On Thu, 2006-10-26 at 18:09 +0100, David Howells wrote:
> > and prior to creating a file within the cache, it would set the current
> > fscreate attribute (via a security hook call) to that per-cache value, in
> > much the same way it is presently setting the fsuid/fsgid.
>
> That sounds reasonable. There has to be some way to revert it, though.
Yes, that can be done. See below.
> > The fscreate attribute is normally set via the security_setprocattr hook
> > (when a task writes to /proc/self/attr/fscreate);
>
> That makes it sound like fscreate is a per-process attribute, not a per-thread
> attribute. The former would definitely be a problem.
It is actually per-task (thread), sorry for the confusing reference
to /proc/self.
> > You may also want to convert the context value to a secid once when it is
> > first configured, and then later just pass the secid to the hook call for
> > setting the fscreate value for efficiency.
>
> I'm not sure what you mean by that. Can you give a pseudo-code example?
When the daemon writes the context value (a string) to the cachefiles
module interface for a given cache, the cachefiles module would do
something like the following:
/* Map the context to an integer. */
rc = security_secctx_to_secid(value, size, &secid);
if (rc)
goto err;
/* Check permission of current to set this context. */
rc = security_cache_set_context(secid);
if (rc)
goto err;
cache->secid = secid;
SELinux would then provide selinux_secctx_to_secid() and
selinux_cache_set_context() implementations; the former would just be
call to selinux_string_to_sid(), while the latter would require some new
permission check to be defined unless we can treat this as equivalent to
some existing operation. You'll find that there is already a
security_secid_to_secctx() hook defined for LSM, so the first hook just
adds the other direction.
Later, when going to create a file in that cache, the cachefiles module
would do something like:
/* Save and switch the fs secid for creation. */
fssecid = security_getfssecid();
security_setfssecid(cache->secid);
<create file>
/* Restore the original fs secid. */
security_setfssecid(fssecid);
SELinux would then provide selinux_getfsecid() and selinux_setfssecid()
implementations that are just:
u32 selinux_getfssecid(void)
{
struct task_security_struct *tsec = current->security;
return tsec->create_sid;
}
void selinux_setfssecid(u32 secid)
{
struct task_security_struct *tsec = current->security;
tsec->create_sid = secid;
}
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
