Re: Exposing secid to secctx mapping to user-space

On 12/15/2015 8:55 AM, Stephen Smalley wrote: > On 12/15/2015 11:06 AM, Casey Schaufler wrote: >> On 12/15/2015 7:00 AM, Stephen Smalley wrote: >>> On 12/14/2015 05:57 PM, Roberts, William C wrote: >>>> >>>>>> >>>>>> If I understa

Re: Exposing secid to secctx mapping to user-space

ecurity context string for export to userspace that could be embedded >>> in the binder transaction structure? This could avoid both the >>> limitations of the current secid (e.g. limited to 32 bits, no >>> stackability) and the overhead of copying context strings on

Re: Exposing secid to secctx mapping to user-space

On 12/11/2015 2:14 PM, Stephen Smalley wrote: > On 12/11/2015 02:55 PM, Paul Moore wrote: >> On Fri, Dec 11, 2015 at 1:37 PM, Daniel Cashman wrote: >>> Hello, >>> >>> I would like to write a patch that would expose, via selinuxfs, the >>> mapping between secids in the kernel

Re: Exposing secid to secctx mapping to user-space

On 12/11/2015 10:37 AM, Daniel Cashman wrote: > Hello, > > I would like to write a patch that would expose, via selinuxfs, the > mapping between secids in the kernel and security contexts to > user-space, but before doing so wanted to get some feedback as to > whether or not such an endeavor could

[RFC PATCH] VFS: Remove security module inode blob allocation overhead - unmundged

t the size of the blobs without doing so, but I am disinclined to pursue that. Exposing the blob structure has typing advantages. Earlier discussions about changing the inode structure to better accommodate the use of security data include: https://lkml.org/lkml/2013/6/3/516 Signed-off-by: Casey

[RFC PATCH] VFS: Remove security module inode blob allocation overhead

isinclined to pursue that. Exposing the blob structure has typing advantages. Earlier discussions about changing the inode structure to better accommodate the use of security data include: https://lkml.org/lkml/2013/6/3/516 Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com> ---

[PATCH] Smack: File receive for sockets

cause a problem. Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com> --- security/smack/smack_lsm.c | 22 ++ 1 file changed, 22 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ff81026..b20ef06 100644 --- a/security/smack/smack

Re: [patch] Smack: harmless underflow in smk_set_cipso()

On 11/3/2015 2:15 PM, Dan Carpenter wrote: This causes a static checker warning because "maplevel" is set by the user and we cap the upper bound but not the lower bound. It seems harmless to me and it's root only but we may as well make the static checker happy. Also checkpatch complains that

Re: Security next tree synced to v4.4-rc2

Thank you. This is very helpful. On 11/23/2015 3:47 AM, James Morris wrote: For LSM developers who might be waiting for a resync to Linus... -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More

Re: [PATCH v4 02/11] lsm: /proc/$PID/attr/label_map file and getprocattr_seq hook

by seq operations. > > See the documentation in the patch below for the details about how to > use the hook. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Acked-by: Serge Hallyn <serge.hal...@canonical.com> Acked-by: Casey Schaufler <ca...@

Re: [PATCH v4 10/11] smack: namespace implementation

t; The capabilities (CAP_MAC_ADMIN, CAP_MAC_OVERRIDE) has been allowed in > the namespace for few cases. Check the documentation for the details. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com> Acked-by: Casey Schaufler

Re: [PATCH v4 09/11] smack: namespace groundwork

paced labels and Smack namespaces but the behaviour of Smack > should not be changed. The APIs are there, but they have no impact yet. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com> Acked-by: Casey Schauf

Re: [PATCH v4 08/11] smack: misc cleanups in preparation for a namespace patch

kasz Pawelczyk <l.pawelc...@samsung.com> > Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > security/smack/smack.h| 47 ++- > security/smack/sma

Re: [PATCH v4 01/11] user_ns: 3 new LSM hooks for user namespace operations

take advantage of this mechanism is Smack. > > The hooks has been documented in the in the security.h below. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com> > Acked-by: Paul Moore <p...@paul-moore.com>

Re: [PATCH v4 06/11] smack: don't use implicit star to display smackfs/syslog

e an access, even thought reading the smackfs/syslog > returned the same result in both cases. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Acked-by: Serge Hallyn <serge.hal...@canonical.com> Acked-by: Casey Schauf

Re: [PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments

-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Acked-by: Serge Hallyn <serge.hal...@canonical.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > fs/proc/base.c | 2 +- > include/linux/lsm_hooks.h | 18 -- > include/linu

Re: [PATCH v4 04/11] lsm: inode_pre_setxattr hook

ck namespace patches. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Acked-by: Serge Hallyn <serge.hal...@canonical.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > fs/xattr.c| 10 ++ > include/linux/lsm_ho

Re: [PATCH v5] Smack: limited capability for changing process label

ous list upon write > > Signed-off-by: Zbigniew Jasinski <z.jasin...@samsung.com> > Signed-off-by: Rafal Krypa <r.kr...@samsung.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> Applied-to: https://github.com/cschaufler/smack-next.git#smack-for-4.4 > --- &g

[PULL] Smack - Changes for 4.4

The following changes since commit 049e6dde7e57f0054fdc49102e7ef4830c698b46: Linux 4.3-rc4 (2015-10-04 16:57:17 +0100) are available in the git repository at: https://github.com/cschaufler/smack-next.git smack-for-4.4 for you to fetch changes up to 38416e53936ecf896948fdeffc36b76979117952:

Re: [PATCH v4] Smack: limited capability for changing process label

On 10/15/2015 12:48 AM, Rafał Krypa wrote: > On 2015-10-14 17:54, Rafal Krypa wrote: >> From: Zbigniew Jasinski >> >> This feature introduces new kernel interface: >> >> - /relabel-self - for setting transition labels list >> >> This list is used to control smack label

Re: [PATCH v2 7/7] Smack: Handle labels consistently in untrusted mounts

On 10/13/2015 10:04 AM, Seth Forshee wrote: > The SMACK64, SMACK64EXEC, and SMACK64MMAP labels are all handled > differently in untrusted mounts. This is confusing and > potentically problematic. Change this to handle them all the same > way that SMACK64 is currently handled; that is, read the

Re: [PATCH] Smack: fix a NULL dereference in wrong smack_import_entry() usage

a6113: > > echo "$SOME_IPV6_ADDR \"test" > /smack/ipv6host > (this should return EINVAL, it doesn't) > cat /smack/ipv6host > (derefences 0x000a) > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com

Re: [PATCH 2/2] smack: smk_ipv6_port_list should be static

On 9/27/2015 8:10 AM, Geliang Tang wrote: > Fixes the following sparse warning: > > security/smack/smack_lsm.c:55:1: warning: symbol 'smk_ipv6_port_list' > was not declared. Should it be static? > > Signed-off-by: Geliang Tang <geliangt...@163.com> Acked-by: Casey Sc

Re: [PATCH] Smack: Minor initialisation improvement

ed-off-by: José Bollo <jose.bo...@iot.bzh> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> Applied to https://github.com/cschaufler/smack-next.git#smack-for-4.4 > --- > security/smack/smack_lsm.c | 4 ++-- > security/smack/smackfs.c | 2 +- > 2 files changed, 3

Re: [PATCH]: Smack: pipefs fix in smack_d_instantiate

On 10/5/2015 3:27 AM, Roman Kubiak wrote: > This fix writes the task label when > smack_d_instantiate is called, before the > label of the superblock was written on the > pipe's inode. > > Signed-off-by: Roman Kubiak <r.kub...@samsung.com> Acked-by: Casey Schaufler

Re: [PATCH] Smack: Fix wrong copy size

On 10/2/2015 6:19 AM, José Bollo wrote: > The function strncpy was copying an extra character > when i == len (what is possible via revoke interface). > > Change-Id: Ic7452da05773e620a1d7bbc55e859c25a86c65f6 > Signed-off-by: José Bollo > Signed-off-by: Stephane

Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels

On 10/4/2015 12:19 PM, Andreas Gruenbacher wrote: > Add a hook to invalidate an inode's security label when the cached > information becomes invalid. Where is this used? If I need to do the same for Smack or any other module, how would I know that it works right? > > Implement the new hook in

Re: [PATCH 06/37] Security: Separate task security context from task_struct

portions look fine. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 07/37] Security: De-embed task security record from task and use refcounting

the Smack side. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 09/37] Security: Allow kernel services to override LSM settings for task actions

do anything this looks fine. I'm not sure that I would want these hooks to do anything, it requires additional thought to determine if there is a good behavior for them. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module

Re: [PATCH] (linus git 02/19/08) Smack update for file capabilities

--- Serge E. Hallyn [EMAIL PROTECTED] wrote: Quoting Casey Schaufler ([EMAIL PROTECTED]): From: Casey Schaufler [EMAIL PROTECTED] Update the Smack LSM to allow the registration of the capability module as a secondary LSM. Integrate the new hooks required for file based capabilities

[PATCH] [RFC] Smack update for file capabilities

From: Casey Schaufler [EMAIL PROTECTED] This patch assumes Smack unlabeled outgoing ambient packets - v4 which is one reason it's RFC. Update the Smack LSM to allow the registration of the capability module as a secondary LSM. Integrate the new hooks required for file based capabilities

[PATCH] (linus git 02/19/08) Smack update for file capabilities

From: Casey Schaufler [EMAIL PROTECTED] Update the Smack LSM to allow the registration of the capability module as a secondary LSM. Integrate the new hooks required for file based capabilities. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] --- security/smack/smack_lsm.c | 87

Re: Possible problem in linux file posix capabilities

above and not bothering to fix the problem. I probably just missed it when it went by, but do you have some test cases for file capabilities lying about that I might use? Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security

Re: [PATCH net-2.6.25] Add packet filtering based on process's security context.

you get into that situation, and is it appropriate to have that situation in your security scheme? Can this occur without using privilege? Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL

[PATCH] (2.6.24-rc8-mm1) -mm Smack socket label setting fix

From: Casey Schaufler [EMAIL PROTECTED] Correct the checks in smack_inode_setxattr to include the socket labeling attributes. Simplify and correct smack_sock_graft, while the values it was setting were safe they were not correct and the job was not being done efficiently. smack_inode_setsecurity

[PATCH] (2.6.24-rc8-mm1) -mm v2 Smack socket label setting fix

From: Casey Schaufler [EMAIL PROTECTED] Correct the checks in smack_inode_setxattr to include the socket labeling attributes. Simplify and correct smack_sock_graft, while the values it was setting were safe they were not correct and the job was not being done efficiently. smack_inode_setsecurity

Re: [PATCH 08/26] Add a secctx_to_secid() LSM hook to go along with the existing

is on my todo list. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

. Only the cachefiles kernel module directly reads and writes the files. Correct. Well, my bad, and thank you for clearing up my misunderstanding. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

a (newobject) secid that an object gets on creation. And you want them all to be distinct and settable. Did I get that right? Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED

Re: [PATCH] security: remove security_sb_post_mountroot hook

] Cc: Chris Wright [EMAIL PROTECTED] Signed-off-by: H. Peter Anvin [EMAIL PROTECTED] It is also the case that Smack does not use this hook. It can be removed as far as I'm concerned. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security

Re: POSIX file capabilities for directories

append and delete files, pick a different name and implement an LSM to enforce it. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

; return 0; } Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [RFC PATCH v8 05/18] LSM: Add secctx_to_secid() LSM hook

to use LSM calls will be mostly straitforward if the secctx can be assumed to be a string. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

--- Stephen Smalley [EMAIL PROTECTED] wrote: On Tue, 2007-12-11 at 15:04 -0800, Casey Schaufler wrote: --- David Howells [EMAIL PROTECTED] wrote: Stephen Smalley [EMAIL PROTECTED] wrote: All your code has to do is invoke a function provided by libselinux. Calling

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

--- David Howells [EMAIL PROTECTED] wrote: Casey Schaufler [EMAIL PROTECTED] wrote: You may need to have an application, say cachefileselinuxcontext, that will read the current policy and spit out an appropriate value of whatever, but that can be separate and LSM specific without

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

--- David Howells [EMAIL PROTECTED] wrote: Casey Schaufler [EMAIL PROTECTED] wrote: What sort of authorization are you thinking of? I would expect that to have been done by cachefileselinuxcontext (or cachefilesspiffylsmcontext) up in userspace. If you're going to rely on userspace

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

it, if that's what he really wants to do. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

, given the daemon's own security context? That seems entirely reasonable to me. Works for Smack. I can't say definitively, but I think it will work for SELinux. Beyond that and we're into the fuzzy bit of the LSM. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

deal with Smack, or any LSM other than SELinux. Just as Stephen mentions, I also don't see the generality that a change of this magnitude really ought to provide. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

with the (perhaps archaic now) behavior of nfsd on Unix, which did nothing but lend it's credential to the underlying kernel code. I think it's a rational approach, although I expect that in may have troubles under SELinux. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line

[PATCH] (2.6.24-rc4-mm1) -mm Smack getpeercred_stream fix for SO_PEERSEC and TCP

From: Casey Schaufler [EMAIL PROTECTED] Collect the Smack label of the other end on connection so that getsockopt(..., SO_PEERSEC, ...) can report it. This is done in smack_inet_conn_request(). Report the correct value in smack_socket_getpeersec_stream(). Initialize the smk_packet field

Re: [PATCH 4/7] KEYS: Add keyctl function to get a security label

= selinux_key_getsecurity, #endif }; Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/7] KEYS: Add keyctl function to get a security label

or secid_to_secctx to secid_to_security. Not the problem of the day. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH] (2.6.24-rc3-mm2) -mm Smack mutex, capability, pointers, and spelling cleanup

From: Casey Schaufler [EMAIL PROTECTED] Addresses comments from akpm. Clean out unnecessary mutex initializations for Smack list locks. Once this is done, there is no need for them to be shared among multiple files, so pull them out of the header file and put them in the files where they belong

[PATCH] (2.4.26-rc3-mm2) -mm Update CAP_LAST_CAP to reflect CAP_MAC_ADMIN

From: Casey Schaufler [EMAIL PROTECTED] Bump the value of CAP_LAST_CAP to reflect the current last cap value. It appears that the patch that introduced CAP_LAST_CAP and the patch that introduced CAP_MAC_ADMIN came in more or less at the same time. Signed-off-by: Casey Schaufler [EMAIL PROTECTED

Re: [PATCH 1/2] namespaces: introduce sys_hijack (v10)

-info.html Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33

From: Casey Schaufler [EMAIL PROTECTED] This patch takes advantage of the increase in capability bits to allocate capabilities for Mandatory Access Control. Whereas Smack was overloading a previously allocated capability it is now using a pair, one for overriding access control checks

Re: [PATCH 2/2] hijack: update task_alloc_security

(tsk); - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line

Re: + smack-version-11c-simplified-mandatory-access-control-kernel.patch added to -mm tree

proposed before the virus in my sinuses knocks me out completely. Thank you. * DG/UX supported over 330 capabilities and is my personal poster child for excesses of granularity with regard to capabilities. I don't really expect to see a Linux port. Casey Schaufler [EMAIL PROTECTED

Re: + smack-version-11c-simplified-mandatory-access-control-kernel.patch added to -mm tree

--- Andrew Morgan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Casey Schaufler wrote: In the end we can call it CAP_LATE_FOR_DINNER if that's the only way I can move forward. CAP_MAC_OVERRIDE is the obvious partner to CAP_DAC_OVERRIDE, so that's still my

Re: [PATCH] (2.6.24-rc3 -mm only) Smack Version 11c Simplified Mandatory Access Control Kernel

--- Casey Schaufler [EMAIL PROTECTED] wrote: From: Casey Schaufler [EMAIL PROTECTED] ... I have verified this version against broken-out-2007-11-20-01-45 as well. Compiles, boots, and passes tests. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send

Re: [PATCH] (2.6.24-rc3 -mm only) Smack Version 11c Simplified Mandatory Access Control Kernel

--- Andrew Morton [EMAIL PROTECTED] wrote: On Tue, 20 Nov 2007 11:04:32 -0800 (PST) Casey Schaufler [EMAIL PROTECTED] wrote: --- Casey Schaufler [EMAIL PROTECTED] wrote: From: Casey Schaufler [EMAIL PROTECTED] ... I have verified this version against broken-out-2007-11

[PATCH] For -mm only - inode_getsecurity rework

From: Casey Schaufler [EMAIL PROTECTED] This represents the rework required for changes to inode_getsecurity. It is relative to smack24rc2v11, which is the version added to -mm, but subsequently removed because of the change to inode_getsecurity Signed-off-by: Casey Schaufler [EMAIL PROTECTED

Re: AppArmor Security Goal

--- Joshua Brindle [EMAIL PROTECTED] wrote: Casey Schaufler wrote: --- Crispin Cowan [EMAIL PROTECTED] wrote: Dr. David Alan Gilbert wrote: ... Can you explain why you want a non-privileged user to be able to edit policy? I would like to better understand the problem here

Repost - NetLabel: Introduce a new kernel configuration API for NetLabel

From: Paul Moore [EMAIL PROTECTED] Add a new set of configuration functions to the NetLabel/LSM API so that LSMs can perform their own configuration of the NetLabel subsystem without relying on assistance from userspace. Signed-off-by: Paul Moore [EMAIL PROTECTED] Signed-off-by: Casey Schaufler

Re: AppArmor Security Goal

a mandatory access control scheme that some people would like to be able to use as a discretionary access control scheme. This is creepy after seeing the MCS implementation in SELinux, which is also a DAC scheme wacked out of a MAC scheme. Very interesting indeed. Casey Schaufler [EMAIL PROTECTED

Re: [RFC PATCH v6 05/13] SELinux: add secctx_to_secid() LSM hook

--- Paul Moore [EMAIL PROTECTED] wrote: On Friday 09 November 2007 5:19:02 pm Casey Schaufler wrote: --- Paul Moore [EMAIL PROTECTED] wrote: Add a secctx_to_secid() LSM hook to go along with the existing secid_to_secctx() LSM hook. I'll bite. Where does this get used? Patch 12/13

Re: [PATCH 2/2] Version 11 (2.6.24-rc2) Smack: Simplified Mandatory Access Control Kernel

so far and see how best to make use of it, because my current plan is nowhere near as good as yours. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http

Re: [PATCH -v3] SELinux: Add get, set, and cloning of superblock security information

to subscribe, send mail to [EMAIL PROTECTED] with the words unsubscribe selinux without quotes as the message. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info

Re: [RFC PATCH v6 05/13] SELinux: add secctx_to_secid() LSM hook

with the secid in any case. In Linux 2.7 I propose that we fix these problems. Not today. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http

Re: [PATCH -v3] SELinux: Add get, set, and cloning of superblock security information

char flags;/* which mount options were specified */ unsigned char proc; /* proc fs */ struct mutex lock; struct list_head isec_head; Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security

[PATCH 0/2] Version 11 (2.6.24-rc2) Smack: Simplified Mandatory Access Control Kernel

This is version 11 of the Simplified Mandatory Access Control Kernel. The whole thing as available on the Smack home page at http://schaufler-ca.com The attachments to this message are not kernel code. They are early versions of the smackload and smackcipso programs, and are included in

[PATCH 1/2] NetLabel: Introduce a new kernel configuration API for NetLabel - Version 11 (2.6.24-rc2) Smack: Simplified Mandatory Access Control Kernel

From: Paul Moore [EMAIL PROTECTED] Add a new set of configuration functions to the NetLabel/LSM API so that LSMs can perform their own configuration of the NetLabel subsystem without relying on assistance from userspace. Signed-off-by: Paul Moore [EMAIL PROTECTED] --- include/net/netlabel.h

Re: [PATCH] NetLabel: Introduce a new kernel configuration API for NetLabel - For 2.6.24-rc-git11 - Smack Version 10

--- Joshua Brindle [EMAIL PROTECTED] wrote: Joshua Brindle wrote: Casey Schaufler wrote: From: Paul Moore [EMAIL PROTECTED] Add a new set of configuration functions to the NetLabel/LSM API so that LSMs can perform their own configuration of the NetLabel subsystem without relying

Re: [PATCH] NetLabel: Introduce a new kernel configuration API for NetLabel - For 2.6.24-rc-git11 - Smack Version 10

--- Casey Schaufler [EMAIL PROTECTED] wrote: --- Joshua Brindle [EMAIL PROTECTED] wrote: Joshua Brindle wrote: Casey Schaufler wrote: From: Paul Moore [EMAIL PROTECTED] Add a new set of configuration functions to the NetLabel/LSM API so that LSMs can perform their own

Re: Defense in depth: LSM *modules*, not a static interface

capabilities are a bonus, and there are lots of people who think that it would be really nifty if there were a separate capability for each if in the kernel. I personally don't see need for more than about 20. That is a matter of taste. DG/UX ended up with 330 and I say that's too many. Casey

Re: Defense in depth: LSM *modules*, not a static interface

--- Tetsuo Handa [EMAIL PROTECTED] wrote: Hello. Casey Schaufler wrote: Fine grained capabilities are a bonus, and there are lots of people who think that it would be really nifty if there were a separate capability for each if in the kernel. I personally don't see need for more than

Re: [PATCH] Smackv10: Smack rules grammar + their stateful parser

and compiled into selinux rules... Casey, who still thinks Pavel doesn't get it. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo

Re: Defense in depth: LSM *modules*, not a static interface

squeeze some legless reptiles now. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

. Sincerely, OMO Most excellent. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

, even if they were somehow stacked. Multiple LSMs has issues, like what should security_secid_to_secctx() return to the audit system, but privilege model shouldn't be one of them. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

that virtually no one wants into any system is a bad idea. If you haven't read Man of LaMancha I strongly suggest you do so. Or at least see the play, it's got some catchy songs. - * If you don't know what MULTICS was you can buy me a beer and I'll tell you the whole story Casey Schaufler [EMAIL

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

it was me, of course. Linus is right, you know. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/2] Version 9 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel

--- Joshua Brindle [EMAIL PROTECTED] wrote: Casey Schaufler wrote: The Smack patch and Paul Moore's netlabel API patch, together for 2.6.24-rc1. Paul's changes are identical to the previous posting, but it's been a while so they're here again. The sole intent of change has been

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel

presently. If not it may take a day or two longer. You have not been forgotten. Thank you for your contribution. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel

, and now have a (long) list of improvements and fixes. No rest for the wicked. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel

--- Stephen Smalley [EMAIL PROTECTED] wrote: On Wed, 2007-10-24 at 20:46 -0700, Casey Schaufler wrote: ... +Smack does not implement Domain Type Enforcement (DTE). If +you want DTE Linux has an implementation called SELinux. +Those who really want DTE are encouraged to use SELinux

Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)

that the capabilities maintainer be very stingy and refer anyone who's need isn't pretty obvious there. This means that the folks who want to divide CAP_SYSADMIN are going to be disappointed with what they get, but some level of restraint is important. Casey Schaufler [EMAIL PROTECTED

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

--- Chris Wright [EMAIL PROTECTED] wrote: * Casey Schaufler ([EMAIL PROTECTED]) wrote: And don't give me the old LKML is a tough crowd feldercarb. Security modules have been much worse. Innovation, even in security, is a good thing and treating people harshly, even for their own good

[PATCH 0/2] Version 9 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel

The Smack patch and Paul Moore's netlabel API patch, together for 2.6.24-rc1. Paul's changes are identical to the previous posting, but it's been a while so they're here again. The sole intent of change has been to address locking and/or list processing issues. Please don't hesitate to point out

[PATCH 1/2] [NetLabel] Introduce a new kernel configuration API for NetLabel - Version 9 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel

From: Paul Moore [EMAIL PROTECTED] Add a new set of configuration functions to the NetLabel/LSM API so that LSMs can perform their own configuration of the NetLabel subsystem without relying on assistance from userspace. Signed-off-by: Paul Moore [EMAIL PROTECTED] --- include/net/netlabel.h

Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory Access Control Kernel

--- Al Viro [EMAIL PROTECTED] wrote: On Tue, Oct 16, 2007 at 09:17:40PM -0700, Casey Schaufler wrote: At random: +static int smack_netlabel(struct sock *sk) +{ + static int initialized; + struct socket_smack *ssp = sk-sk_security; + struct netlbl_lsm_secattr secattr

Re: [RFC] [PATCH 2/2] capabilities: implement 64-bit capabilities

that capget64() and capget64() are the way to go. Any objections? Not from me. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org

Re: [PATCH] Version 7 (2.6.23) Smack: Simplified Mandatory Access Control Kernel

--- Ahmed S. Darwish [EMAIL PROTECTED] wrote: Hi Casey, On Sun, Oct 14, 2007 at 10:15:42AM -0700, Casey Schaufler wrote: + +CIPSO Configuration + +It is normally unnecessary to specify the CIPSO configuration. The default +values used by the system handle all internal cases

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

--- Serge E. Hallyn [EMAIL PROTECTED] wrote: Quoting Casey Schaufler ([EMAIL PROTECTED]): ... Good suggestion. In fact, that is exactly how I approached my first two attempts at the problem. What you get if you take that route is an imposing infrastructure that has virually nothing

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

. I sure hope so. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

and Smack share is that they only really provide security if all processes involved are under their control, just like the preemption behavior. This is not necessarily true of all possible LSMs. In that case it may be practicle to have different behavior for different containers. Casey Schaufler

Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

--- Eric W. Biederman [EMAIL PROTECTED] wrote: Casey Schaufler [EMAIL PROTECTED] writes: --- Eric W. Biederman [EMAIL PROTECTED] wrote: Likely. Until we have a generalized LSM interface with 1000 config options like netfilter I don't expect we will have grounds to talk or agree

[PATCH] [NetLabel] Introduce a new kernel configuration API for NetLabel - for Smack Version 5

From: Paul Moore [EMAIL PROTECTED] Add a new set of configuration functions to the NetLabel/LSM API so that LSMs can perform their own configuration of the NetLabel subsystem without relying on assistance from userspace. Signed-off-by: Paul Moore [EMAIL PROTECTED] --- This update fixes a memory

  1   2   >