Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges

[Alan Cox]

> Lets step back for a moment.  What is the common issue with both.
> 
> The issue is simple.  "How to I generically tell the secuirty system
> want particular restrictions."

You don't. It's not "the security system", its a whole collection of
completely different models of security and differing tools.

> There is no generic LSM API for application or users to talk to the
> LSM and say I want the following restricted.

That's a meaningless observation I think because security doesn't work
that way. Removing specific features from a specific piece of code
generally isn't a security feature - its only meaningful in the context
of a more general policy and that policy expression isn't generic.

> To control the LSM the applications are expected to know what the LSM.
>  This has caused items like chrome major issues.

..

> Application does not need to be informed what is disabled from it.

So why does it cause chrome problems ?


There are multiple security models because nobody can agree on what they
should look like, just like multiple desktops. Each of them is based on a
totally different conceptual model so the idea of a single interface to
them is a bit meaningless.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/