Re: [PATCH 4/7] Teach SELinux about a new userfaultfd class

From: Andy Lutomirski
Date: Sat Oct 12 2019 - 19:11:10 EST

Next message: Andy Lutomirski: "Re: [PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API."
Previous message: Linus Torvalds: "Re: [PATCH 1/7 v2] tracefs: Revert ccbd54ff54e8 ("tracefs: Restrict tracefs when the kernel is locked down")"
In reply to: Daniel Colascione: "[PATCH 4/7] Teach SELinux about a new userfaultfd class"
Next in thread: Daniel Colascione: "Re: [PATCH 4/7] Teach SELinux about a new userfaultfd class"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Oct 12, 2019 at 12:16 PM Daniel Colascione <dancol@xxxxxxxxxx> wrote:
>
> Use the secure anonymous inode LSM hook we just added to let SELinux
> policy place restrictions on userfaultfd use. The create operation
> applies to processes creating new instances of these file objects;
> transfer between processes is covered by restrictions on read, write,
> and ioctl access already checked inside selinux_file_receive.

This is great, and I suspect we'll want it for things like SGX, too.
But the current design seems like it will make it essentially
impossible for SELinux to reference an anon_inode class whose
file_operations are in a module, and moving file_operations out of a
module would be nasty.

Could this instead be keyed off a new struct anon_inode_class, an
enum, or even just a string?

--Andy

Next message: Andy Lutomirski: "Re: [PATCH 3/7] Add a UFFD_SECURE flag to the userfaultfd API."
Previous message: Linus Torvalds: "Re: [PATCH 1/7 v2] tracefs: Revert ccbd54ff54e8 ("tracefs: Restrict tracefs when the kernel is locked down")"
In reply to: Daniel Colascione: "[PATCH 4/7] Teach SELinux about a new userfaultfd class"
Next in thread: Daniel Colascione: "Re: [PATCH 4/7] Teach SELinux about a new userfaultfd class"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]