Re: [RFC][PATCH] Version6 - Simplified mandatory access control kernel implementation
On Tue, 24 Jul 2007, Casey Schaufler wrote:
> Thank you again for the help so far.
Please include the patch inline so it can be replied to.
In
+static ssize_t smk_write_cipso(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+ mutex_lock(&smack_cipso_lock);
...
if (scp == NULL) {
+ rc = -ENOMEM;
+ break;
+ }
breaks out of the top level loop without unlocking.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH try #3] security: Convert LSM into a static interface
On Tue, Jul 24, 2007 at 01:58:46AM -0700, Andrew Morton wrote: > On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH <[EMAIL PROTECTED]> wrote: > > > On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote: > > > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> > > > wrote: > > > > > > > Convert LSM into a static interface > > > > > > allmodconfig broke > > > > > > security/built-in.o: In function `rootplug_bprm_check_security': > > > security/root_plug.c:64: undefined reference to `usb_find_device' > > > security/root_plug.c:70: undefined reference to `usb_put_dev' > > > > That's wierd, who would have disabled the exports of those functions or > > removed the "#include " from this file? > > > > root_plug is linked into vmlinux and usb is modular. I did this: > > --- a/security/Kconfig~security-convert-lsm-into-a-static-interface-fix-2 > +++ a/security/Kconfig > @@ -82,7 +82,7 @@ config SECURITY_CAPABILITIES > > config SECURITY_ROOTPLUG > bool "Root Plug Support" > - depends on USB && SECURITY > + depends on USB=y && SECURITY > help > This is a sample LSM module that should only be used as such. > It prevents any programs running with egid == 0 if a specific That looks correct to me. thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC][PATCH] Version4 - Simplified mandatory access control kernel implementation
--- James Morris <[EMAIL PROTECTED]> wrote: > On Mon, 23 Jul 2007, Seth Arnold wrote: > > > Are GFP_KERNEL allocations kosher inside a spinlock? > > No, and building and testing with all of the lock debugging enabled should > show up many issues such as this. I will do this before the next patch version and henceforth after that. I had done it prior to the first version, but feel out of proper behavior. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC][PATCH] Version5 - Simplified mandatory access control kernel implementation
--- Joshua Brindle <[EMAIL PROTECTED]> wrote:
> Casey Schaufler wrote:
> >>> +static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
> >>> +{
> >>> + smack_t *ssp = smack_of_shm(shp);
> >>> + int rc;
> >>> +
> >>> + if (ssp == NULL)
> >>> + return 0;
> >>> +
> >>> + rc = smk_curacc(ssp, MAY_READWRITE);
> >>> + return rc;
> >>> +}
> >>>
> >> No read-only or write-only shm mappings?
> >>
> >
> > Still thinking about it.
> >
> >
>
> I think if you actually want to use this in a guard like policy you are
> going to need it (for at least shm and msgq).
Fair enough. Ok, I'm convinced. On the work queue it goes.
> BTW, you never responded
> to my last email about the granularity required to make a high
> throughput front channel and a low bandwidth backchannel for guards.
That's true. I'd like to wait until I have an answer that makes sense,
and as you've been following the thread you know that I have lots of
things to work out. I haven't forgotten you.
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC][PATCH] Version5 - Simplified mandatory access control kernel implementation
Casey Schaufler wrote:
+static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
+{
+ smack_t *ssp = smack_of_shm(shp);
+ int rc;
+
+ if (ssp == NULL)
+ return 0;
+
+ rc = smk_curacc(ssp, MAY_READWRITE);
+ return rc;
+}
No read-only or write-only shm mappings?
Still thinking about it.
I think if you actually want to use this in a guard like policy you are
going to need it (for at least shm and msgq). BTW, you never responded
to my last email about the granularity required to make a high
throughput front channel and a low bandwidth backchannel for guards.
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH try #3] security: Convert LSM into a static interface
On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH <[EMAIL PROTECTED]> wrote: > On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote: > > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> > > wrote: > > > > > Convert LSM into a static interface > > > > allmodconfig broke > > > > security/built-in.o: In function `rootplug_bprm_check_security': > > security/root_plug.c:64: undefined reference to `usb_find_device' > > security/root_plug.c:70: undefined reference to `usb_put_dev' > > That's wierd, who would have disabled the exports of those functions or > removed the "#include " from this file? > root_plug is linked into vmlinux and usb is modular. I did this: --- a/security/Kconfig~security-convert-lsm-into-a-static-interface-fix-2 +++ a/security/Kconfig @@ -82,7 +82,7 @@ config SECURITY_CAPABILITIES config SECURITY_ROOTPLUG bool "Root Plug Support" - depends on USB && SECURITY + depends on USB=y && SECURITY help This is a sample LSM module that should only be used as such. It prevents any programs running with egid == 0 if a specific _ I suppose we could do SECURITY_ROOTPLUG=m if USB=m, but I thought the whole point was to disallow modular LSM clients? - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH try #3] security: Convert LSM into a static interface
On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote: > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> > wrote: > > > Convert LSM into a static interface > > allmodconfig broke > > security/built-in.o: In function `rootplug_bprm_check_security': > security/root_plug.c:64: undefined reference to `usb_find_device' > security/root_plug.c:70: undefined reference to `usb_put_dev' That's wierd, who would have disabled the exports of those functions or removed the "#include " from this file? thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH try #3] security: Convert LSM into a static interface
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> wrote: > Convert LSM into a static interface allmodconfig broke security/built-in.o: In function `rootplug_bprm_check_security': security/root_plug.c:64: undefined reference to `usb_find_device' security/root_plug.c:70: undefined reference to `usb_put_dev' - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
