RE: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

2018-09-28 Thread Schaufler, Casey
nsen, Dave ; linux-security-module mod...@vger.kernel.org>; selinux@tycho.nsa.gov; Arjan van de Ven > > Subject: Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel > > On Fri, 28 Sep 2018, Jann Horn wrote: > > > > so with this hard-coded logic, you are say

Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

2018-09-28 Thread James Morris
On Fri, 28 Sep 2018, Jann Horn wrote: > > so with this hard-coded logic, you are saying this case is > > 'safe' in a sidechannel context. > > > > Which hints at the deeper issue that containers are a userland > > abstraction. Protection of containers needs to be defined by userland > > policy. >

Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

2018-09-28 Thread Jann Horn via Selinux
On Fri, Sep 28, 2018 at 1:43 AM James Morris wrote: > On Thu, 27 Sep 2018, Schaufler, Casey wrote: > > > > On 9/27/2018 2:45 PM, James Morris wrote: > > > > > On Wed, 26 Sep 2018, Casey Schaufler wrote: > > > > > > > > > >> + /* > > > > >> + * Namespace checks. Considered safe if: > >

Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

2018-09-28 Thread James Morris
On Thu, 27 Sep 2018, Casey Schaufler wrote: > On 9/27/2018 2:45 PM, James Morris wrote: > > On Wed, 26 Sep 2018, Casey Schaufler wrote: > > > >> + /* > >> + * Namespace checks. Considered safe if: > >> + * cgroup namespace is the same > >> + * User namespace is the same > >> +

RE: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

2018-09-28 Thread James Morris
On Thu, 27 Sep 2018, Schaufler, Casey wrote: > > > On 9/27/2018 2:45 PM, James Morris wrote: > > > > On Wed, 26 Sep 2018, Casey Schaufler wrote: > > > > > > > >> + /* > > > >> + * Namespace checks. Considered safe if: > > > >> + * cgroup namespace is the same > > > >> +

RE: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

2018-09-28 Thread Schaufler, Casey
nel.org; Hansen, Dave > ; linux-security-mod...@vger.kernel.org; > selinux@tycho.nsa.gov; ar...@linux.intel.com > Subject: Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel > > On Thu, 27 Sep 2018, Casey Schaufler wrote: > > > On 9/27/2018 2:45 PM, James M

Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

2018-09-28 Thread Casey Schaufler
On 9/27/2018 2:45 PM, James Morris wrote: > On Wed, 26 Sep 2018, Casey Schaufler wrote: > >> +/* >> + * Namespace checks. Considered safe if: >> + * cgroup namespace is the same >> + * User namespace is the same >> + * PID namespace is the same >> + */ >> +

Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

2018-09-27 Thread James Morris
On Wed, 26 Sep 2018, Casey Schaufler wrote: > + /* > + * Namespace checks. Considered safe if: > + * cgroup namespace is the same > + * User namespace is the same > + * PID namespace is the same > + */ > + if (current->nsproxy) > + ccgn

[PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

2018-09-27 Thread Casey Schaufler
From: Casey Schaufler This is a new Linux Security Module (LSM) that checks for potential sidechannel issues that are not covered in the ptrace PTRACE_MODE_SCHED option. Namespace differences are checked in this intitial version. Additional checks should be added when they are determined to be