Re: [PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
--- Andrew Morton <[EMAIL PROTECTED]> wrote: > > > > + !__capable(current, CAP_MAC_ADMIN)) > > + !__capable(current, CAP_MAC_ADMIN)) > > Is there any reason for not using plain old capable() here? Nope. I'll clean that up. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
On Mon, 26 Nov 2007 12:38:56 -0800 Casey Schaufler <[EMAIL PROTECTED]> wrote: > From: Casey Schaufler <[EMAIL PROTECTED]> > > This patch takes advantage of the increase in capability bits > to allocate capabilities for Mandatory Access Control. Whereas > Smack was overloading a previously allocated capability it is > now using a pair, one for overriding access control checks and > the other for changes to the MAC configuration. > > The two capabilities allocated should be obvious in their intent. > The comments in capability.h are intended to make it clear that > there is no intention that implementations of MAC LSM modules > be any more constrained by the presence of these capabilities > than an implementation of DAC LSM modules are by the analogous > DAC capabilities. > > > + !__capable(current, CAP_MAC_ADMIN)) > + !__capable(current, CAP_MAC_ADMIN)) Is there any reason for not using plain old capable() here? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
On Mon, 26 Nov 2007 12:38:56 -0800 Casey Schaufler [EMAIL PROTECTED] wrote: From: Casey Schaufler [EMAIL PROTECTED] This patch takes advantage of the increase in capability bits to allocate capabilities for Mandatory Access Control. Whereas Smack was overloading a previously allocated capability it is now using a pair, one for overriding access control checks and the other for changes to the MAC configuration. The two capabilities allocated should be obvious in their intent. The comments in capability.h are intended to make it clear that there is no intention that implementations of MAC LSM modules be any more constrained by the presence of these capabilities than an implementation of DAC LSM modules are by the analogous DAC capabilities. + !__capable(current, CAP_MAC_ADMIN)) + !__capable(current, CAP_MAC_ADMIN)) Is there any reason for not using plain old capable() here? - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
--- Andrew Morton [EMAIL PROTECTED] wrote: + !__capable(current, CAP_MAC_ADMIN)) + !__capable(current, CAP_MAC_ADMIN)) Is there any reason for not using plain old capable() here? Nope. I'll clean that up. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Signed-off-by: Andrew G. Morgan <[EMAIL PROTECTED]>
Cheers
Andrew
Casey Schaufler wrote:
> From: Casey Schaufler <[EMAIL PROTECTED]>
>
> This patch takes advantage of the increase in capability bits
> to allocate capabilities for Mandatory Access Control. Whereas
> Smack was overloading a previously allocated capability it is
> now using a pair, one for overriding access control checks and
> the other for changes to the MAC configuration.
>
> The two capabilities allocated should be obvious in their intent.
> The comments in capability.h are intended to make it clear that
> there is no intention that implementations of MAC LSM modules
> be any more constrained by the presence of these capabilities
> than an implementation of DAC LSM modules are by the analogous
> DAC capabilities.
>
>
> Signed-off-by: Casey Schaufler <[EMAIL PROTECTED]>
>
> ---
>
> The companion patch for libcap-2.02 is provided as an attachment.
> The attachment is not a kernel patch, although it would be easy to
> mistake it for one.
>
> Introduces CAP_FS_MASK_B1 and uses it as appropriate. I think that
> I found all the places it needs to be used, but don't hesitate to
> let me know if I missed something.
>
> Thank you.
>
> include/linux/capability.h | 24 ++--
> security/smack/smack.h |8
> security/smack/smack_lsm.c |8
> security/smack/smackfs.c | 12 ++--
> 4 files changed, 32 insertions(+), 20 deletions(-)
>
> diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
> linux-2.6.24-rc3-mm1-base/include/linux/capability.h
> linux-2.6.24-rc3-mm1-smack/include/linux/capability.h
> --- linux-2.6.24-rc3-mm1-base/include/linux/capability.h 2007-11-22
> 01:51:36.0 -0800
> +++ linux-2.6.24-rc3-mm1-smack/include/linux/capability.h 2007-11-25
> 21:38:34.0 -0800
> @@ -314,6 +314,23 @@ typedef struct kernel_cap_struct {
>
> #define CAP_SETFCAP 31
>
> +/* Override MAC access.
> + The base kernel enforces no MAC policy.
> + An LSM may enforce a MAC policy, and if it does and it chooses
> + to implement capability based overrides of that policy, this is
> + the capability it should use to do so. */
> +
> +#define CAP_MAC_OVERRIDE 32
> +
> +/* Allow MAC configuration or state changes.
> + The base kernel requires no MAC configuration.
> + An LSM may enforce a MAC policy, and if it does and it chooses
> + to implement capability based checks on modifications to that
> + policy or the data required to maintain it, this is the
> + capability it should use to do so. */
> +
> +#define CAP_MAC_ADMIN33
> +
> /*
> * Bit location of each capability (used by user-space library and kernel)
> */
> @@ -336,6 +353,8 @@ typedef struct kernel_cap_struct {
> | CAP_TO_MASK(CAP_FOWNER) \
> | CAP_TO_MASK(CAP_FSETID))
>
> +# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
> +
> #if _LINUX_CAPABILITY_U32S != 2
> # error Fix up hand-coded capability macro initializers
> #else /* HAND-CODED capability initializers */
> @@ -343,8 +362,9 @@ typedef struct kernel_cap_struct {
> # define CAP_EMPTY_SET{{ 0, 0 }}
> # define CAP_FULL_SET {{ ~0, ~0 }}
> # define CAP_INIT_EFF_SET {{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}
> -# define CAP_FS_SET {{ CAP_FS_MASK_B0, 0 }}
> -# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), 0
> }}
> +# define CAP_FS_SET {{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }
> +# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
> + CAP_FS_MASK_B1 } }
>
> #endif /* _LINUX_CAPABILITY_U32S != 2 */
>
> diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
> linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c
> linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c
> --- linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c2007-11-22
> 01:51:43.0 -0800
> +++ linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c 2007-11-24
> 11:29:29.0 -0800
> @@ -241,7 +241,7 @@ static ssize_t smk_write_load(struct fil
>* No partial writes.
>* Enough data must be present.
>*/
> - if (!capable(CAP_MAC_OVERRIDE))
> + if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
> if (*ppos != 0)
> return -EINVAL;
> @@ -474,7 +474,7 @@ static ssize_t smk_write_cipso(struct fi
>* No partial writes.
>* Enough data must be present.
>*/
> - if (!capable(CAP_MAC_OVERRIDE))
> + if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
> if (*ppos != 0)
> return -EINVAL;
> @@ -601,7 +601,7 @@ static ssize_t smk_write_doi(struct file
> char temp[80];
> int i;
>
> - if (!capable(CAP_MAC_OVERRIDE))
> + if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
>
>
Re: [PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
Quoting Casey Schaufler ([EMAIL PROTECTED]):
> From: Casey Schaufler <[EMAIL PROTECTED]>
>
> This patch takes advantage of the increase in capability bits
> to allocate capabilities for Mandatory Access Control. Whereas
> Smack was overloading a previously allocated capability it is
> now using a pair, one for overriding access control checks and
> the other for changes to the MAC configuration.
>
> The two capabilities allocated should be obvious in their intent.
> The comments in capability.h are intended to make it clear that
> there is no intention that implementations of MAC LSM modules
> be any more constrained by the presence of these capabilities
> than an implementation of DAC LSM modules are by the analogous
> DAC capabilities.
>
>
> Signed-off-by: Casey Schaufler <[EMAIL PROTECTED]>
Looks good from here.
Acked-by: Serge Hallyn <[EMAIL PROTECTED]>
>
> ---
>
> The companion patch for libcap-2.02 is provided as an attachment.
> The attachment is not a kernel patch, although it would be easy to
> mistake it for one.
>
> Introduces CAP_FS_MASK_B1 and uses it as appropriate. I think that
> I found all the places it needs to be used, but don't hesitate to
> let me know if I missed something.
>
> Thank you.
>
> include/linux/capability.h | 24 ++--
> security/smack/smack.h |8
> security/smack/smack_lsm.c |8
> security/smack/smackfs.c | 12 ++--
> 4 files changed, 32 insertions(+), 20 deletions(-)
>
> diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
> linux-2.6.24-rc3-mm1-base/include/linux/capability.h
> linux-2.6.24-rc3-mm1-smack/include/linux/capability.h
> --- linux-2.6.24-rc3-mm1-base/include/linux/capability.h 2007-11-22
> 01:51:36.0 -0800
> +++ linux-2.6.24-rc3-mm1-smack/include/linux/capability.h 2007-11-25
> 21:38:34.0 -0800
> @@ -314,6 +314,23 @@ typedef struct kernel_cap_struct {
>
> #define CAP_SETFCAP 31
>
> +/* Override MAC access.
> + The base kernel enforces no MAC policy.
> + An LSM may enforce a MAC policy, and if it does and it chooses
> + to implement capability based overrides of that policy, this is
> + the capability it should use to do so. */
> +
> +#define CAP_MAC_OVERRIDE 32
> +
> +/* Allow MAC configuration or state changes.
> + The base kernel requires no MAC configuration.
> + An LSM may enforce a MAC policy, and if it does and it chooses
> + to implement capability based checks on modifications to that
> + policy or the data required to maintain it, this is the
> + capability it should use to do so. */
> +
> +#define CAP_MAC_ADMIN33
> +
> /*
> * Bit location of each capability (used by user-space library and kernel)
> */
> @@ -336,6 +353,8 @@ typedef struct kernel_cap_struct {
> | CAP_TO_MASK(CAP_FOWNER) \
> | CAP_TO_MASK(CAP_FSETID))
>
> +# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
> +
> #if _LINUX_CAPABILITY_U32S != 2
> # error Fix up hand-coded capability macro initializers
> #else /* HAND-CODED capability initializers */
> @@ -343,8 +362,9 @@ typedef struct kernel_cap_struct {
> # define CAP_EMPTY_SET{{ 0, 0 }}
> # define CAP_FULL_SET {{ ~0, ~0 }}
> # define CAP_INIT_EFF_SET {{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}
> -# define CAP_FS_SET {{ CAP_FS_MASK_B0, 0 }}
> -# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), 0
> }}
> +# define CAP_FS_SET {{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }
> +# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
> + CAP_FS_MASK_B1 } }
>
> #endif /* _LINUX_CAPABILITY_U32S != 2 */
>
> diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
> linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c
> linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c
> --- linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c2007-11-22
> 01:51:43.0 -0800
> +++ linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c 2007-11-24
> 11:29:29.0 -0800
> @@ -241,7 +241,7 @@ static ssize_t smk_write_load(struct fil
>* No partial writes.
>* Enough data must be present.
>*/
> - if (!capable(CAP_MAC_OVERRIDE))
> + if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
> if (*ppos != 0)
> return -EINVAL;
> @@ -474,7 +474,7 @@ static ssize_t smk_write_cipso(struct fi
>* No partial writes.
>* Enough data must be present.
>*/
> - if (!capable(CAP_MAC_OVERRIDE))
> + if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
> if (*ppos != 0)
> return -EINVAL;
> @@ -601,7 +601,7 @@ static ssize_t smk_write_doi(struct file
> char temp[80];
> int i;
>
> - if (!capable(CAP_MAC_OVERRIDE))
> + if (!capable(CAP_MAC_ADMIN))
> return -EPERM;
>
> if (count >= sizeof(temp) ||
[PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
From: Casey Schaufler <[EMAIL PROTECTED]>
This patch takes advantage of the increase in capability bits
to allocate capabilities for Mandatory Access Control. Whereas
Smack was overloading a previously allocated capability it is
now using a pair, one for overriding access control checks and
the other for changes to the MAC configuration.
The two capabilities allocated should be obvious in their intent.
The comments in capability.h are intended to make it clear that
there is no intention that implementations of MAC LSM modules
be any more constrained by the presence of these capabilities
than an implementation of DAC LSM modules are by the analogous
DAC capabilities.
Signed-off-by: Casey Schaufler <[EMAIL PROTECTED]>
---
The companion patch for libcap-2.02 is provided as an attachment.
The attachment is not a kernel patch, although it would be easy to
mistake it for one.
Introduces CAP_FS_MASK_B1 and uses it as appropriate. I think that
I found all the places it needs to be used, but don't hesitate to
let me know if I missed something.
Thank you.
include/linux/capability.h | 24 ++--
security/smack/smack.h |8
security/smack/smack_lsm.c |8
security/smack/smackfs.c | 12 ++--
4 files changed, 32 insertions(+), 20 deletions(-)
diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
linux-2.6.24-rc3-mm1-base/include/linux/capability.h
linux-2.6.24-rc3-mm1-smack/include/linux/capability.h
--- linux-2.6.24-rc3-mm1-base/include/linux/capability.h2007-11-22
01:51:36.0 -0800
+++ linux-2.6.24-rc3-mm1-smack/include/linux/capability.h 2007-11-25
21:38:34.0 -0800
@@ -314,6 +314,23 @@ typedef struct kernel_cap_struct {
#define CAP_SETFCAP 31
+/* Override MAC access.
+ The base kernel enforces no MAC policy.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based overrides of that policy, this is
+ the capability it should use to do so. */
+
+#define CAP_MAC_OVERRIDE 32
+
+/* Allow MAC configuration or state changes.
+ The base kernel requires no MAC configuration.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based checks on modifications to that
+ policy or the data required to maintain it, this is the
+ capability it should use to do so. */
+
+#define CAP_MAC_ADMIN33
+
/*
* Bit location of each capability (used by user-space library and kernel)
*/
@@ -336,6 +353,8 @@ typedef struct kernel_cap_struct {
| CAP_TO_MASK(CAP_FOWNER) \
| CAP_TO_MASK(CAP_FSETID))
+# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
+
#if _LINUX_CAPABILITY_U32S != 2
# error Fix up hand-coded capability macro initializers
#else /* HAND-CODED capability initializers */
@@ -343,8 +362,9 @@ typedef struct kernel_cap_struct {
# define CAP_EMPTY_SET{{ 0, 0 }}
# define CAP_FULL_SET {{ ~0, ~0 }}
# define CAP_INIT_EFF_SET {{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}
-# define CAP_FS_SET {{ CAP_FS_MASK_B0, 0 }}
-# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), 0 }}
+# define CAP_FS_SET {{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }
+# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
+CAP_FS_MASK_B1 } }
#endif /* _LINUX_CAPABILITY_U32S != 2 */
diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c
linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c
--- linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c 2007-11-22
01:51:43.0 -0800
+++ linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c 2007-11-24
11:29:29.0 -0800
@@ -241,7 +241,7 @@ static ssize_t smk_write_load(struct fil
* No partial writes.
* Enough data must be present.
*/
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (*ppos != 0)
return -EINVAL;
@@ -474,7 +474,7 @@ static ssize_t smk_write_cipso(struct fi
* No partial writes.
* Enough data must be present.
*/
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (*ppos != 0)
return -EINVAL;
@@ -601,7 +601,7 @@ static ssize_t smk_write_doi(struct file
char temp[80];
int i;
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (count >= sizeof(temp) || count == 0)
@@ -666,7 +666,7 @@ static ssize_t smk_write_direct(struct f
char temp[80];
int i;
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (count >= sizeof(temp) || count == 0)
@@ -747,7 +747,7 @@ static ssize_t
[PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
From: Casey Schaufler [EMAIL PROTECTED]
This patch takes advantage of the increase in capability bits
to allocate capabilities for Mandatory Access Control. Whereas
Smack was overloading a previously allocated capability it is
now using a pair, one for overriding access control checks and
the other for changes to the MAC configuration.
The two capabilities allocated should be obvious in their intent.
The comments in capability.h are intended to make it clear that
there is no intention that implementations of MAC LSM modules
be any more constrained by the presence of these capabilities
than an implementation of DAC LSM modules are by the analogous
DAC capabilities.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
---
The companion patch for libcap-2.02 is provided as an attachment.
The attachment is not a kernel patch, although it would be easy to
mistake it for one.
Introduces CAP_FS_MASK_B1 and uses it as appropriate. I think that
I found all the places it needs to be used, but don't hesitate to
let me know if I missed something.
Thank you.
include/linux/capability.h | 24 ++--
security/smack/smack.h |8
security/smack/smack_lsm.c |8
security/smack/smackfs.c | 12 ++--
4 files changed, 32 insertions(+), 20 deletions(-)
diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
linux-2.6.24-rc3-mm1-base/include/linux/capability.h
linux-2.6.24-rc3-mm1-smack/include/linux/capability.h
--- linux-2.6.24-rc3-mm1-base/include/linux/capability.h2007-11-22
01:51:36.0 -0800
+++ linux-2.6.24-rc3-mm1-smack/include/linux/capability.h 2007-11-25
21:38:34.0 -0800
@@ -314,6 +314,23 @@ typedef struct kernel_cap_struct {
#define CAP_SETFCAP 31
+/* Override MAC access.
+ The base kernel enforces no MAC policy.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based overrides of that policy, this is
+ the capability it should use to do so. */
+
+#define CAP_MAC_OVERRIDE 32
+
+/* Allow MAC configuration or state changes.
+ The base kernel requires no MAC configuration.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based checks on modifications to that
+ policy or the data required to maintain it, this is the
+ capability it should use to do so. */
+
+#define CAP_MAC_ADMIN33
+
/*
* Bit location of each capability (used by user-space library and kernel)
*/
@@ -336,6 +353,8 @@ typedef struct kernel_cap_struct {
| CAP_TO_MASK(CAP_FOWNER) \
| CAP_TO_MASK(CAP_FSETID))
+# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
+
#if _LINUX_CAPABILITY_U32S != 2
# error Fix up hand-coded capability macro initializers
#else /* HAND-CODED capability initializers */
@@ -343,8 +362,9 @@ typedef struct kernel_cap_struct {
# define CAP_EMPTY_SET{{ 0, 0 }}
# define CAP_FULL_SET {{ ~0, ~0 }}
# define CAP_INIT_EFF_SET {{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}
-# define CAP_FS_SET {{ CAP_FS_MASK_B0, 0 }}
-# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), 0 }}
+# define CAP_FS_SET {{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }
+# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
+CAP_FS_MASK_B1 } }
#endif /* _LINUX_CAPABILITY_U32S != 2 */
diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c
linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c
--- linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c 2007-11-22
01:51:43.0 -0800
+++ linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c 2007-11-24
11:29:29.0 -0800
@@ -241,7 +241,7 @@ static ssize_t smk_write_load(struct fil
* No partial writes.
* Enough data must be present.
*/
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (*ppos != 0)
return -EINVAL;
@@ -474,7 +474,7 @@ static ssize_t smk_write_cipso(struct fi
* No partial writes.
* Enough data must be present.
*/
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (*ppos != 0)
return -EINVAL;
@@ -601,7 +601,7 @@ static ssize_t smk_write_doi(struct file
char temp[80];
int i;
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (count = sizeof(temp) || count == 0)
@@ -666,7 +666,7 @@ static ssize_t smk_write_direct(struct f
char temp[80];
int i;
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (count = sizeof(temp) || count == 0)
@@ -747,7 +747,7 @@ static ssize_t
Re: [PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
Quoting Casey Schaufler ([EMAIL PROTECTED]):
From: Casey Schaufler [EMAIL PROTECTED]
This patch takes advantage of the increase in capability bits
to allocate capabilities for Mandatory Access Control. Whereas
Smack was overloading a previously allocated capability it is
now using a pair, one for overriding access control checks and
the other for changes to the MAC configuration.
The two capabilities allocated should be obvious in their intent.
The comments in capability.h are intended to make it clear that
there is no intention that implementations of MAC LSM modules
be any more constrained by the presence of these capabilities
than an implementation of DAC LSM modules are by the analogous
DAC capabilities.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Looks good from here.
Acked-by: Serge Hallyn [EMAIL PROTECTED]
---
The companion patch for libcap-2.02 is provided as an attachment.
The attachment is not a kernel patch, although it would be easy to
mistake it for one.
Introduces CAP_FS_MASK_B1 and uses it as appropriate. I think that
I found all the places it needs to be used, but don't hesitate to
let me know if I missed something.
Thank you.
include/linux/capability.h | 24 ++--
security/smack/smack.h |8
security/smack/smack_lsm.c |8
security/smack/smackfs.c | 12 ++--
4 files changed, 32 insertions(+), 20 deletions(-)
diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
linux-2.6.24-rc3-mm1-base/include/linux/capability.h
linux-2.6.24-rc3-mm1-smack/include/linux/capability.h
--- linux-2.6.24-rc3-mm1-base/include/linux/capability.h 2007-11-22
01:51:36.0 -0800
+++ linux-2.6.24-rc3-mm1-smack/include/linux/capability.h 2007-11-25
21:38:34.0 -0800
@@ -314,6 +314,23 @@ typedef struct kernel_cap_struct {
#define CAP_SETFCAP 31
+/* Override MAC access.
+ The base kernel enforces no MAC policy.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based overrides of that policy, this is
+ the capability it should use to do so. */
+
+#define CAP_MAC_OVERRIDE 32
+
+/* Allow MAC configuration or state changes.
+ The base kernel requires no MAC configuration.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based checks on modifications to that
+ policy or the data required to maintain it, this is the
+ capability it should use to do so. */
+
+#define CAP_MAC_ADMIN33
+
/*
* Bit location of each capability (used by user-space library and kernel)
*/
@@ -336,6 +353,8 @@ typedef struct kernel_cap_struct {
| CAP_TO_MASK(CAP_FOWNER) \
| CAP_TO_MASK(CAP_FSETID))
+# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
+
#if _LINUX_CAPABILITY_U32S != 2
# error Fix up hand-coded capability macro initializers
#else /* HAND-CODED capability initializers */
@@ -343,8 +362,9 @@ typedef struct kernel_cap_struct {
# define CAP_EMPTY_SET{{ 0, 0 }}
# define CAP_FULL_SET {{ ~0, ~0 }}
# define CAP_INIT_EFF_SET {{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}
-# define CAP_FS_SET {{ CAP_FS_MASK_B0, 0 }}
-# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), 0
}}
+# define CAP_FS_SET {{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }
+# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
+ CAP_FS_MASK_B1 } }
#endif /* _LINUX_CAPABILITY_U32S != 2 */
diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c
linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c
--- linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c2007-11-22
01:51:43.0 -0800
+++ linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c 2007-11-24
11:29:29.0 -0800
@@ -241,7 +241,7 @@ static ssize_t smk_write_load(struct fil
* No partial writes.
* Enough data must be present.
*/
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (*ppos != 0)
return -EINVAL;
@@ -474,7 +474,7 @@ static ssize_t smk_write_cipso(struct fi
* No partial writes.
* Enough data must be present.
*/
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (*ppos != 0)
return -EINVAL;
@@ -601,7 +601,7 @@ static ssize_t smk_write_doi(struct file
char temp[80];
int i;
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (count = sizeof(temp) || count == 0)
@@ -666,7 +666,7 @@ static ssize_t smk_write_direct(struct f
char temp[80];
int i;
- if
Re: [PATCH] -mm (2.4.26-rc3-mm1) v2 Smack using capabilities 32 and 33
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Signed-off-by: Andrew G. Morgan [EMAIL PROTECTED]
Cheers
Andrew
Casey Schaufler wrote:
From: Casey Schaufler [EMAIL PROTECTED]
This patch takes advantage of the increase in capability bits
to allocate capabilities for Mandatory Access Control. Whereas
Smack was overloading a previously allocated capability it is
now using a pair, one for overriding access control checks and
the other for changes to the MAC configuration.
The two capabilities allocated should be obvious in their intent.
The comments in capability.h are intended to make it clear that
there is no intention that implementations of MAC LSM modules
be any more constrained by the presence of these capabilities
than an implementation of DAC LSM modules are by the analogous
DAC capabilities.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
---
The companion patch for libcap-2.02 is provided as an attachment.
The attachment is not a kernel patch, although it would be easy to
mistake it for one.
Introduces CAP_FS_MASK_B1 and uses it as appropriate. I think that
I found all the places it needs to be used, but don't hesitate to
let me know if I missed something.
Thank you.
include/linux/capability.h | 24 ++--
security/smack/smack.h |8
security/smack/smack_lsm.c |8
security/smack/smackfs.c | 12 ++--
4 files changed, 32 insertions(+), 20 deletions(-)
diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
linux-2.6.24-rc3-mm1-base/include/linux/capability.h
linux-2.6.24-rc3-mm1-smack/include/linux/capability.h
--- linux-2.6.24-rc3-mm1-base/include/linux/capability.h 2007-11-22
01:51:36.0 -0800
+++ linux-2.6.24-rc3-mm1-smack/include/linux/capability.h 2007-11-25
21:38:34.0 -0800
@@ -314,6 +314,23 @@ typedef struct kernel_cap_struct {
#define CAP_SETFCAP 31
+/* Override MAC access.
+ The base kernel enforces no MAC policy.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based overrides of that policy, this is
+ the capability it should use to do so. */
+
+#define CAP_MAC_OVERRIDE 32
+
+/* Allow MAC configuration or state changes.
+ The base kernel requires no MAC configuration.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based checks on modifications to that
+ policy or the data required to maintain it, this is the
+ capability it should use to do so. */
+
+#define CAP_MAC_ADMIN33
+
/*
* Bit location of each capability (used by user-space library and kernel)
*/
@@ -336,6 +353,8 @@ typedef struct kernel_cap_struct {
| CAP_TO_MASK(CAP_FOWNER) \
| CAP_TO_MASK(CAP_FSETID))
+# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
+
#if _LINUX_CAPABILITY_U32S != 2
# error Fix up hand-coded capability macro initializers
#else /* HAND-CODED capability initializers */
@@ -343,8 +362,9 @@ typedef struct kernel_cap_struct {
# define CAP_EMPTY_SET{{ 0, 0 }}
# define CAP_FULL_SET {{ ~0, ~0 }}
# define CAP_INIT_EFF_SET {{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}
-# define CAP_FS_SET {{ CAP_FS_MASK_B0, 0 }}
-# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), 0
}}
+# define CAP_FS_SET {{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }
+# define CAP_NFSD_SET {{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
+ CAP_FS_MASK_B1 } }
#endif /* _LINUX_CAPABILITY_U32S != 2 */
diff -uprN -X linux-2.6.24-rc3-mm1-base/Documentation/dontdiff
linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c
linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c
--- linux-2.6.24-rc3-mm1-base/security/smack/smackfs.c2007-11-22
01:51:43.0 -0800
+++ linux-2.6.24-rc3-mm1-smack/security/smack/smackfs.c 2007-11-24
11:29:29.0 -0800
@@ -241,7 +241,7 @@ static ssize_t smk_write_load(struct fil
* No partial writes.
* Enough data must be present.
*/
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (*ppos != 0)
return -EINVAL;
@@ -474,7 +474,7 @@ static ssize_t smk_write_cipso(struct fi
* No partial writes.
* Enough data must be present.
*/
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (*ppos != 0)
return -EINVAL;
@@ -601,7 +601,7 @@ static ssize_t smk_write_doi(struct file
char temp[80];
int i;
- if (!capable(CAP_MAC_OVERRIDE))
+ if (!capable(CAP_MAC_ADMIN))
return -EPERM;
if (count = sizeof(temp) || count == 0)
@@ -666,7 +666,7 @@ static ssize_t smk_write_direct(struct f
char temp[80];
