If you add any new code to the kernel which exposes any kind of
privileged operation to userspace, then it probably needs an LSM hook and
subsequent changes to SELinux.
It would certainly be unreasonable to expect all kernel developers to know
how to do this, however, it is usually very simple to determine when a new
LSM would be needed as a first step.
The simple tests are: does the code you're adding perform any new DAC
checks involving any of the user or group ID fields of a task? Did you
add a capable() call? Does it call DAC helper functions?
If so, it's possible that a corresponding MAC check needs to be added via
LSM; and I'd ask that you simply cc any or all of the LSM and/or SELinux
maintainers when posting such patches upstream for RFC or inclusion. We
can work on the LSM and SELinux side of things if needed.
This will not cover every case, but I think it will cover most of the ones
that are likely to come up in the future. If in doubt, it won't hurt to ask.
(CC'd GKH hoping something of this can go into his kernel hacking howto).
- James
--
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]