Re: [PATCH] remove sys_security

From: Russell Coker (russell@coker.com.au)
Date: Thu Oct 24 2002 - 03:45:44 EST

Next message: Denis Vlasenko: "Re: EISA AIC7XXX not detected"
Previous message: Andrew Morton: "Re: writepage return value check in vmscan.c"
In reply to: Nathan Scott: "Re: [PATCH] remove sys_security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 24 Oct 2002 08:26, Nathan Scott wrote:
> > Also, the EA API lacks support for
> > creating files with specified security attributes (as opposed to creating
> > and then calling setxattr to change the attributes, possibly after
> > someone has already obtained access to the file), so it isn't ideal for
> > our purposes anyway.
>
> This is not a shortcoming of the xattr interfaces, they do what
> they were designed to do. I think the only interfaces suited to
> setting up things in the way you've described are create, mkdir,
> mknod, and co. It isn't clear to me how sys_security helps in
> this situation? -- it would also seem to be non-atomic wrt the
> inode creation syscalls, in the same way the xattr calls are.

Currently sys_security is used to implement open_secure(), mkdir_secure(), etc
which do this atomically.

> The ACL code has to address a similar problem to the one you've
> described - if a directory has a default ACL set on it, then new
> children must be created with that ACL. This is implemented by
> giving filesystems knowledge of the semantics of this attribute,
> and having them create the ACL along with the inode if need be.

SE Linux needs that functionality, but also it needs the ability to support
file type automatic transition rules, for example when a program in fingerd_t
domain creates a file in a directory of var_log_t then the file will have
type var_log_fingerd_t. But this doesn't require any extra system calls
either.

What requires more system calls is the logrotate program which has to create
new log files with the same security context as the log file it renamed.

I suggest that you check the archives for the full thread as it explains all
this and more in detail.

-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Denis Vlasenko: "Re: EISA AIC7XXX not detected"
Previous message: Andrew Morton: "Re: writepage return value check in vmscan.c"
In reply to: Nathan Scott: "Re: [PATCH] remove sys_security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:22 EST