Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management

[James Morris]

On Thu, 6 Oct 2005, David Howells wrote:

> > For example, sys_add_key() calls it with KEY_WRITE against the destination 
> > keyring.
> 
> Yes, but not in regard to the new key, which is what I thought you were
> implying.
> 
> Besides, it's logically two operations: create key and link key to
> keyring. The reason they have to be combined is that the key would be
> immediately destroyed if it wasn't attached to a keyring.

I had assumed that you didn't want a permission check just for creating a 
key (which is a fairly abstract and inert thing if you don't do anything 
with it), and were only wanting to peform a check when linking.

> The permissions check done on the keyring merely assures that the keyring can
> be modified, not that a new key may or may not actually be created.

Ok, time to add KEY_CREATE?

> > > > I don't think SELinux would care about this yet.  If so, the hook can be 
> > > > added later.
> > > 
> > > Auditing?
> > 
> > SELinux does not audit object creation, it will sometimes use a _post hook 
> > to update its internal state or perform the access control check for 
> > creating the object.
> 
> I meant the auditing service. Doesn't that use the security module hooks?

LSM is supposed to be about access control only, although SELinux and 
Audit are becoming more intimate as time passes.

[added Steve Grubb to the cc list, who is looking at LSPP audit 
requirements]



- James
-- 
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/