Linux security non-modules and AppArmor [LWN.net]

Linux security non-modules and AppArmor

Posted Jun 28, 2007 8:47 UTC (Thu) by ljt (guest, #33337)
In reply to: Linux security non-modules and AppArmor by jamesm
Parent article: Linux security non-modules and AppArmor

I agree fully: selinux must be included in the kernel the same way memory management, network or vfs are.

I think though that selinux would gain a BIG user mindshare by becoming less opaque: Common mortal *cannot* know which constraints a process is under.
There is tool to see the label in files, but there is no tools (that I am aware of) to see in which context a process is under and what it is allowed to do.
Take the legacy DAC model: ps gives you the uid/gid, this is all you know to match the ressources it can manipulate.

Make no mistake: inspecting .mod, .te, .pp objects is to selinux what forensic is to live debugging. We *must* have _live_ and _convenient_ tools to:
-See process contexts and the relvant rules it is under
-Apply or remove type enforcement rules the same way chcon works (think pscon)
-Provoque transitions between process contexts while running

It is currently a PITA to admin the thing in a mission critical environment

(Log in to post comments)

Linux security non-modules and AppArmor

Posted Jun 28, 2007 11:48 UTC (Thu) by jamesm (guest, #2273) [Link]

Thanks for the feedback. You can see what context a process is running under with -Z (this works for many tools, even things like netstat), but you're right that we need to do a lot more work on management. Likely we'll be able to make use of the exported runtime policy idea you mentioned recently.