Re: [BK PATCH] LSM changes for 2.5.59

From: Stephen D. Smalley (sds@epoch.ncsc.mil)
Date: Thu Feb 06 2003 - 10:02:37 EST

Next message: Vojtech Pavlik: "[patch] Fixes to make x86-64 arch compile"
Previous message: Alan Cox: "Re: [PATCH] PATCH: add framework for ndelay (nanoseconds)"
Maybe in reply to: Greg KH: "[BK PATCH] LSM changes for 2.5.59"
Next in thread: Christoph Hellwig: "Re: [BK PATCH] LSM changes for 2.5.59"
Reply: Christoph Hellwig: "Re: [BK PATCH] LSM changes for 2.5.59"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Christoph Hellwig wrote:
> The wrong thing here is that you pass in the object itself, not
> it's ACC-relevant attributes.

That's no different than permission(), and it is the style of interface
suggested by Linus originally for LSM. SELinux did provide an
interface more akin to what you describe (passing the security
identifiers of the process and relevant objects and a value indicating
the operation). But SELinux was also more tightly integrated into the
kernel. The original guidance for LSM was to simply pass the objects
and to use separate hooks for different operations, moving the
processing entirely into the module.

Bringing this all up now is definitely pointless. LSM wasn't developed
in secret, and you could have made your case for a different
approach/interface at the very beginning. If you had made a case early
on, and had gotten Linus to sign off on it, then we certainly wouldn't
have objected to such an approach.

> No it seems not pointless. You add tons of undesigned cruft to 2.5 that
> will have to be maintained through all of 2.6. unless Linus hopefully
> pulls the plug soon enough. You still haven't even submitted a single
> example that actually uses LSM into mainline.

Not undesigned, but designed to meet guidance with which you disagree.
There is a difference.

The capabilities module is one example, albeit a limited one. As for
modules like SELinux, it seems better to wait until all of the
necessary hooks have either been accepted or definitively rejected
before submitting an adapted form of the module for mainline. After
this set of changes, the only thing remaining is the networking hooks,
which have already gone through a feedback cycle with the networking
maintainers and are being pruned and revised accordingly.

-- Stephen Smalley, NSA sds@epoch.ncsc.mil

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Vojtech Pavlik: "[patch] Fixes to make x86-64 arch compile"
Previous message: Alan Cox: "Re: [PATCH] PATCH: add framework for ndelay (nanoseconds)"
Maybe in reply to: Greg KH: "[BK PATCH] LSM changes for 2.5.59"
Next in thread: Christoph Hellwig: "Re: [BK PATCH] LSM changes for 2.5.59"
Reply: Christoph Hellwig: "Re: [BK PATCH] LSM changes for 2.5.59"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Feb 07 2003 - 22:00:20 EST