Re: A Comment from User Space

• Previous message: jmjonesat_private: "Re: A Comment from User Space"
• In reply to: Crispin Cowan: "Re: A Comment from User Space"
• Next in thread: Seth Arnold: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Reply: Seth Arnold: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just to clarify about SELinux - SELinux provides a set of new system calls 
that are extended forms of existing calls to allow modified and new
applications to specify or obtain security attributes for a particular
call rather than using the default behavior.  Examples of these
kinds of calls include extended forms of execve, open, mkdir,
stat, socket, connect, etc.  SELinux also provides a set of new system
calls that export the security server interface for policy decisions to
applications (naturally, the use of these calls is also under the control
of the policy), so that policies can be defined that control access to
application abstractions.  For example, a windowing system might be
enhanced to provide labeling and separation of windows with controlled
cut-and-paste, or a database management system might be enhanced
to provide labeling and separation of individual database records
stored in a single file.

With regard to the number of calls, we only use 5 separate entrypoints,
and we multiplex many different operations through several of our
new entrypoints (e.g. all of the new file-related calls are multiplexed
through a single entrypoint and all of the security server interfaces
are multiplexed through a single entrypoint).  It would probably
be sufficient to only have a single system call reserved for LSM,
and multiplex requests through it.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private




> At the extreme other end of the spectrum, SELinux adds 50 new or modified
> system calls  http://www.nsa.gov/selinux/docs.html   The modified ones are just
> targets for hooking.  The new ones presumably are there for a reason, and
> LSM needs some kind of facility to support adding new system calls.  Mostly
> IMHO we can do this by using the "reload the syscall table" hack, but to make
> the ABI consistent, we should attempt to reserve a block of syscall numbers.
> Two problems:
> 
>    * guessing the number needed
>    * getting Linus to buy this argument :-)
> 
> Crispin


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: A Comment from User Space"
• Previous message: jmjonesat_private: "Re: A Comment from User Space"
• In reply to: Crispin Cowan: "Re: A Comment from User Space"
• Next in thread: Seth Arnold: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Reply: Seth Arnold: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 05:55:11 PDT