Re: Other LSM modules (i.e. ACLs)

From: Crispin Cowan (crispinat_private)
Date: Mon Apr 16 2001 - 15:16:33 PDT

  • Next message: aleph1at_private: "Re: Other LSM modules (i.e. ACLs)"

    Andrew Morgan wrote:
    
    > Crispin Cowan wrote:
    > > > Is there
    > > > anyone on the list from the Extended Attributes and ACL project?
    > > We would like there to be :-)  My chat over the weekend about extended attributes
    > > pertains directly to projects like ACL.  However, my design philosophy here is to *not*
    > > include something unless someone with a module and serious intent to use the LSM steps
    > > forward and says "I need <foo hook>" and presents a solid case for why it can't be done
    > > with the existing hooks.
    >
    > Note, capabilities (as defined by the POSIX.1e document) require
    > something method of storing capabilities in association with files. The
    > patches that I've written, as part of the linux-privs project, make use
    > of these same Extended Attributes.
    >
    > When you say you are committed to supporting POSIX.1e capabilities, are
    > you saying to supporting the capability functionality that the kernel
    > currently supports, or "the POSIX.1e" capabilities?
    
    I meant the stuff currently supported by the kernel, not the full POSIX spec.  LSM does not
    address the limitations that prevent full POSIX.1e implementation:  the provision of meta
    data storage.
    
    There was an extensive thread here (some where :-) about meta data and extended attributes
    support.  My basic proposal is that LSM should not provide any persistent storage of meta
    data, but should allow the modules to get at the meta data storage of their choice.  There
    are (now, thanks Aleph) three known storage repositories for persistent meta data:
    
       * put it in a conf file:  used by SubDomain and LIDS, among others
       * extended attributes in the file system:  required by full POSIX.1e capabilities, but
         not supported by common Linux file systems, and thus Linux capabilities are not fully
         POSIX.1e compliant
       * aleph's network repository method
    
    LSM should not actually provide any of these methods.  We just need to make sure we stay out
    of their way.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 15:19:02 PDT