| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 27 Aug 2011 08:57:03 +0300 From: "Sakkinen, Jarkko" <jarkko.sakkinen@...el.com> To: Eric Paris <eparis@...hat.com> Cc: Eric Paris <eparis@...isplace.org>, Casey Schaufler <casey@...aufler-ca.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH] Smack: SMACK_IOCLOADACCESS On Fri, Aug 26, 2011 at 8:01 PM, Eric Paris <eparis@...hat.com> wrote: > On 08/26/2011 12:05 PM, Sakkinen, Jarkko wrote: >> On Fri, Aug 26, 2011 at 3:50 PM, Eric Paris <eparis@...isplace.org> wrote: >>> On Fri, Aug 26, 2011 at 1:52 AM, Jarkko Sakkinen >>> <jarkko.sakkinen@...el.com> wrote: >>>> IOCTL call for /smack/load that takes access rule in >>>> the same format as they are written into /smack/load. >>>> Sets errno to zero if access is allowed and to EACCES >>>> if not. >>>> >>>> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...el.com> >>> >>> [SELinux maintainer here, but Casey knew to already take what I say >>> with a grain of salt] >>> >>> I'm not telling you to do anything differently, just telling you what >>> SELinux does, and why we do it. SELinux has a file in selinuxfs >>> called 'access.' The file can be opened and one can write a rule into >>> the file. One then calls read and gets back a structure which >>> contains all of the permissions information allowed for the >>> source/target/class. In SELinux we calculate all of the permissions >>> for the tuple at once so providing all of the information at once can >>> make a lot of sense. libselinux provides libraries that will cache >>> these decisions in the userspace program and quickly answer the same >>> (or similar) questions later. >>> >>> http://userspace.selinuxproject.org/trac/browser/libselinux/src/compute_av.c >> >> Thank you for this information. One thing that concerns >> me in this approach is the scenario where things serialize >> to the following sequence: >> >> - Process A does open() >> - Process B does open() >> - Process A does write() >> - Process B does write() >> - Process A does read() >> - ... (sequence continues) >> >> What's the end result? > > SELinux attaches the information needed to the struct file private area > inside the kernel using the kernel provided fs/libfs.c functions > simple_transation_*. Which means that 2 processes have no issues > interfering with each other. A multi threaded or misbehaving > application may get EBUSY on write() if another write()/read() combo is > in progress. Its nice that the kernel has libraries which solve this > problem for us! > > I don't know SMACK internals, but if one ever wants to have SMACK > userspace object managers the ability for the interface to only be able > to return a single value might be an eventual bottleneck. You're right. his looks like another doable way to implement it. I do buy your argument that it would good if Smack would use equivalent API that is used in other places where similar scenario applies. I'm preparing a refactored patch that uses simple_transaction API > > Like I said, do whatever you guys think is best, but I'm constantly > going to point out and ask for LSM similarities when possible! > > -Eric > /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists