HOWTO add privileged code to the kernel without breaking LSM/SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If you add any new code to the kernel which exposes any kind of 
privileged operation to userspace, then it probably needs an LSM hook and 
subsequent changes to SELinux.

It would certainly be unreasonable to expect all kernel developers to know 
how to do this, however, it is usually very simple to determine when a new 
LSM would be needed as a first step.

The simple tests are: does the code you're adding perform any new DAC 
checks involving any of the user or group ID fields of a task?  Did you 
add a capable() call?  Does it call DAC helper functions?

If so, it's possible that a corresponding MAC check needs to be added via 
LSM; and I'd ask that you simply cc any or all of the LSM and/or SELinux 
maintainers when posting such patches upstream for RFC or inclusion.  We 
can work on the LSM and SELinux side of things if needed.

This will not cover every case, but I think it will cover most of the ones 
that are likely to come up in the future.  If in doubt, it won't hurt to ask.


(CC'd GKH hoping something of this can go into his kernel hacking howto).


- James
-- 
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux