| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <31027d8e-50bc-70be-b4f2-a96a84de2bae@schaufler-ca.com>
Date: Fri, 6 Nov 2020 16:20:43 -0800
From: Casey Schaufler <casey@...aufler-ca.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: casey.schaufler@...el.com, jmorris@...ei.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
linux-audit@...hat.com, keescook@...omium.org,
john.johansen@...onical.com, penguin-kernel@...ove.sakura.ne.jp,
paul@...l-moore.com, sds@...ho.nsa.gov,
linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH v22 12/23] LSM: Specify which LSM to display
On 11/5/2020 1:22 AM, Greg KH wrote:
> On Wed, Nov 04, 2020 at 03:41:03PM -0800, Casey Schaufler wrote:
>> Create a new entry "display" in the procfs attr directory for
>> controlling which LSM security information is displayed for a
>> process. A process can only read or write its own display value.
>>
>> The name of an active LSM that supplies hooks for
>> human readable data may be written to "display" to set the
>> value. The name of the LSM currently in use can be read from
>> "display". At this point there can only be one LSM capable
>> of display active. A helper function lsm_task_display() is
>> provided to get the display slot for a task_struct.
>>
>> Setting the "display" requires that all security modules using
>> setprocattr hooks allow the action. Each security module is
>> responsible for defining its policy.
>>
>> AppArmor hook provided by John Johansen <john.johansen@...onical.com>
>> SELinux hook provided by Stephen Smalley <sds@...ho.nsa.gov>
>>
>> Reviewed-by: Kees Cook <keescook@...omium.org>
>> Acked-by: Stephen Smalley <sds@...ho.nsa.gov>
>> Acked-by: Paul Moore <paul@...l-moore.com>
>> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
>> Cc: linux-api@...r.kernel.org
>> ---
>> fs/proc/base.c | 1 +
>> include/linux/lsm_hooks.h | 17 +++
>> security/apparmor/include/apparmor.h | 3 +-
>> security/apparmor/lsm.c | 32 +++++
>> security/security.c | 169 ++++++++++++++++++++++++---
>> security/selinux/hooks.c | 11 ++
>> security/selinux/include/classmap.h | 2 +-
>> security/smack/smack_lsm.c | 7 ++
>> 8 files changed, 223 insertions(+), 19 deletions(-)
>>
>> diff --git a/fs/proc/base.c b/fs/proc/base.c
>> index 0f707003dda5..7432f24f0132 100644
>> --- a/fs/proc/base.c
>> +++ b/fs/proc/base.c
>> @@ -2806,6 +2806,7 @@ static const struct pid_entry attr_dir_stuff[] = {
>> ATTR(NULL, "fscreate", 0666),
>> ATTR(NULL, "keycreate", 0666),
>> ATTR(NULL, "sockcreate", 0666),
>> + ATTR(NULL, "display", 0666),
> That's a vague name, any chance it can be more descriptive?
Sure. How about lsm_display, or display_lsm? I wouldn't say that
any of the files in /proc/*/attr have especially descriptive names,
but that's hardly an excuse.
> And where is the Documentation/ABI/ entries for all of this, how does
> userspace know what these things are, and how to use them?
I'll add ABI descriptions and move some of the lsm.rst up from where it
is later in the patchset.
>
> thanks,
>
> greg k-h
Powered by blists - more mailing lists