Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore

Quoting Stephen Smalley ([email protected]):
> On Wed, 2006-04-19 at 10:50 -0700, Tony Jones wrote:
> > This patch exports the namespace_sem semaphore.
> > 
> > The shared subtree patches which went into 2.6.15-rc1 replaced the old
> > namespace semaphore which used to be per namespace (and visible) with a
> > new single static semaphore.
> > 
> > The reason for this change is that currently visibility of vfsmount information
> > to the LSM hooks is fairly patchy.  Either there is no passed parameter or
> > it can be NULL.  For the case of the former,  several LSM hooks that we
> > require to mediate have no vfsmount/nameidata passed.  We previously (mis)used
> > the visibility of the old per namespace semaphore to walk the processes 
> > namespace looking for vfsmounts with a root dentry matching the dentry we were 
> > trying to mediate.  
> > 
> > Clearly this is not viable long term strategy and changes working towards 
> > passing a vfsmount to all relevant LSM hooks would seem necessary (and also 
> > useful for other users of LSM). Alternative suggestions and ideas are welcomed.
> 
> The alternative I would recommend is to not use LSM.  It isn't suitable
> for your path-based approach.  If your path-based approach is deemed
> legitimate, then introduce new hooks at the proper point in processing
> where the information you need is available.

Whoa, so now LSM is not for access control?

Of course if SuSE follows Al Viro's suggestion of using namespaces
(effectively using capabilities in their traditional sense), they'll use
fewer hooks, but they'll still need to prevent leaking of fd's accross
namespaces, for instance.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
    • From: Stephen Smalley <[email protected]>

• References:
  • [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: Tony Jones <[email protected]>
  • [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
    • From: Tony Jones <[email protected]>
  • Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
    • From: Stephen Smalley <[email protected]>

• Prev by Date: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
• Next by Date: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
• Previous by thread: Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
• Next by thread: Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]