[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110719203843.646.73383.stgit@mike2.sea.corp.google.com>
Date: Tue, 19 Jul 2011 13:38:43 -0700
From: Mike Waychison <mikew@...gle.com>
To: "Andrew G. Morgan" <agm@...gle.com>,
Maximilian Attems <max@...o.at>,
Eric Northup <digitaleric@...gle.com>,
Alan Cox <alan@...rguk.ukuu.org.uk>,
"H. Peter Anvin" <hpa@...or.com>
Cc: Eric Paris <eparis@...isplace.org>, klibc@...or.com,
linux-kernel@...r.kernel.org
Subject: [PATCH v1 0/2] Support dropping of capabilities from early userspace.
This patchset applies to klibc mainline. As is it will probably collide
with Maximilian's recent patch to rename run-init to switch_root posted
last week.
To boot an untrusted environment with certain capabilities locked out,
we'd like to be able to drop the capabilities up front from early
userspace, before we actually transition onto the root volume.
This patchset implements this by adding a "drop capabilities" ability to
both kinit and run-init in the klibc package. For kinit, it now
understands a new kernel command line option, "drop_capabilities" that
specifies a comma separated list of capability names that should be
dropped right before execing the next init binary on the next root
device.
run-init also has the ability to use this drop_capabilities function by
specifying capabilities that should be dropped with a new command line
flag, '-d'.
Given that this patchset is meant to help secure boots, we treat any
errors as total failure to boot by exiting the process with a failing
exit code.
Thanks,
Mike Waychison
Related discussions
===================
- Thread discussing my wanting to compile out kernel interfaces that
we do not want to expose to the userspace environment, with Alan
Cox convincing me that I really just want to disable certain
capabilities:
https://lkml.org/lkml/2011/7/15/412
Patchset summary
================
syscalls: Add capset and capget
run-init: Add drop_capabilities support.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists