> 2. A small problem > ================== > As cool as it may sound, I think the implementation is not as clean as > possible. > > Let's pick a random starting point: The subadmin is allowed to call > drivers/char/lp.c:lp_ioctl():LPGETSTATS. Or > fs/quota.c:generic_quotactl_valid():Q_GET*/Q_XGET*. For that to work > without too much code changes, CAP_SYS_ADMIN must be given to the > subadmin. > > However, CAP_SYS_ADMIN (others are affected too, but this is the main one) > is used for other things too (mostly write or ioctl operations), which is > actually something that should not be granted to the subadmin. > > This poses a problem. Currently, it is solved by adding an extra LSM hook, > security_cap_extra(), called from capable(). The hooked function then > looks at current->*uid/*gid and returns 1 or 0, depending on whether an > action is allowed or not. For more details see patch #1. > > I wonder if we should just split up CAP_SYS_ADMIN then... that might end up being the most simple solution... - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- References:
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Christoph Hellwig <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Christoph Hellwig <[email protected]>
- Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: James Morris <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Greg KH <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Jan Engelhardt <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Arjan van de Ven <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Jan Engelhardt <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Greg KH <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Jan Engelhardt <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Greg KH <[email protected]>
- [PATCH 0/4] MultiAdmin LSM
- From: Jan Engelhardt <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- Prev by Date: [PATCH 4/4] MultiAdmin module
- Next by Date: Re: [uml-devel] [RFC] PATCH 3/4 - Time virtualization : PTRACE_SYSCALL_MASK
- Previous by thread: Re: [PATCH 4/4] MultiAdmin module
- Next by thread: [PATCH 4a/4] MultiAdmin LSM (LKCS'ed)
- Index(es):
 |