Re: [PATCH] Realtime LSM

From: Chris Wright
Date: Fri Oct 08 2004 - 16:48:26 EST

Next message: Greg KH: "Re: Driver core change request"
Previous message: Grzegorz Kulewski: "Re: [PATCH] Make gcc -align options .config-settable"
In reply to: Lee Revell: "Re: [PATCH] Realtime LSM"
Next in thread: Lee Revell: "Re: [PATCH] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Lee Revell (rlrevell@xxxxxxxxxxx) wrote:
> + # sysctl -w security/realtime/any=0
> + # sysctl -w security/realtime/gid=29
> + # sysctl -w security/realtime/mlock=1
> +

I think these should move to sysfs.

> +Jack O'Quin, joq@xxxxxx
> diff -ruN -X /home/joq/bin/kdiff.exclude linux-2.6.8.1/include/linux/sysctl.h linux-2.6.8.1-rt02/include/linux/sysctl.h
> --- linux-2.6.8.1/include/linux/sysctl.h Sat Aug 14 05:55:33 2004
> +++ linux-2.6.8.1-rt02/include/linux/sysctl.h Sun Oct 3 10:56:16 2004
> @@ -61,7 +61,14 @@
> CTL_DEV=7, /* Devices */
> CTL_BUS=8, /* Busses */
> CTL_ABI=9, /* Binary emulation */
> - CTL_CPU=10 /* CPU stuff (speed scaling, etc) */
> + CTL_CPU=10, /* CPU stuff (speed scaling, etc) */
> + CTL_SECURITY=11 /* Security modules */
> +};
> +
> +/* CTL_SECURITY names: */
> +enum
> +{
> + SECURITY_REALTIME=1 /* Realtime LSM */
> };

Without adding this extra bit.

> diff -ruN -X /home/joq/bin/kdiff.exclude linux-2.6.8.1/security/Kconfig linux-2.6.8.1-rt02/security/Kconfig
> --- linux-2.6.8.1/security/Kconfig Sat Aug 14 05:55:47 2004
> +++ linux-2.6.8.1-rt02/security/Kconfig Sun Oct 3 10:56:17 2004
> @@ -84,6 +84,17 @@
>
> If you are unsure how to answer this question, answer N.
>
> +config SECURITY_REALTIME
> + tristate "Realtime Capabilities"
> + depends on SECURITY && SECURITY_CAPABILITIES!=y

Capabilities can be disabled on boot command line.

> --- linux-2.6.8.1/security/realtime.c Wed Dec 31 18:00:00 1969
> +++ linux-2.6.8.1-rt02/security/realtime.c Mon Oct 4 21:35:41 2004
> +static int any = 0; /* if TRUE, any process is realtime */

unecessary init to 0

> +MODULE_PARM(any, "i");

please use module_param (bonus, you get free entry on command line when
non-modular, and entry in /sysfs if you want).

> +MODULE_PARM_DESC(any, " grant realtime privileges to any process.");
> +
> +static int gid = -1; /* realtime group id, or NO_GROUP */
> +MODULE_PARM(gid, "i");

module_param.

> +MODULE_PARM_DESC(gid, " the group ID with access to realtime privileges.");
> +
> +static int mlock = 1; /* enable mlock() privileges */
> +MODULE_PARM(mlock, "i");

module_param.

> +MODULE_PARM_DESC(mlock, " enable memory locking privileges.");
> +
> +/* helper function for testing group membership */
> +static inline int gid_ok(int gid, int e_gid) {
> + int i;
> + int rt_ok = 0;
> +
> + if (gid == -1)
> + return 0;
> +
> + if ((gid == e_gid) || (gid == current->gid))
> + return 1;
> +
> + get_group_info(current->group_info);
> + for (i = 0; i < current->group_info->ngroups; ++i) {
> + if (gid == GROUP_AT(current->group_info, i)) {
> + rt_ok = 1;
> + break;
> + }
> + }

why not in_group_p?

> + put_group_info(current->group_info);
> +
> + return rt_ok;
> +}
> +
> +int realtime_bprm_set_security(struct linux_binprm *bprm)
> +{
> + /* Copied from security/commoncap.c: cap_bprm_set_security()... */
> + /* Copied from fs/exec.c:prepare_binprm. */
> + /* We don't have VFS support for capabilities yet */
> + cap_clear(bprm->cap_inheritable);
> + cap_clear(bprm->cap_permitted);
> + cap_clear(bprm->cap_effective);
> +
> + /* If a non-zero `any' parameter was specified, we grant
> + * realtime privileges to every process. If the `gid'
> + * parameter was specified and it matches the group id of the
> + * executable, of the current process or any supplementary
> + * groups, we grant realtime capabilites.
> + */
> +
> + if (any || gid_ok(gid, bprm->e_gid)) {
> + cap_raise(bprm->cap_effective, CAP_SYS_NICE);
> + cap_raise(bprm->cap_permitted, CAP_SYS_NICE);
> + if (mlock) {
> + cap_raise(bprm->cap_effective, CAP_IPC_LOCK);
> + cap_raise(bprm->cap_permitted, CAP_IPC_LOCK);
> + cap_raise(bprm->cap_effective,
> + CAP_SYS_RESOURCE);
> + cap_raise(bprm->cap_permitted,
> + CAP_SYS_RESOURCE);
> + }
> + }

Maybe it would be better to call cap_bprm_set_security first, then or in
the bits you care about. That way you don't have to worry about any changes
over there.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: Driver core change request"
Previous message: Grzegorz Kulewski: "Re: [PATCH] Make gcc -align options .config-settable"
In reply to: Lee Revell: "Re: [PATCH] Realtime LSM"
Next in thread: Lee Revell: "Re: [PATCH] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]