Re: Port of secure fd handling to LSM

From: richard offer (offerat_private)
Date: Tue Aug 07 2001 - 07:47:45 PDT

  • Next message: Greg KH: "Re: Port of secure fd handling to LSM"

    * frm gregat_private "08/06/01 18:39:50 -0700" | sed '1,$s/^/* /'
    * On Mon, Aug 06, 2001 at 05:50:51PM -0700, richard offer wrote:
    *> Can we have our fds in now please ? :-)
    * But didn't you just prove that they are not needed?  This patch doesn't
    * need them.  I don't understand.
    Back on Jul 24 Crispin said...
      * So how about someone who is motivated to get fd's into the LSM patch 
      * (either SGI or someone else) port some subset of the Solar Designer
      * to the LSM+fd parms.  We will then have a very well motivated example
      * hand should anyone in linux kernel space question this decision.
      * And it will be cool :-)
    You're right this policy does not in itself use fds. But the argument was
    that fds are not useful for any policy. 
    The policy could have been implemented by using the fd parameters to the
    file_ops hooks and revoking access on read/write, but that would have meant
    adding new hooks (open/post_open/close) and misleading since this was the
    obvious way of implementing the policy (that's how Solar impemented it). I
    was honest.
    I can't win.
    *> OffTopic:
    *>     Should we create a new de-facto standard directory for policies to be
    *> located in the kernel tree ? It would make it easier if we all had a
    *> single location for them... 
    * Good idea.  Anyone have a name that they like?
    What about living in the security directory (where the config file is now).
    Each in its own separate subdir ?
    Perhaps they should be named <policy>_lsm.o to denote them as lsm modules
    rather than any other type ? On an installed system, that would lead them
    to be installed under /lib/modules/*/kernel/security/policy_lsm.o ?
    * greg k-h
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 07:48:47 PDT