Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel
From: James Morris
Date: Thu Sep 27 2018 - 17:45:25 EST
On Wed, 26 Sep 2018, Casey Schaufler wrote:
> + /*
> + * Namespace checks. Considered safe if:
> + * cgroup namespace is the same
> + * User namespace is the same
> + * PID namespace is the same
> + */
> + if (current->nsproxy)
> + ccgn = current->nsproxy->cgroup_ns;
> + if (p->nsproxy)
> + pcgn = p->nsproxy->cgroup_ns;
> + if (ccgn != pcgn)
> + return -EACCES;
> + if (current->cred->user_ns != p->cred->user_ns)
> + return -EACCES;
> + if (task_active_pid_ns(current) != task_active_pid_ns(p))
> + return -EACCES;
> + return 0;
I really don't like the idea of hard-coding namespace security semantics
in an LSM. Also, I'm not sure if these semantics make any sense.
It least make it user configurable.
--
James Morris
<jmorris@xxxxxxxxx>