Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: latest diff
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Wed, 23 Mar 2005 08:51:29 -0500
Yes, feel free to suggest/submit patches (to the lsm mailing list and lkml) to add new LSM hooks to code where the existing capable call provides insufficient granularity, and then move the capable call into the hook function implementation for the dummy and capability modules. The goal should be to replace capable() calls with more flexible LSM hooks wherever it makes sense to do so, but doing that completely in the first round of LSM was viewed as impractical (e.g. >500 calls to capable in the kernel tree). Then for SELinux, you can define new permissions in the system class or create new classes as appropriate to provide finer-grained controls. Another item that ultimately needs to be addressed is the mapping of device and filesystem ioctls to more general permission check calls to the security module, so that interpretation can remain in the device and filesystem code but reasonable controls can be applied by security policies. This would be similar to what James Morris did for the netlink message types, although that presently relies on maintaining a separate netlink message type table for SELinux (which may be a maintenance problem in the long term, and certainly won't scale for ioctls). Another fun task would be to provide _real_ labeling and control of devices, not just device nodes in the filesystem, so that the ability to create device nodes doesn't allow one to sidestep access controls based on the device type. -- Stephen Smalley <sds@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 23 Mar 2005 - 08:59:12 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |