[patch 0/12] lsm stacking v0.2: intro

From: serue
Date: Thu Jun 30 2005 - 14:43:43 EST

Next message: Avuton Olrich: "Re: FUSE merging?"
Previous message: David GÃmez: "Re: Problem with inotify"
Next in thread: serue: "[patch 3/12] lsm stacking v0.2: introduce security_*_value API"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

The set of patches to follow introduces support for stacking LSMs.
This is its second posting to lkml. I am sending it out in the hopes of
soliciting feedback and testing, with the obvious eventual goal of
mainline adoption.

The patches mainly do the following:

1. Introduce the stacker LSM.
2. Change the kernel object void * security fields to be hlists,
and introduce an api for modules to share these.
3. Modify SELinux to make use of stacker.
4. Modify seclvl to use stacker.

Motivation:

The purpose of these patches is to enable stacking multiple security
modules. There are several cases where this would be very useful. It
eases the testing of new modules with distro kernels, as it makes it
possible to stack new modules with selinux and capabilities -- for
instance if a user is running fedora. Second, it enables running
selinux (or LIDS, etc) with integrity verification modules. (Digsig is
an example of these, and within a few months hopefully the TPM-enabled
slim+evm modules, which verifies integrity of file contents and extended
attributes such as selinux contexts
(http://www.acsac.org/2004/workshop/David-Safford.pdf) will be released
for mainline inclusion). Thirdly, there are systems where running
selinux is not practical for footprint reasons, and the security goals
are easily expressed as a very small module. For instance, it might
be desirable to confine a web browser on a zaurus, or to implement a
site security policy on old hardware as per
http://mail.wirex.com/pipermail/linux-security-module/2005-May/6071.html

Performance impact of the actual stacker module is negligable. The
security_{get,set,del,add}_value API does have a small performance
impact. Please see
http://marc.theaimsgroup.com/?l=linux-security-module&m=111820455332752&w=2
and
http://marc.theaimsgroup.com/?l=linux-security-module&m=111824326500837&w=2
if interested in the performance results. I am certainly interested in
ways to further speed up security_get_value.

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Avuton Olrich: "Re: FUSE merging?"
Previous message: David GÃmez: "Re: Problem with inotify"
Next in thread: serue: "[patch 3/12] lsm stacking v0.2: introduce security_*_value API"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]