Re: Basic questions about LSM architecture.

• Previous message: Crispin Cowan: "Re: Basic questions about LSM architecture."
• In reply to: rhys tucker: "Basic questions about LSM architecture."
• Next in thread: rhys tucker: "Re: Basic questions about LSM architecture."
• Reply: rhys tucker: "Re: Basic questions about LSM architecture."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* rhys tucker (rhystuckerat_private) wrote:
> 
> 1. What security configuration does the base kernel have under LSM?. Is it nothing or is it the traditional root and others?.

as crispin mentioned, the base kernel is left with the traditional mode
bit tests, which include a test for an override mechanism.  the default
override mechanism is a simple {e,fs}uid == 0 test.  so an LSM kernel
with no security modules loaded enforces simple mode bit + root user
tests.

> 2. The LKM mechanism has a dummy LKM representing the statically-linked base kernel. Is LSM's initial module intended to be the first loaded module after 
> this dummy LKM.? 

if the module is compiled into the kernel, it will be loaded/initialized
in link order along with the rest of the do_init_calls() stuff.  if it is
actually compiled as a module, it will be loaded whenever the admin says
so (i'd expect this to be as early as possible during bootup).  note:
expect to see changes here as the 2.5 boot sequence should give better
control over do_init_calls ordering, and more pervasive use of initrd.

> 3. What does LSM's initial LKM  achieve? 

when lsm is initialized (see security_scaffolding_startup()
in init/main.c::start_kernel() for exactly when this happens) it
sets the kernel's security_operations pointer to an initial value.
at this point the kernel enforces mode bit + root user access checks
(as mentioned above).

the lsm project has more than just the initial "dummy" security
module implemented.  in particular, we have a POSIX.1e capabilities
implementation, the domain and type enforcement module from serge hallyn,
some pieces of the Openwall kernel patch ported to LSM, and NSA has
ported SELinux to LSM.

> 4. How are system-calls affected?. How many additional system calls are implemented in the base kernel for LSM support? Do LSM modules implement more 
> system-calls?

see crispin's description ;-)  if you are familiar with the
sys_socketcall(), we use the same multiplexing mechanism to give LSMs as
many system calls as needed through the one sys_security() multiplexor.

cheers,
-chris

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: rhys tucker: "Re: Basic questions about LSM architecture."
• Previous message: Crispin Cowan: "Re: Basic questions about LSM architecture."
• In reply to: rhys tucker: "Basic questions about LSM architecture."
• Next in thread: rhys tucker: "Re: Basic questions about LSM architecture."
• Reply: rhys tucker: "Re: Basic questions about LSM architecture."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 24 2001 - 18:08:35 PST