Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-04-24 at 08:29 -0500, Serge E. Hallyn wrote:
> Quoting Arjan van de Ven ([email protected]):
> > On Mon, 2006-04-24 at 08:09 -0500, Serge E. Hallyn wrote:
> > > Quoting Arjan van de Ven ([email protected]):
> > > > for all such things in the first place. In fact, we already know that to
> > > > do auditing, LSM is the wrong thing to do (and that's why audit doesn't
> > > > use LSM). It's one of those fundamental linux truths: Trying to be
> > > 
> > > As I recall it was simply decided that LSM must be "access control
> > > only", and that was why it wasn't used for audit.
> > 
> > no you recall incorrectly.
> > Audit needs to audit things that didn't work out, like filenames that
> > don't exist. Audit needs to know what is going to happen before the
> > entire "is this allowed" chain is going to be followed. SELInux and
> > other LSM parts are just one part of that chain, and there's zero
> > guarantee that you get to the LSM part in the chain.....  Now of course
> 
> Ah yes.  It needed to be authoritative.  I did recall incorrectly.
> 
> I suspect some would argue that you are right that LSM is broken, but
> only because it wasn't allowed to be authoritative. 

authoritative isn't enough; think about it. The VFS isn't ever going to
ask "can I open this file" if the file doesn't exist in the first place;
same in many other places. You'd have to almost double the hooks, and as
I said, to call those hooks "LSM" would be silly and dishonest.

LSM is not Hooks-R-Us. It's a permission model. 


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux