Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting [email protected] ([email protected]):
> On Mon, 17 Apr 2006 22:26:24 BST, Alan Cox said:
> 
> (Two replies to this paragraph, addressing 2 separate issues....)
> 
> > You can implement a BSD securelevel model in SELinux as far as I can see
> > from looking at it, and do it better than the code today, so its not
> > really a feature drop anyway just a migration away from some fossils
> 
> If we heave the LSM stuff overboard, there's one thing that *will* need
> addressing - what to do with kernel support of Posix-y capabilities.  Currently
> some of the heavy lifting is done by security/commoncap.c.
> 
> Frankly, that's *another* thing that we need to either *fix* so it works right,
> or rip out of the kernel entirely.  As far as I know, there's no in-tree way
> to make /usr/bin/ping be set-CAP_NET_RAW and have it DTRT.

Sigh...  it's such a cool idea, and yet such a dangerously easy thing to
get wrong, ie dropping the ability for a root process to drop it's root
privs.

If we were to drop posix caps, how would selinux change correspondingly?
Would it just drop the capability class altogether, perhaps beef up the
task or security class?  Just wondering whether anyone had thought about
this.

Alternatively, we could try yet again to get support for fs caps
upstream...

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux