Re: LSM: memory and user-space interaction

Stephen Smalley wrote: On Tue, 2007-08-07 at 16:11 +0800, Cliffe wrote: ... Don't confuse kernel stack limitation with the ability to dynamically allocate memory in the kernel. How large is your policy? I'm guessing that SELinux reference policy is larger, e.g. from /proc/slabinfo: #

Re: file capabilities: clear fcaps on inode change (v3)

On Tue, 7 Aug 2007, Serge E. Hallyn wrote: > Yeah, I did that in v1, but didn't want to add two new security_ hooks. > But I'll send a v4 doing that. Yep, add what's actually needed. Continually having to jump through all of these hoops for LSM has gone beyond ridiculous. - James -- James

Re: file capabilities: clear fcaps on inode change (v3)

Quoting Trond Myklebust ([EMAIL PROTECTED]): > On Tue, 2007-08-07 at 17:17 -0500, Serge E. Hallyn wrote: > > > diff --git a/fs/splice.c b/fs/splice.c > > index e36c003..2df95f3 100644 > > --- a/fs/splice.c > > +++ b/fs/splice.c > > @@ -827,6 +827,12 @@ generic_file_splice_write(struct pipe_inode_i

Re: file capabilities: clear fcaps on inode change (v3)

On Tue, 2007-08-07 at 17:17 -0500, Serge E. Hallyn wrote: > diff --git a/fs/splice.c b/fs/splice.c > index e36c003..2df95f3 100644 > --- a/fs/splice.c > +++ b/fs/splice.c > @@ -827,6 +827,12 @@ generic_file_splice_write(struct pipe_inode_info *pipe, > struct file *out, > ssize_t ret; >

file capabilities: clear fcaps on inode change (v3)

>From 905b8352d5b2373666b4e18d4d9ffa41049e0a0a Mon Sep 17 00:00:00 2001 From: Serge E. Hallyn <[EMAIL PROTECTED]> Date: Tue, 7 Aug 2007 11:40:41 -0400 Subject: file capabilities: clear fcaps on inode change (v3) When a file with posix capabilities is overwritten, the file capabilities, like a setu

Re: [PATCH][RFC] V2 Remove SELinux dependencies from linux-audit via LSM

--- Stephen Smalley <[EMAIL PROTECTED]> wrote: > On Sun, 2007-08-05 at 17:03 -0700, Casey Schaufler wrote: > > From: Casey Schaufler <[EMAIL PROTECTED]> > > > > This patch interposes LSM interfaces between the audit system > > and SELinux. This helps make SELinux a cleaner LSM and clarifies > >

Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)

Quoting James Morris ([EMAIL PROTECTED]): > On Tue, 7 Aug 2007, Serge E. Hallyn wrote: > > > Shall I resend without the LSM_NEED_LOCK, or do you still want a more > > fundamental change? > > > Removing the needlock is enough, the rest was just a query/suggestion. Ok - I'll explictly lock the i_

Re: [PATCH][RFC] V2 Remove SELinux dependencies from linux-audit via LSM

On Sun, 2007-08-05 at 17:03 -0700, Casey Schaufler wrote: > From: Casey Schaufler <[EMAIL PROTECTED]> > > This patch interposes LSM interfaces between the audit system > and SELinux. This helps make SELinux a cleaner LSM and clarifies > the interfaces provided by the audit system. The audit system

Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)

On Tue, 7 Aug 2007, Serge E. Hallyn wrote: > Shall I resend without the LSM_NEED_LOCK, or do you still want a more > fundamental change? Removing the needlock is enough, the rest was just a query/suggestion. -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "u

Re: LSM: memory and user-space interaction

On Tue, 2007-08-07 at 16:11 +0800, Cliffe wrote: > G’day, > > I would really appreciate some advice. > > I realise the kernel has a small stack, and I imagine this will have a > greater impact on my LSM design than I originally thought. I would > really appreciate some input. > > My LSM has a

Re: [PATCH 1/1] file capabilities: don't ensure we break with 64-bit caps

On Mon, 6 Aug 2007, Serge E. Hallyn wrote: > +struct vfs_cap_data_v2 { > + __u32 magic_etc; /* Little endian */ > + struct { > + __u32 permitted_lo;/* Little endian */ > + __u32 permitted_hi;/* Little endian */ > + __u32 inheritable_lo; /* Litt

Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)

Quoting Stephen Smalley ([EMAIL PROTECTED]): > On Mon, 2007-08-06 at 13:52 -0500, Serge E. Hallyn wrote: > > >From 1376764cbb54243f088cf00c39000c4f4418f461 Mon Sep 17 00:00:00 2001 > > From: Serge E. Hallyn <[EMAIL PROTECTED]> > > Date: Mon, 6 Aug 2007 14:20:06 -0400 > > Subject: [PATCH 1/1] file c

Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)

Quoting James Morris ([EMAIL PROTECTED]): > On Mon, 6 Aug 2007, Serge E. Hallyn wrote: > > > + err = security_inode_killpriv(out->f_path.dentry, LSM_NEED_LOCK); > > + if (err) > > + return err; > > + > > err = should_remove_suid(out->f_path.dentry); > > if (unlikely(err)) { >

Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)

On Mon, 2007-08-06 at 13:52 -0500, Serge E. Hallyn wrote: > >From 1376764cbb54243f088cf00c39000c4f4418f461 Mon Sep 17 00:00:00 2001 > From: Serge E. Hallyn <[EMAIL PROTECTED]> > Date: Mon, 6 Aug 2007 14:20:06 -0400 > Subject: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2) > > When

Re: [PATCH 1/1] file capabilities: don't ensure we break with 64-bit caps

Quoting Andrew Morgan ([EMAIL PROTECTED]): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Serge E. Hallyn wrote: > >> So far as I can see there are two types of issue: > >> > >> - a new capability comes along - it is needed to run an app > > > > As an example, CAP_AUDIT_WRITE and CAP_AUDI

Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)

On Mon, 6 Aug 2007, Serge E. Hallyn wrote: > + err = security_inode_killpriv(out->f_path.dentry, LSM_NEED_LOCK); > + if (err) > + return err; > + > err = should_remove_suid(out->f_path.dentry); > if (unlikely(err)) { > mutex_lock(&inode->i_mutex); It

LSM: memory and user-space interaction

G’day, I would really appreciate some advice. I realise the kernel has a small stack, and I imagine this will have a greater impact on my LSM design than I originally thought. I would really appreciate some input. My LSM has a hierarchical policy structure which is made up of a (relatively)