Re: [RFC][PATCH] Version6 - Simplified mandatory access control kernel implementation
On Tue, 24 Jul 2007, Casey Schaufler wrote: > Thank you again for the help so far. Please include the patch inline so it can be replied to. In +static ssize_t smk_write_cipso(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + mutex_lock(&smack_cipso_lock); ... if (scp == NULL) { + rc = -ENOMEM; + break; + } breaks out of the top level loop without unlocking. - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH try #3] security: Convert LSM into a static interface
On Tue, Jul 24, 2007 at 01:58:46AM -0700, Andrew Morton wrote: > On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH <[EMAIL PROTECTED]> wrote: > > > On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote: > > > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> > > > wrote: > > > > > > > Convert LSM into a static interface > > > > > > allmodconfig broke > > > > > > security/built-in.o: In function `rootplug_bprm_check_security': > > > security/root_plug.c:64: undefined reference to `usb_find_device' > > > security/root_plug.c:70: undefined reference to `usb_put_dev' > > > > That's wierd, who would have disabled the exports of those functions or > > removed the "#include " from this file? > > > > root_plug is linked into vmlinux and usb is modular. I did this: > > --- a/security/Kconfig~security-convert-lsm-into-a-static-interface-fix-2 > +++ a/security/Kconfig > @@ -82,7 +82,7 @@ config SECURITY_CAPABILITIES > > config SECURITY_ROOTPLUG > bool "Root Plug Support" > - depends on USB && SECURITY > + depends on USB=y && SECURITY > help > This is a sample LSM module that should only be used as such. > It prevents any programs running with egid == 0 if a specific That looks correct to me. thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC][PATCH] Version4 - Simplified mandatory access control kernel implementation
--- James Morris <[EMAIL PROTECTED]> wrote: > On Mon, 23 Jul 2007, Seth Arnold wrote: > > > Are GFP_KERNEL allocations kosher inside a spinlock? > > No, and building and testing with all of the lock debugging enabled should > show up many issues such as this. I will do this before the next patch version and henceforth after that. I had done it prior to the first version, but feel out of proper behavior. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC][PATCH] Version5 - Simplified mandatory access control kernel implementation
--- Joshua Brindle <[EMAIL PROTECTED]> wrote: > Casey Schaufler wrote: > >>> +static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) > >>> +{ > >>> + smack_t *ssp = smack_of_shm(shp); > >>> + int rc; > >>> + > >>> + if (ssp == NULL) > >>> + return 0; > >>> + > >>> + rc = smk_curacc(ssp, MAY_READWRITE); > >>> + return rc; > >>> +} > >>> > >> No read-only or write-only shm mappings? > >> > > > > Still thinking about it. > > > > > > I think if you actually want to use this in a guard like policy you are > going to need it (for at least shm and msgq). Fair enough. Ok, I'm convinced. On the work queue it goes. > BTW, you never responded > to my last email about the granularity required to make a high > throughput front channel and a low bandwidth backchannel for guards. That's true. I'd like to wait until I have an answer that makes sense, and as you've been following the thread you know that I have lots of things to work out. I haven't forgotten you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC][PATCH] Version5 - Simplified mandatory access control kernel implementation
Casey Schaufler wrote: +static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) +{ + smack_t *ssp = smack_of_shm(shp); + int rc; + + if (ssp == NULL) + return 0; + + rc = smk_curacc(ssp, MAY_READWRITE); + return rc; +} No read-only or write-only shm mappings? Still thinking about it. I think if you actually want to use this in a guard like policy you are going to need it (for at least shm and msgq). BTW, you never responded to my last email about the granularity required to make a high throughput front channel and a low bandwidth backchannel for guards. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH try #3] security: Convert LSM into a static interface
On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH <[EMAIL PROTECTED]> wrote: > On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote: > > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> > > wrote: > > > > > Convert LSM into a static interface > > > > allmodconfig broke > > > > security/built-in.o: In function `rootplug_bprm_check_security': > > security/root_plug.c:64: undefined reference to `usb_find_device' > > security/root_plug.c:70: undefined reference to `usb_put_dev' > > That's wierd, who would have disabled the exports of those functions or > removed the "#include " from this file? > root_plug is linked into vmlinux and usb is modular. I did this: --- a/security/Kconfig~security-convert-lsm-into-a-static-interface-fix-2 +++ a/security/Kconfig @@ -82,7 +82,7 @@ config SECURITY_CAPABILITIES config SECURITY_ROOTPLUG bool "Root Plug Support" - depends on USB && SECURITY + depends on USB=y && SECURITY help This is a sample LSM module that should only be used as such. It prevents any programs running with egid == 0 if a specific _ I suppose we could do SECURITY_ROOTPLUG=m if USB=m, but I thought the whole point was to disallow modular LSM clients? - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH try #3] security: Convert LSM into a static interface
On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote: > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> > wrote: > > > Convert LSM into a static interface > > allmodconfig broke > > security/built-in.o: In function `rootplug_bprm_check_security': > security/root_plug.c:64: undefined reference to `usb_find_device' > security/root_plug.c:70: undefined reference to `usb_put_dev' That's wierd, who would have disabled the exports of those functions or removed the "#include " from this file? thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH try #3] security: Convert LSM into a static interface
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> wrote: > Convert LSM into a static interface allmodconfig broke security/built-in.o: In function `rootplug_bprm_check_security': security/root_plug.c:64: undefined reference to `usb_find_device' security/root_plug.c:70: undefined reference to `usb_put_dev' - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html