Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

--- David Howells <[EMAIL PROTECTED]> wrote: > Casey Schaufler <[EMAIL PROTECTED]> wrote: > > > That happens to me when interfaces are described in SELinux terms. I > > still don't care much for multiple contexts, and I don't have a good > > grasp of how you'll deal with Smack, or any LSM other

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

--- David Howells <[EMAIL PROTECTED]> wrote: > Stephen Smalley <[EMAIL PROTECTED]> wrote: > > > From a config file whose pathname would be provided by libselinux (ala > > the way in which dbusd imports contexts), or directly as a context > > returned by a libselinux function. > > That sounds to

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

Casey Schaufler <[EMAIL PROTECTED]> wrote: > That happens to me when interfaces are described in SELinux terms. I > still don't care much for multiple contexts, and I don't have a good > grasp of how you'll deal with Smack, or any LSM other than SELinux. Me neither. I understand SELinux somewhat

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

Stephen Smalley <[EMAIL PROTECTED]> wrote: > From a config file whose pathname would be provided by libselinux (ala > the way in which dbusd imports contexts), or directly as a context > returned by a libselinux function. That sounds too SELinux specific. How do I do it so that it works for any

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

--- Stephen Smalley <[EMAIL PROTECTED]> wrote: > On Mon, 2007-12-10 at 21:08 +, David Howells wrote: > > Stephen Smalley <[EMAIL PROTECTED]> wrote: > > > > > Otherwise, only other issue I have with this interface is it won't > > > generalize to dealing with nfsd, where we want to set the act

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

On Mon, 2007-12-10 at 21:08 +, David Howells wrote: > Stephen Smalley <[EMAIL PROTECTED]> wrote: > > > Otherwise, only other issue I have with this interface is it won't > > generalize to dealing with nfsd, where we want to set the acting context > > to a context we obtain from or determine ba

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

Stephen Smalley <[EMAIL PROTECTED]> wrote: > Otherwise, only other issue I have with this interface is it won't > generalize to dealing with nfsd, where we want to set the acting context > to a context we obtain from or determine based upon the client. Are you speaking of security_kernel_act_as()

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

On Mon, 2007-12-10 at 17:07 +, David Howells wrote: > Stephen Smalley <[EMAIL PROTECTED]> wrote: > > > > + tsec->create_sid = SECINITSID_UNLABELED; > > > + tsec->keycreate_sid = SECINITSID_UNLABELED; > > > + tsec->sockcreate_sid = SECINITSID_UNLABELED; > > Cleared means what? Setting to 0?

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

Stephen Smalley <[EMAIL PROTECTED]> wrote: > > + tsec->create_sid = SECINITSID_UNLABELED; > > + tsec->keycreate_sid = SECINITSID_UNLABELED; > > + tsec->sockcreate_sid = SECINITSID_UNLABELED; Cleared means what? Setting to 0? Or is there some other constant I should use for that? David -

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

On Wed, 2007-12-05 at 19:38 +, David Howells wrote: > Allow kernel services to override LSM settings appropriate to the actions > performed by a task by duplicating a security record, modifying it and then > using task_struct::act_as to point to it when performing operations on behalf > of a ta