Re: A Comment from User Space

From: Stephen Smalley (sdsat_private)
Date: Tue Apr 24 2001 - 05:52:22 PDT

  • Next message: Stephen Smalley: "Re: A Comment from User Space"

    Just to clarify about SELinux - SELinux provides a set of new system calls 
    that are extended forms of existing calls to allow modified and new
    applications to specify or obtain security attributes for a particular
    call rather than using the default behavior.  Examples of these
    kinds of calls include extended forms of execve, open, mkdir,
    stat, socket, connect, etc.  SELinux also provides a set of new system
    calls that export the security server interface for policy decisions to
    applications (naturally, the use of these calls is also under the control
    of the policy), so that policies can be defined that control access to
    application abstractions.  For example, a windowing system might be
    enhanced to provide labeling and separation of windows with controlled
    cut-and-paste, or a database management system might be enhanced
    to provide labeling and separation of individual database records
    stored in a single file.
    
    With regard to the number of calls, we only use 5 separate entrypoints,
    and we multiplex many different operations through several of our
    new entrypoints (e.g. all of the new file-related calls are multiplexed
    through a single entrypoint and all of the security server interfaces
    are multiplexed through a single entrypoint).  It would probably
    be sufficient to only have a single system call reserved for LSM,
    and multiplex requests through it.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    > At the extreme other end of the spectrum, SELinux adds 50 new or modified
    > system calls  http://www.nsa.gov/selinux/docs.html   The modified ones are just
    > targets for hooking.  The new ones presumably are there for a reason, and
    > LSM needs some kind of facility to support adding new system calls.  Mostly
    > IMHO we can do this by using the "reload the syscall table" hack, but to make
    > the ABI consistent, we should attempt to reserve a block of syscall numbers.
    > Two problems:
    > 
    >    * guessing the number needed
    >    * getting Linus to buy this argument :-)
    > 
    > Crispin
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 05:55:11 PDT