Re: LSM conversion to static interface

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: Linus Torvalds <torvalds@...>
Cc: Andreas Gruenbacher <agruen@...>, Thomas Fricaccia <thomas_fricacci@...>, Linux Kernel Mailing List <linux-kernel@...>, James Morris <jmorris@...>
Date: Saturday, October 20, 2007 - 7:05 am

On Oct 19 2007 13:40, Linus Torvalds wrote:

I do have a pseudo LSM called "multiadm" at 
http://freshmeat.net/p/multiadm/ , quoting:

	The MultiAdmin security framework kernel module provides a means 
	to have multiple "root" users with unique UIDs. This bypasses 
	collation order problems with NSCD, allows you to have files 
	with unique owners, and allows you to track the quota usage for 
	every "real" user. It also implements a "sub-admin", a partially 
	restricted root user who has full read-only access to most 
	subsystems, but write rights only to a limited subset, for 
	example writing to files or killing processes only of certain 
	users.

The use case is so that profs (taking the role of sub-admins), can 
operate on student's data/processes/etc. (quite often needed), but 
without having the full root privileges.

Policy is dead simple since it is based on UIDs. The UID ranges can be 
set on module load time or during runtime (sysfs params). This LSM is 
basically grants extra rights unlike most other LSMs[1], which is why 
modprobe makes much more sense here. (It also does not have to do any 
security labelling that would require it to be loaded at boot time 
already.)

Does that sound productive?



[1] SELinux: What I remember from coker.com.au's selinux test machine, 
everyone had UID 0 and instead had powers revoked.
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: LSM conversion to static interface, Linus Torvalds, (Wed Oct 17, 10:18 pm)
Re: Re: LSM conversion to static interface, Crispin Cowan, (Sun Oct 21, 9:12 pm)
Re: LSM conversion to static interface, Andreas Gruenbacher, (Fri Oct 19, 4:26 pm)
Re: LSM conversion to static interface, James Morris, (Fri Oct 19, 5:07 pm)
Re: LSM conversion to static interface, Linus Torvalds, (Fri Oct 19, 4:40 pm)
Re: LSM conversion to static interface, Jan Engelhardt, (Sat Oct 20, 7:05 am)
Re: LSM conversion to static interface, James Morris, (Sat Oct 20, 6:57 pm)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:13 am)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:09 am)
Re: LSM conversion to static interface [revert patch], James Morris, (Tue Oct 23, 12:56 am)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:57 am)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 1:16 am)
Re: LSM conversion to static interface [revert patch], Jeremy Fitzhardinge, (Tue Oct 23, 8:31 pm)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Wed Oct 24, 1:06 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 2:51 pm)
Re: eradicating out of tree modules, Adrian Bunk, (Sun Oct 28, 3:25 pm)
Re: eradicating out of tree modules, Tilman Schmidt, (Mon Oct 29, 8:29 pm)
Re: eradicating out of tree modules, linux-os (Dick Johnson), (Tue Oct 30, 9:11 am)
Re: eradicating out of tree modules, Greg KH, (Tue Oct 30, 11:30 am)
Re: eradicating out of tree modules, Xavier Bestel, (Tue Oct 30, 9:19 am)
Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 5:25 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 8:01 am)
Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 10:37 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 12:55 pm)
Re: eradicating out of tree modules, Simon Arlott, (Sun Oct 28, 10:59 am)
Re: eradicating out of tree modules, Stefan Richter, (Sat Oct 27, 1:31 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:23 pm)
Re: Linux Security *Module* Framework, Tilman Schmidt, (Sun Oct 28, 3:42 pm)
Re: Linux Security *Module* Framework, Jan Engelhardt, (Sun Oct 28, 4:46 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Thu Oct 25, 5:19 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Tue Oct 30, 5:41 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:37 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Wed Oct 24, 10:19 pm)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 8:32 pm)
Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:10 am)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 5:13 am)
Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:14 am)
Re: LSM conversion to static interface, Adrian Bunk, (Sun Oct 21, 6:59 pm)
Re: LSM conversion to static interface, Giacomo Catenazzi, (Tue Oct 23, 1:44 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 4:55 am)
Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:20 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 11:28 am)
Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:34 am)
Re: LSM conversion to static interface, Giacomo A. Catenazzi, (Tue Oct 23, 5:14 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:18 am)