design. Rewriting Smack to be more like SELinux should be possible, but
seems like more work than emulating Smack on SELinux via policy, and to
what end?
--
Stephen
a overhead in selinux_file_permission function.
This is a function that is called in read/write calls,
and does SELinux permission check.
SELinux checks permission both in open and read/write time.
Stephen Smalley sugessted that we can usually skip permission check
in selinux_file_permission
(unsigned long clone_flags)
{
return 0;
Regards,
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read
rules that assign that value.
It's the change to the skb allocator - no longer clears up through
truesize and thus secmark is garbage initially. That would apply to
mainline too.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel
On Wed, 2007-08-22 at 09:36 -0400, Stephen Smalley wrote:
On Wed, 2007-08-22 at 06:23 -0700, James Morris wrote:
On Wed, 22 Aug 2007, Michal Piotrowski wrote:
I got a problem with SELinux
http://www.stardust.webpages.pl/files/tbf/bitis-gabonica/2.6.20.17-rc1/console.log
http
On Wed, 2007-08-22 at 16:29 +0200, Michal Piotrowski wrote:
On 22/08/07, James Morris [EMAIL PROTECTED] wrote:
On Wed, 22 Aug 2007, Stephen Smalley wrote:
Oops, never mind - tail still follows secmark, so that shouldn't matter.
So I'm not sure why we are getting a bad value for secmark
://marc.info/?l=git-commits-headm=118271540932264w=2
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ
does today
with the fsuid/fsguid, just applied to the security label.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo
that the task's security context would have to be able to
store
acting security IDs for everything, but I don't think that's too much of a
stretch resourcewise.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message
level of context.
What was the objection again to the original interface, aside from
replacing u32 secids with void* security blobs?
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED
when
it is created.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
there). So even that would
have to be encapsulated within a hook.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
then need to define a corresponding hook function
to call the secondary module? Otherwise, it will fall back to the dummy
implementation and stacking selinux + capabilities with file caps won't
yield the right behavior.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list
specific functionality. It should not be an LSM
interface.
Odd, you proposed exactly the same hook (aside from naming convention
and secid as argument vs. as retval) in recent postings on linux-audit
and selinux list for use by the audit system.
--
Stephen Smalley
National Security Agency
.
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/Kconfig |7 ++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/security/selinux/Kconfig b/security
on their security labels.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
)
rc = inode-i_op-getxattr(dentry, XATTR_NAME_CAPS,
incaps, XATTR_CAPS_SZ);
else
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
This patch removes the sclass argument from ipc_has_perm in the
SELinux module, as it can be obtained from the ipc security structure.
The use of a separate argument was a legacy of the older precondition
function handling in SELinux and is obsolete. Please apply.
Signed-off-by: Stephen Smalley
bogus task
information for checks performed from irq or softirq. Please apply.
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
--
kernel/auditsc.c | 28
security/selinux/avc.c | 34
).
--
Stephen Smalley [EMAIL PROTECTED]
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
)
--
Stephen Smalley [EMAIL PROTECTED]
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
and the requested mode
separate from any particular LSM.
--
Stephen Smalley [EMAIL PROTECTED]
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
. Further, the existence of selinuxfs
in /proc/filesystems is used as a test of whether SELinux was enabled in
the kernel (e.g. is_selinux_enabled in libselinux).
I'm not sure such a change is worthwhile for SELinux; large amount of
disruption for little real gain.
--
Stephen Smalley
National
the SELinux kernel code, with less
filesystems in the kernel, consolidating several potential projects into
the same security filesystem.
If there are several such projects in the first place...
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe
a distinguishing name suffix (the part after the
security. prefix). Note also that inode_getsecurity returns the number
of bytes used/required on success.
The proposed inode_init_security hook will likewise have an issue for
stacking.
--
Stephen Smalley
National Security Agency
-
To unsubscribe
.
inode_setsecurity).
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
files changed, 34 insertions(+), 513 deletions(-)
Signed-off-by: Adrian Bunk [EMAIL PROTECTED]
Looks fine to me (although your diffstat output is stale). Re-diff
against 2.6.11-mm3 is below, feel free to send along to Andrew Morton.
Acked-by: Stephen Smalley [EMAIL PROTECTED]
security
This patch alters the SELinux handling of inodes with invalid security
contexts so that a filesystem with a root inode that has an invalid
security context can still be mounted for administrative recovery
without disabling SELinux altogether. Please apply.
Signed-off-by: Stephen Smalley [EMAIL
This patch from Adrian Bunk makes needlessly global code static and
removes a number of unused global and static functions from SELinux.
Please apply.
Author: Adrian Bunk [EMAIL PROTECTED]
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
security/selinux/avc.c| 174
This patch changes SELinux to audit any unrecognized netlink messages
in controlled classes rather than silently rejecting them, and to
allow them if in permissive mode. Please apply.
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
security
kernel seems to
be operating without problem. Feel free to send along to Andrew Morton.
Acked-by: Stephen Smalley [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
);
goto bad;
}
_
You didn't remove the loop that already converted these values to little
endian already (no that isn't the same as the earlier loop that you did
remove), so now you are converting them twice. And why is this new code
better even if you fix this omission?
--
Stephen
On Tue, 2005-03-22 at 10:19 -0500, Stephen Smalley wrote:
You didn't remove the loop that already converted these values to little
s/ to / from /
endian already (no that isn't the same as the earlier loop that you did
remove), so now you are converting them twice. And why is this new code
0x0001UL
#define UDP_SOCKET__READ 0x0002UL
--
Stephen Smalley [EMAIL PROTECTED]
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
On Wed, 2005-03-23 at 09:40 -0500, Stephen Smalley wrote:
This patch adds a name_connect permission check to SELinux to provide
control over outbound TCP connections to particular ports distinct
from the general controls over sending and receiving packets. Please
apply.
security/selinux
to perform its own access control.
OK, thanks. I'll assume that the other three patches are unchanged.
I don't think we've heard from the SELinux team regarding these patches?
(See http://www.zip.com.au/~akpm/linux/patches/stuff/selinux-reiserfs/)
Acked-by: Stephen Smalley [EMAIL PROTECTED
. The checkreqprot value has a compile-time configurable
default value and can also be set via boot parameter or at runtime via
/selinux/checkreqprot if allowed by policy. Thanks to Chris Wright,
James Morris, and Colin Walters for comments on an earlier version of
the patch.
Signed-off-by: Stephen Smalley
On Mon, 2005-03-07 at 16:14 -0800, Andrew Morton wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
+__setup(checkreqprot=, checkreqprot_setup);
Can we have an update to Documentation/kernel-parameters.txt, please?
Ok, how does the patch below look? Includes descriptions of the other
two
of the API from scripts (although that isn't
recommended). Please apply.
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
security/selinux/hooks.c |8 ++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff -X /home/sds/dontdiff -ru linux-2.6.11
of the existing avc_audit()
code migrated into the audit framework (e.g. the exe= information
currently generated by avc_audit could be done by audit_log_exit
instead).
--
Stephen Smalley [EMAIL PROTECTED]
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux
of socket files in the filesystem, not just the actual socket
objects IIUC. Hence this patch reworks the SELinux code to avoid the
need to apply such a test in the first place, part of which was
obsoleted anyway by earlier changes to SELinux. Please apply.
Signed-off-by: Stephen Smalley [EMAIL
On Fri, 2005-04-01 at 12:35 -0800, David S. Miller wrote:
On Fri, 01 Apr 2005 15:06:37 -0500
Stephen Smalley [EMAIL PROTECTED] wrote:
This patch against -bk eliminates the use of i_sock by SELinux as it
appears to have been removed recently, breaking the build of SELinux in
-bk. Simply
will ultimately
have its security label set upon the d_instantiate() call (via
security_d_instantiate() - selinux_d_instantiate()), and be
subsequently checked for opens/reads/writes via the
selinux_inode_permission() and selinux_file_permission() hook functions.
--
Stephen Smalley [EMAIL PROTECTED
,
and in any event, the patents in question have expired AFAICS.
--
Stephen Smalley [EMAIL PROTECTED]
National Security Agency
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo
On Tue, 2005-03-01 at 01:32 +0100, Alexander Nyberg wrote:
There's a leak here in the first error path.
Found by the Coverity tool.
Signed-off-by: Alexander Nyberg [EMAIL PROTECTED]
Acked-by: Stephen Smalley [EMAIL PROTECTED]
--
Stephen Smalley [EMAIL PROTECTED]
National Security Agency
On Tue, 2005-03-01 at 01:32 +0100, Alexander Nyberg wrote:
The 'bad' label will call function that unconditionally dereferences
the NULL pointer.
Found by the Coverity tool
Signed-off-by: Alexander Nyberg [EMAIL PROTECTED]
Acked-by: Stephen Smalley [EMAIL PROTECTED]
--
Stephen Smalley
This patch against 2.6.11-rc2-mm2 regenerates the SELinux module headers
to define the execmod permission for character device files in order to
provide proper auditing of such checks on /dev/zero. Please apply.
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: James Morris
This patch against 2.6.11-rc2-mm2 changes SELinux to display any
permission values that could not be mapped to names as a hex value when
generating an audit message. Please apply.
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
security/selinux
. This would only occur if the process had write
permission to a suid file but lacked setattr permission to it. Please
apply.
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
Signed-off-by: James Morris [EMAIL PROTECTED]
security/selinux/hooks.c |3 +++
1 files changed, 3 insertions(+)
Index
On Fri, 2005-02-04 at 13:14, Chris Wright wrote:
* Stephen Smalley ([EMAIL PROTECTED]) wrote:
This patch against 2.6.11-rc3 fixes the selinux_inode_setattr hook
function to honor the ATTR_FORCE flag, skipping any permission checking
in that case. Otherwise, it is possible though unlikely
/2005: Swith to using CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL.
thanks,
-serge
Signed-off-by: Serge Hallyn [EMAIL PROTECTED]
Signed-off-by: Stephen Smalley [EMAIL PROTECTED]
--
Stephen Smalley [EMAIL PROTECTED]
National Security Agency
-
To unsubscribe from this list: send the line
1 - 100 of 1023 matches
Mail list logo