On 12/15/2015 8:55 AM, Stephen Smalley wrote:
> On 12/15/2015 11:06 AM, Casey Schaufler wrote:
>> On 12/15/2015 7:00 AM, Stephen Smalley wrote:
>>> On 12/14/2015 05:57 PM, Roberts, William C wrote:
>>>>
>>>>>>
>>>>>> If I understa
ecurity context string for export to userspace that could be embedded
>>> in the binder transaction structure? This could avoid both the
>>> limitations of the current secid (e.g. limited to 32 bits, no
>>> stackability) and the overhead of copying context strings on
On 12/11/2015 2:14 PM, Stephen Smalley wrote:
> On 12/11/2015 02:55 PM, Paul Moore wrote:
>> On Fri, Dec 11, 2015 at 1:37 PM, Daniel Cashman wrote:
>>> Hello,
>>>
>>> I would like to write a patch that would expose, via selinuxfs, the
>>> mapping between secids in the kernel
On 12/11/2015 10:37 AM, Daniel Cashman wrote:
> Hello,
>
> I would like to write a patch that would expose, via selinuxfs, the
> mapping between secids in the kernel and security contexts to
> user-space, but before doing so wanted to get some feedback as to
> whether or not such an endeavor could
t the size of the blobs without doing so, but I am
disinclined to pursue that. Exposing the blob structure
has typing advantages.
Earlier discussions about changing the inode structure to
better accommodate the use of security data include:
https://lkml.org/lkml/2013/6/3/516
Signed-off-by: Casey
isinclined to pursue that. Exposing the blob structure
has typing advantages.
Earlier discussions about changing the inode structure to
better accommodate the use of security data include:
https://lkml.org/lkml/2013/6/3/516
Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com>
---
cause a problem.
Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com>
---
security/smack/smack_lsm.c | 22 ++
1 file changed, 22 insertions(+)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index ff81026..b20ef06 100644
--- a/security/smack/smack
On 11/3/2015 2:15 PM, Dan Carpenter wrote:
This causes a static checker warning because "maplevel" is set by the
user and we cap the upper bound but not the lower bound. It seems
harmless to me and it's root only but we may as well make the static
checker happy.
Also checkpatch complains that
Thank you. This is very helpful.
On 11/23/2015 3:47 AM, James Morris wrote:
For LSM developers who might be waiting for a resync to Linus...
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More
by seq operations.
>
> See the documentation in the patch below for the details about how to
> use the hook.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: Casey Schaufler <ca...@
t; The capabilities (CAP_MAC_ADMIN, CAP_MAC_OVERRIDE) has been allowed in
> the namespace for few cases. Check the documentation for the details.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
Acked-by: Casey Schaufler
paced labels and Smack namespaces but the behaviour of Smack
> should not be changed. The APIs are there, but they have no impact yet.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
Acked-by: Casey Schauf
kasz Pawelczyk <l.pawelc...@samsung.com>
> Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> security/smack/smack.h| 47 ++-
> security/smack/sma
take advantage of this mechanism is Smack.
>
> The hooks has been documented in the in the security.h below.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
> Acked-by: Paul Moore <p...@paul-moore.com>
e an access, even thought reading the smackfs/syslog
> returned the same result in both cases.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: Casey Schauf
-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> fs/proc/base.c | 2 +-
> include/linux/lsm_hooks.h | 18 --
> include/linu
ck namespace patches.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> fs/xattr.c| 10 ++
> include/linux/lsm_ho
ous list upon write
>
> Signed-off-by: Zbigniew Jasinski <z.jasin...@samsung.com>
> Signed-off-by: Rafal Krypa <r.kr...@samsung.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
Applied-to: https://github.com/cschaufler/smack-next.git#smack-for-4.4
> ---
&g
The following changes since commit 049e6dde7e57f0054fdc49102e7ef4830c698b46:
Linux 4.3-rc4 (2015-10-04 16:57:17 +0100)
are available in the git repository at:
https://github.com/cschaufler/smack-next.git smack-for-4.4
for you to fetch changes up to 38416e53936ecf896948fdeffc36b76979117952:
On 10/15/2015 12:48 AM, Rafał Krypa wrote:
> On 2015-10-14 17:54, Rafal Krypa wrote:
>> From: Zbigniew Jasinski
>>
>> This feature introduces new kernel interface:
>>
>> - /relabel-self - for setting transition labels list
>>
>> This list is used to control smack label
On 10/13/2015 10:04 AM, Seth Forshee wrote:
> The SMACK64, SMACK64EXEC, and SMACK64MMAP labels are all handled
> differently in untrusted mounts. This is confusing and
> potentically problematic. Change this to handle them all the same
> way that SMACK64 is currently handled; that is, read the
a6113:
>
> echo "$SOME_IPV6_ADDR \"test" > /smack/ipv6host
> (this should return EINVAL, it doesn't)
> cat /smack/ipv6host
> (derefences 0x000a)
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com
On 9/27/2015 8:10 AM, Geliang Tang wrote:
> Fixes the following sparse warning:
>
> security/smack/smack_lsm.c:55:1: warning: symbol 'smk_ipv6_port_list'
> was not declared. Should it be static?
>
> Signed-off-by: Geliang Tang <geliangt...@163.com>
Acked-by: Casey Sc
ed-off-by: José Bollo <jose.bo...@iot.bzh>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
Applied to https://github.com/cschaufler/smack-next.git#smack-for-4.4
> ---
> security/smack/smack_lsm.c | 4 ++--
> security/smack/smackfs.c | 2 +-
> 2 files changed, 3
On 10/5/2015 3:27 AM, Roman Kubiak wrote:
> This fix writes the task label when
> smack_d_instantiate is called, before the
> label of the superblock was written on the
> pipe's inode.
>
> Signed-off-by: Roman Kubiak <r.kub...@samsung.com>
Acked-by: Casey Schaufler
On 10/2/2015 6:19 AM, José Bollo wrote:
> The function strncpy was copying an extra character
> when i == len (what is possible via revoke interface).
>
> Change-Id: Ic7452da05773e620a1d7bbc55e859c25a86c65f6
> Signed-off-by: José Bollo
> Signed-off-by: Stephane
On 10/4/2015 12:19 PM, Andreas Gruenbacher wrote:
> Add a hook to invalidate an inode's security label when the cached
> information becomes invalid.
Where is this used? If I need to do the same for Smack
or any other module, how would I know that it works right?
>
> Implement the new hook in
portions look fine.
Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
the Smack side. Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
do anything this
looks fine. I'm not sure that I would want these hooks to
do anything, it requires additional thought to determine if
there is a good behavior for them.
Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module
--- Serge E. Hallyn [EMAIL PROTECTED] wrote:
Quoting Casey Schaufler ([EMAIL PROTECTED]):
From: Casey Schaufler [EMAIL PROTECTED]
Update the Smack LSM to allow the registration of the capability
module as a secondary LSM. Integrate the new hooks required for
file based capabilities
From: Casey Schaufler [EMAIL PROTECTED]
This patch assumes Smack unlabeled outgoing ambient packets - v4
which is one reason it's RFC.
Update the Smack LSM to allow the registration of the capability
module as a secondary LSM. Integrate the new hooks required for
file based capabilities
From: Casey Schaufler [EMAIL PROTECTED]
Update the Smack LSM to allow the registration of the capability
module as a secondary LSM. Integrate the new hooks required for
file based capabilities.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
---
security/smack/smack_lsm.c | 87
above and not
bothering to fix the problem.
I probably just missed it when it went by, but do you have some
test cases for file capabilities lying about that I might use?
Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security
you get into that situation,
and is it appropriate to have that situation in your security scheme?
Can this occur without using privilege?
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL
From: Casey Schaufler [EMAIL PROTECTED]
Correct the checks in smack_inode_setxattr to include the
socket labeling attributes. Simplify and correct
smack_sock_graft, while the values it was setting were
safe they were not correct and the job was not being
done efficiently. smack_inode_setsecurity
From: Casey Schaufler [EMAIL PROTECTED]
Correct the checks in smack_inode_setxattr to include the
socket labeling attributes. Simplify and correct
smack_sock_graft, while the values it was setting were
safe they were not correct and the job was not being
done efficiently. smack_inode_setsecurity
is on my todo list.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
.
Only the cachefiles kernel module directly reads and writes the files.
Correct.
Well, my bad, and thank you for clearing up my misunderstanding.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message
a (newobject) secid that an object gets on creation.
And you want them all to be distinct and settable.
Did I get that right?
Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED
]
Cc: Chris Wright [EMAIL PROTECTED]
Signed-off-by: H. Peter Anvin [EMAIL PROTECTED]
It is also the case that Smack does not use this hook.
It can be removed as far as I'm concerned.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security
append and delete files, pick a different name and implement
an LSM to enforce it.
Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
;
return 0;
}
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
to use LSM
calls will be mostly straitforward if the secctx can be assumed to
be a string.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Tue, 2007-12-11 at 15:04 -0800, Casey Schaufler wrote:
--- David Howells [EMAIL PROTECTED] wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
All your code has to do is invoke a function provided by libselinux.
Calling
--- David Howells [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] wrote:
You may need to have an application, say cachefileselinuxcontext, that will
read the current policy and spit out an appropriate value of whatever,
but that can be separate and LSM specific without
--- David Howells [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] wrote:
What sort of authorization are you thinking of? I would expect
that to have been done by cachefileselinuxcontext (or
cachefilesspiffylsmcontext) up in userspace. If you're going to
rely on userspace
it, if that's what he
really wants to do.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
, given the daemon's own security context? That seems entirely
reasonable to me.
Works for Smack. I can't say definitively, but I think it will
work for SELinux. Beyond that and we're into the fuzzy bit of the
LSM.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
deal with Smack, or any LSM other than SELinux.
Just as Stephen mentions, I also don't see the generality that a change
of this magnitude really ought to provide.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body
with the (perhaps archaic now) behavior
of nfsd on Unix, which did nothing but lend it's credential to the
underlying kernel code. I think it's a rational approach, although I
expect that in may have troubles under SELinux.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
From: Casey Schaufler [EMAIL PROTECTED]
Collect the Smack label of the other end on connection so that
getsockopt(..., SO_PEERSEC, ...) can report it. This is done
in smack_inet_conn_request(). Report the correct value in
smack_socket_getpeersec_stream(). Initialize the smk_packet
field
= selinux_key_getsecurity,
#endif
};
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
or
secid_to_secctx to secid_to_security. Not the problem of the day.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Casey Schaufler [EMAIL PROTECTED]
Addresses comments from akpm.
Clean out unnecessary mutex initializations for Smack list locks.
Once this is done, there is no need for them to be shared among
multiple files, so pull them out of the header file and put them
in the files where they belong
From: Casey Schaufler [EMAIL PROTECTED]
Bump the value of CAP_LAST_CAP to reflect the current last cap value.
It appears that the patch that introduced CAP_LAST_CAP and the patch
that introduced CAP_MAC_ADMIN came in more or less at the same time.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED
-info.html
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Casey Schaufler [EMAIL PROTECTED]
This patch takes advantage of the increase in capability bits
to allocate capabilities for Mandatory Access Control. Whereas
Smack was overloading a previously allocated capability it is
now using a pair, one for overriding access control checks
(tsk);
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
proposed
before the virus in my sinuses knocks me out completely.
Thank you.
* DG/UX supported over 330 capabilities and is my personal
poster child for excesses of granularity with regard to
capabilities. I don't really expect to see a Linux port.
Casey Schaufler
[EMAIL PROTECTED
--- Andrew Morgan [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Casey Schaufler wrote:
In the end we can call it CAP_LATE_FOR_DINNER if that's the only way
I can move forward. CAP_MAC_OVERRIDE is the obvious partner to
CAP_DAC_OVERRIDE, so that's still my
--- Casey Schaufler [EMAIL PROTECTED] wrote:
From: Casey Schaufler [EMAIL PROTECTED]
...
I have verified this version against broken-out-2007-11-20-01-45
as well. Compiles, boots, and passes tests.
Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send
--- Andrew Morton [EMAIL PROTECTED] wrote:
On Tue, 20 Nov 2007 11:04:32 -0800 (PST)
Casey Schaufler [EMAIL PROTECTED] wrote:
--- Casey Schaufler [EMAIL PROTECTED] wrote:
From: Casey Schaufler [EMAIL PROTECTED]
...
I have verified this version against broken-out-2007-11
From: Casey Schaufler [EMAIL PROTECTED]
This represents the rework required for changes to inode_getsecurity.
It is relative to smack24rc2v11, which is the version added to -mm,
but subsequently removed because of the change to inode_getsecurity
Signed-off-by: Casey Schaufler [EMAIL PROTECTED
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
--- Crispin Cowan [EMAIL PROTECTED] wrote:
Dr. David Alan Gilbert wrote:
...
Can you explain why you want a non-privileged user to be able to edit
policy? I would like to better understand the problem here
From: Paul Moore [EMAIL PROTECTED]
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem without
relying on assistance from userspace.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Signed-off-by: Casey Schaufler
a mandatory access control scheme that some people would like to be able
to use as a discretionary access control scheme. This is creepy after
seeing the MCS implementation in SELinux, which is also a DAC scheme
wacked out of a MAC scheme. Very interesting indeed.
Casey Schaufler
[EMAIL PROTECTED
--- Paul Moore [EMAIL PROTECTED] wrote:
On Friday 09 November 2007 5:19:02 pm Casey Schaufler wrote:
--- Paul Moore [EMAIL PROTECTED] wrote:
Add a secctx_to_secid() LSM hook to go along with the existing
secid_to_secctx() LSM hook.
I'll bite. Where does this get used?
Patch 12/13
so far
and see how best to make use of it, because my current plan is nowhere
near as good as yours.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
to subscribe, send mail to [EMAIL PROTECTED] with
the words unsubscribe selinux without quotes as the message.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info
with the secid in any
case.
In Linux 2.7 I propose that we fix these problems. Not today.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
char flags;/* which mount options were specified */
unsigned char proc; /* proc fs */
struct mutex lock;
struct list_head isec_head;
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security
This is version 11 of the Simplified Mandatory Access Control Kernel.
The whole thing as available on the Smack home page at
http://schaufler-ca.com
The attachments to this message are not kernel code.
They are early versions of the smackload and smackcipso
programs, and are included in
From: Paul Moore [EMAIL PROTECTED]
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem without
relying on assistance from userspace.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
---
include/net/netlabel.h
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Joshua Brindle wrote:
Casey Schaufler wrote:
From: Paul Moore [EMAIL PROTECTED]
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem
without
relying
--- Casey Schaufler [EMAIL PROTECTED] wrote:
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Joshua Brindle wrote:
Casey Schaufler wrote:
From: Paul Moore [EMAIL PROTECTED]
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own
capabilities are a bonus, and there are lots of
people who think that it would be really nifty if there were a
separate capability for each if in the kernel. I personally
don't see need for more than about 20. That is a matter of taste.
DG/UX ended up with 330 and I say that's too many.
Casey
--- Tetsuo Handa [EMAIL PROTECTED] wrote:
Hello.
Casey Schaufler wrote:
Fine grained capabilities are a bonus, and there are lots of
people who think that it would be really nifty if there were a
separate capability for each if in the kernel. I personally
don't see need for more than
and compiled into selinux rules...
Casey, who still thinks Pavel doesn't get it.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo
squeeze some legless
reptiles now.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
.
Sincerely,
OMO
Most excellent. Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
,
even if they were somehow stacked. Multiple LSMs has issues,
like what should security_secid_to_secctx() return to the audit
system, but privilege model shouldn't be one of them.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module
that virtually no one wants into any system is a bad idea. If
you haven't read Man of LaMancha I strongly suggest you do so.
Or at least see the play, it's got some catchy songs.
-
* If you don't know what MULTICS was you can buy me a beer and
I'll tell you the whole story
Casey Schaufler
[EMAIL
it was me, of
course. Linus is right, you know.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
The Smack patch and Paul Moore's netlabel API patch,
together for 2.6.24-rc1. Paul's changes are identical
to the previous posting, but it's been a while so they're
here again.
The sole intent of change has been
presently. If not it
may take a day or two longer. You have not been forgotten.
Thank you for your contribution.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info
,
and now have a (long) list of improvements and fixes.
No rest for the wicked.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Wed, 2007-10-24 at 20:46 -0700, Casey Schaufler wrote:
...
+Smack does not implement Domain Type Enforcement (DTE). If
+you want DTE Linux has an implementation called SELinux.
+Those who really want DTE are encouraged to use SELinux
that the capabilities maintainer be very stingy
and refer anyone who's need isn't pretty obvious there.
This means that the folks who want to divide CAP_SYSADMIN
are going to be disappointed with what they get, but some
level of restraint is important.
Casey Schaufler
[EMAIL PROTECTED
--- Chris Wright [EMAIL PROTECTED] wrote:
* Casey Schaufler ([EMAIL PROTECTED]) wrote:
And don't give me the old LKML is a tough crowd feldercarb.
Security modules have been much worse. Innovation, even in
security, is a good thing and treating people harshly, even
for their own good
The Smack patch and Paul Moore's netlabel API patch,
together for 2.6.24-rc1. Paul's changes are identical
to the previous posting, but it's been a while so they're
here again.
The sole intent of change has been to address locking
and/or list processing issues. Please don't hesitate to
point out
From: Paul Moore [EMAIL PROTECTED]
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem without
relying on assistance from userspace.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
---
include/net/netlabel.h
--- Al Viro [EMAIL PROTECTED] wrote:
On Tue, Oct 16, 2007 at 09:17:40PM -0700, Casey Schaufler wrote:
At random:
+static int smack_netlabel(struct sock *sk)
+{
+ static int initialized;
+ struct socket_smack *ssp = sk-sk_security;
+ struct netlbl_lsm_secattr secattr
that capget64() and capget64() are the way to go. Any objections?
Not from me. Thank you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
--- Ahmed S. Darwish [EMAIL PROTECTED] wrote:
Hi Casey,
On Sun, Oct 14, 2007 at 10:15:42AM -0700, Casey Schaufler wrote:
+
+CIPSO Configuration
+
+It is normally unnecessary to specify the CIPSO configuration. The default
+values used by the system handle all internal cases
--- Serge E. Hallyn [EMAIL PROTECTED] wrote:
Quoting Casey Schaufler ([EMAIL PROTECTED]):
...
Good suggestion. In fact, that is exactly how I approached my
first two attempts at the problem. What you get if you take that
route is an imposing infrastructure that has virually nothing
. I sure hope so.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
and Smack share is that they only really
provide security if all processes involved are under their control,
just like the preemption behavior.
This is not necessarily true of all possible LSMs. In that case it may
be practicle to have different behavior for different containers.
Casey Schaufler
--- Eric W. Biederman [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] writes:
--- Eric W. Biederman [EMAIL PROTECTED] wrote:
Likely. Until we have a generalized LSM interface with 1000 config
options like netfilter I don't expect we will have grounds to talk
or agree
From: Paul Moore [EMAIL PROTECTED]
Add a new set of configuration functions to the NetLabel/LSM API so that
LSMs can perform their own configuration of the NetLabel subsystem without
relying on assistance from userspace.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
---
This update fixes a memory
1 - 100 of 190 matches
Mail list logo