|
|
Subscribe / Log in / New account

Re: [PULL] LSM: Basic module stacking infrastructure for security-next - Acked

[Posted May 20, 2015 by corbet]

From:  Casey Schaufler <casey-AT-schaufler-ca.com>
To:  Lukasz Pawelczyk <l.pawelczyk-AT-samsung.com>, LSM <linux-security-module-AT-vger.kernel.org>
Subject:  Re: [PULL] LSM: Basic module stacking infrastructure for security-next - Acked
Date:  Tue, 12 May 2015 21:06:03 -0700
Message-ID:  <5552CDAB.7010005@schaufler-ca.com>

On 5/12/2015 2:17 AM, Lukasz Pawelczyk wrote:
> On wto, 2015-05-12 at 15:02 +1000, James Morris wrote:
>> On Fri, 8 May 2015, Casey Schaufler wrote:
>>
>>> James, here's an updated pull request for LSM stacking.
>>> Acks have been applied.
>>>
>>> The following changes since commit b787f68c36d49bb1d9236f403813641efa74a031:
>>>
>>>   Linux 4.1-rc1 (2015-04-26 17:59:10 -0700)
>>>
>>> are available in the git repository at:
>>>
>>>   git@github.com:cschaufler/smack-next.git stacking-v22-acked
>
> I have 2 questions regarding those patches:
>
> 1. Will it be possible to stack arbitrary LSMs with it? Cause right now
> the only thing I see that is actually being used is Yama that is
> configured on the init level instead per LSM hook. I don't see any means
> to select any LSM module I want with this (yet?)

No. The behavior is the same as before, but with a different framework.
Where before there were two special case modules (capability and Yama)
there is now a general scheme that is only slightly utilized. "Yet" is
in fact the key word. There are security blob and secid issues that this
set does not address. That's the next round.

> 2. What about "void *security" pointers in various system objects (task,
> inode, file, etc). If you would stack e.g. Smack and SELinux together
> right now they would conflict. Are there plans to handle this as well?

That's the plan. The community felt that it was better to address the
generalization of capabilities and Yama stacking before tackling that
issue. And, of course, it's generally believed that Smack+Tomoyo or
SELinux+AppArmor is much more interesting than SELinux+Smack. Frankly,
I've never wanted to see a security admin's head explode, and I fear
that it could happen in the SELinux+Smack case.

My intention is to encourage smaller, targeted security modules. You
are very limited in what you can do today, with the blob pointers the
way they are. I will be making some proposals in the arena once I've
caught up on some of the other tasks on my plate.

> Thanks,
> Lukasz Pawelczyk
>
>
>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

to post comments


Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds