login
Login / Register
Header Space

 
 

Home » Mailing list archives » linux-kernel » 2007 » December » 10

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Stephen Smalley <sds@...>
To: David Howells <dhowells@...>
Cc: <viro@...>, <hch@...>, <Trond.Myklebust@...>, <casey@...>, <linux-kernel@...>, <selinux@...>, <linux-security-module@...>
Subject: Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]
Date: Monday, December 10, 2007 - 1:23 pm

On Mon, 2007-12-10 at 17:07 +0000, David Howells wrote:

Yes, setting to 0.

Otherwise, only other issue I have with this interface is it won't
generalize to dealing with nfsd, where we want to set the acting context
to a context we obtain from or determine based upon the client.

Why can't cachefilesd just push a context into the kernel and pass that
into the hook as the acting context, and then nfsd can do likewise using
the context provided by the client or obtained locally from exports for
ordinary clients?  Avoids the transition SID computation altogether
within the kernel and makes this more generic.

-- 
Stephen Smalley
National Security Agency

--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH 00/28] Permit filesystem local caching [try #2], David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 28/28] FS-Cache: Make kAFS use FS-Cache [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 27/28] AFS: Implement shared-writable mmap [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 26/28] AF_RXRPC: Save the operation ID for debugging ..., David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 25/28] AFS: Improve handling of a rejected writeback ..., David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 24/28] AFS: Add a function to excise a rejected write..., David Howells, (Wed Dec 5, 3:40 pm)
Re: [PATCH 24/28] AFS: Add a function to excise a rejected w..., Nick Piggin, (Fri Dec 14, 12:21 am)
[PATCH 23/28] AFS: Add TestSetPageError() [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 22/28] fcrypt endianness misannotations [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 21/28] NFS: Display local caching state [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 20/28] NFS: Configuration and mount option changes to..., David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 19/28] NFS: Use local caching [try #2], David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 18/28] CacheFiles: A cache that backs onto a mounted ..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 17/28] CacheFiles: Export things for CacheFiles [try ..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 16/28] CacheFiles: Permit the page lock state to be m..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 15/28] CacheFiles: Add a hook to write a single page ..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 14/28] CacheFiles: Be consistent about the use of map..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 13/28] CacheFiles: Add missing copy_page export for i..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 12/28] FS-Cache: Generic filesystem caching facility ..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 11/28] FS-Cache: Provide an add_wait_queue_tail() fun..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 10/28] FS-Cache: Recruit a couple of page flags for c..., David Howells, (Wed Dec 5, 3:39 pm)
Re: [PATCH 10/28] FS-Cache: Recruit a couple of page flags f..., Nick Piggin, (Fri Dec 14, 12:08 am)
[PATCH 09/28] FS-Cache: Release page-&gt;private after faile..., David Howells, (Wed Dec 5, 3:39 pm)
Re: [PATCH 09/28] FS-Cache: Release page-&gt;private after f..., Nick Piggin, (Thu Dec 13, 11:51 pm)
[PATCH 08/28] SECURITY: Allow kernel services to override LS..., David Howells, (Wed Dec 5, 3:38 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Mon Dec 10, 12:46 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Dec 10, 1:07 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Mon Dec 10, 1:23 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Jan 9, 12:51 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Jan 9, 2:11 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Jan 14, 10:01 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Jan 15, 10:56 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Tue Jan 15, 12:03 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Jan 15, 2:10 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Jan 15, 3:15 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Tue Jan 15, 5:55 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Jan 15, 6:23 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Jan 15, 12:08 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Mon Jan 14, 10:52 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Jan 14, 11:19 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Jan 14, 10:06 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Jan 15, 10:58 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Jan 23, 4:52 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., James Morris, (Wed Jan 23, 6:03 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Jan 9, 2:56 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Jan 9, 3:19 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Jan 10, 7:09 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Jan 9, 1:27 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Dec 10, 5:08 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Mon Dec 10, 5:27 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Mon Dec 10, 6:26 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Dec 10, 7:44 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Mon Dec 10, 7:56 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 2:34 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Dec 11, 3:26 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 3:56 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Dec 11, 4:40 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Dec 10, 7:36 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Mon Dec 10, 7:46 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 3:52 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 3:37 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Tue Dec 11, 4:42 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Dec 11, 5:18 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 5:34 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Tue Dec 11, 6:43 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Dec 11, 7:04 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 2:25 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 3:20 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 3:35 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:55 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Thu Dec 13, 10:51 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Dec 13, 12:03 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 3:29 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 11:25 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 12:51 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 2:34 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 3:44 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:32 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 3:49 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 4:09 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:29 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 2:12 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 2:29 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 3:37 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:52 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 3:33 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:49 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Thu Dec 13, 10:49 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Dec 13, 11:36 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Thu Dec 13, 12:23 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Dec 13, 1:01 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Thu Dec 13, 1:27 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Dec 13, 2:04 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Karl MacMillan, (Wed Dec 12, 10:41 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 10:53 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Karl MacMillan, (Wed Dec 12, 10:59 am)
[PATCH 07/28] SECURITY: De-embed task security record from t..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 06/28] SECURITY: Separate task security context from ..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 05/28] Security: Change current-&gt;fs[ug]id to curre..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 04/28] KEYS: Add keyctl function to get a security la..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 03/28] KEYS: Allow the callout data to be passed as a..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 02/28] KEYS: Check starting keyring as part of search..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 01/28] KEYS: Increase the payload size when instantia..., David Howells, (Wed Dec 5, 3:38 pm)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Recent Tags
more tags
Colocation donated by:
Who's online
There are currently 2 users and 775 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary