Re: [PATCH] Keys: Add LSM hooks for key management

From: serue
Date: Wed Oct 05 2005 - 13:41:32 EST

Next message: Horst von Brand: "Re: what's next for the linux kernel?"
Previous message: Marty Ridgeway: "[ANNOUNCE] October Release of LTP"
In reply to: James Morris: "Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management"
Next in thread: Chris Wright: "Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> +int key_task_permission(const key_ref_t key_ref,
> + struct task_struct *context,
> + key_perm_t perm)
> +{
> + struct key *key;
> + key_perm_t kperm;
> + int ret;
> +
> + /* let the security module have first say
> + * - it should return:
> + * +ve to grant access
> + * 0 to deny access
> + * -ve to fall back to normal permission checking
> + */
> + ret = security_key_permission(key_ref, context, perm);
> + if (ret >= 0)
> + return ret;

Hmm, my only problem here is that this is nonstandard compared to
expected return values from other security_ authorization hooks.
Could this be switched to

-ve : deny access (and return the error)
0: grant access
+ve: fall back to normal permission checking

Actually that's still nonstandard. On the whole, LSM only
restricts, does not authorize, with capable() being the notable
exception. Is there good reason to allow LSMs to fully authorize
in this case?

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Horst von Brand: "Re: what's next for the linux kernel?"
Previous message: Marty Ridgeway: "[ANNOUNCE] October Release of LTP"
In reply to: James Morris: "Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management"
Next in thread: Chris Wright: "Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]