[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHse=S_wZez=XOfGwkCCWXGMAFj3ivbL9g93RX66bOw3cYw1kQ@mail.gmail.com>
Date: Wed, 2 Jul 2014 18:09:27 +0100
From: David Drysdale <drysdale@...gle.com>
To: Paul Moore <paul@...l-moore.com>
Cc: Andy Lutomirski <luto@...capital.net>,
LSM List <linux-security-module@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Meredydd Luff <meredydd@...atehouse.org>,
Kees Cook <keescook@...omium.org>,
James Morris <james.l.morris@...cle.com>,
Linux API <linux-api@...r.kernel.org>
Subject: Re: [PATCH 09/11] capsicum: implementations of new LSM hooks
On Wed, Jul 2, 2014 at 2:49 PM, Paul Moore <paul@...l-moore.com> wrote:
> On Monday, June 30, 2014 09:05:38 AM Andy Lutomirski wrote:
>> On Mon, Jun 30, 2014 at 3:28 AM, David Drysdale <drysdale@...gle.com> wrote:
>> > If the LSM does not provide implementations of the .file_lookup and
>> > .file_install LSM hooks, always use the Capsicum implementations.
>> >
>> > The Capsicum implementation of file_lookup checks for a Capsicum
>> > capability wrapper file and unwraps to if the appropriate rights
>> > are available.
>> >
>> > The Capsicum implementation of file_install checks whether the file
>> > has restricted rights associated with it. If it does, it is replaced
>> > with a Capsicum capability wrapper file before installation into the
>> > fdtable.
>>
>> I think I fall on the "no LSM" side of the fence. This kind of stuff
>> should be available regardless of selected LSM (as it is in your
>> code) ...
>
> I agree. Looking quickly at the patches, the code seems to take an odd
> approach of living largely outside the LSM framework, but then relying on a
> couple of LSM hooks. Capsicum should either live fully as a LSM or fully
> outside of it, this mix seems a bit silly to me.
Yeah, the end result was definitely a bit odd, hence the queries in the
cover email. The consensus so far seems to be that they don't help,
so I'll remove the gratuitous LSM hooks on the next iteration.
Thanks,
David
> --
> paul moore
> www.paul-moore.com
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists