login
Login / Register
Header Space

 
 

Home » Mailing list archives » linux-kernel » 2008 » January » 14

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
From: David Howells <dhowells@...>
To: <unlisted-recipients@...>, <@...>
Cc: <dhowells@...>, Stephen Smalley <sds@...>, Daniel J Walsh <dwalsh@...>, <casey@...>, <linux-kernel@...>, <selinux@...>, <linux-security-module@...>
Subject: Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]
Date: Monday, January 14, 2008 - 10:06 am

David Howells <dhowells@redhat.com> wrote:


FYI, I added the following vectors:

	# kernel services that need to override task security
	class kernel_service
	{
		use_as_override
		create_files_as
	}

The first allows:

	avc_has_perm(daemon_tsec->sid, nominated_sid,
		     SECCLASS_KERNEL_SERVICE,
		     KERNEL_SERVICE__USE_AS_OVERRIDE,
		     NULL);

And the second something like:

	avc_has_perm(tsec->sid, inode->sid,
		     SECCLASS_KERNEL_SERVICE,
		     KERNEL_SERVICE__CREATE_FILES_AS,
		     NULL);

Rather than specifically dedicating them to the cache, I made them general.

David
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH 00/28] Permit filesystem local caching [try #2], David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 28/28] FS-Cache: Make kAFS use FS-Cache [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 27/28] AFS: Implement shared-writable mmap [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 26/28] AF_RXRPC: Save the operation ID for debugging ..., David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 25/28] AFS: Improve handling of a rejected writeback ..., David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 24/28] AFS: Add a function to excise a rejected write..., David Howells, (Wed Dec 5, 3:40 pm)
Re: [PATCH 24/28] AFS: Add a function to excise a rejected w..., Nick Piggin, (Fri Dec 14, 12:21 am)
[PATCH 23/28] AFS: Add TestSetPageError() [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 22/28] fcrypt endianness misannotations [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 21/28] NFS: Display local caching state [try #2], David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 20/28] NFS: Configuration and mount option changes to..., David Howells, (Wed Dec 5, 3:40 pm)
[PATCH 19/28] NFS: Use local caching [try #2], David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 18/28] CacheFiles: A cache that backs onto a mounted ..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 17/28] CacheFiles: Export things for CacheFiles [try ..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 16/28] CacheFiles: Permit the page lock state to be m..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 15/28] CacheFiles: Add a hook to write a single page ..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 14/28] CacheFiles: Be consistent about the use of map..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 13/28] CacheFiles: Add missing copy_page export for i..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 12/28] FS-Cache: Generic filesystem caching facility ..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 11/28] FS-Cache: Provide an add_wait_queue_tail() fun..., David Howells, (Wed Dec 5, 3:39 pm)
[PATCH 10/28] FS-Cache: Recruit a couple of page flags for c..., David Howells, (Wed Dec 5, 3:39 pm)
Re: [PATCH 10/28] FS-Cache: Recruit a couple of page flags f..., Nick Piggin, (Fri Dec 14, 12:08 am)
[PATCH 09/28] FS-Cache: Release page-&gt;private after faile..., David Howells, (Wed Dec 5, 3:39 pm)
Re: [PATCH 09/28] FS-Cache: Release page-&gt;private after f..., Nick Piggin, (Thu Dec 13, 11:51 pm)
[PATCH 08/28] SECURITY: Allow kernel services to override LS..., David Howells, (Wed Dec 5, 3:38 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Mon Dec 10, 12:46 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Dec 10, 1:07 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Mon Dec 10, 1:23 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Jan 9, 12:51 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Jan 9, 2:11 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Jan 14, 10:01 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Jan 15, 10:56 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Tue Jan 15, 12:03 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Jan 15, 2:10 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Jan 15, 3:15 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Tue Jan 15, 5:55 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Jan 15, 6:23 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Jan 15, 12:08 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Mon Jan 14, 10:52 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Jan 14, 11:19 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Jan 14, 10:06 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Jan 15, 10:58 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Jan 23, 4:52 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., James Morris, (Wed Jan 23, 6:03 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Jan 9, 2:56 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Jan 9, 3:19 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Jan 10, 7:09 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Jan 9, 1:27 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Dec 10, 5:08 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Mon Dec 10, 5:27 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Mon Dec 10, 6:26 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Dec 10, 7:44 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Mon Dec 10, 7:56 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 2:34 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Dec 11, 3:26 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 3:56 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Dec 11, 4:40 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Mon Dec 10, 7:36 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Mon Dec 10, 7:46 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 3:52 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 3:37 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Tue Dec 11, 4:42 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Dec 11, 5:18 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Tue Dec 11, 5:34 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Tue Dec 11, 6:43 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Tue Dec 11, 7:04 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 2:25 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 3:20 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 3:35 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:55 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Thu Dec 13, 10:51 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Dec 13, 12:03 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 3:29 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 11:25 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 12:51 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 2:34 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 3:44 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:32 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 3:49 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 4:09 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:29 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 2:12 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 2:29 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Casey Schaufler, (Wed Dec 12, 3:37 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:52 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Wed Dec 12, 3:33 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 6:49 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Thu Dec 13, 10:49 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Dec 13, 11:36 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Thu Dec 13, 12:23 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Dec 13, 1:01 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Stephen Smalley, (Thu Dec 13, 1:27 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Thu Dec 13, 2:04 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Karl MacMillan, (Wed Dec 12, 10:41 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., David Howells, (Wed Dec 12, 10:53 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overrid..., Karl MacMillan, (Wed Dec 12, 10:59 am)
[PATCH 07/28] SECURITY: De-embed task security record from t..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 06/28] SECURITY: Separate task security context from ..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 05/28] Security: Change current-&gt;fs[ug]id to curre..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 04/28] KEYS: Add keyctl function to get a security la..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 03/28] KEYS: Allow the callout data to be passed as a..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 02/28] KEYS: Check starting keyring as part of search..., David Howells, (Wed Dec 5, 3:38 pm)
[PATCH 01/28] KEYS: Increase the payload size when instantia..., David Howells, (Wed Dec 5, 3:38 pm)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Colocation donated by:
Who's online
There are currently 4 users and 851 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary