Re: Basic questions about LSM architecture.

From: Chris Wright (chrisat_private)
Date: Sat Nov 24 2001 - 17:59:57 PST

  • Next message: rhys tucker: "Re: Basic questions about LSM architecture."

    * rhys tucker (rhystuckerat_private) wrote:
    > 
    > 1. What security configuration does the base kernel have under LSM?. Is it nothing or is it the traditional root and others?.
    
    as crispin mentioned, the base kernel is left with the traditional mode
    bit tests, which include a test for an override mechanism.  the default
    override mechanism is a simple {e,fs}uid == 0 test.  so an LSM kernel
    with no security modules loaded enforces simple mode bit + root user
    tests.
    
    > 2. The LKM mechanism has a dummy LKM representing the statically-linked base kernel. Is LSM's initial module intended to be the first loaded module after 
    > this dummy LKM.? 
    
    if the module is compiled into the kernel, it will be loaded/initialized
    in link order along with the rest of the do_init_calls() stuff.  if it is
    actually compiled as a module, it will be loaded whenever the admin says
    so (i'd expect this to be as early as possible during bootup).  note:
    expect to see changes here as the 2.5 boot sequence should give better
    control over do_init_calls ordering, and more pervasive use of initrd.
    
    > 3. What does LSM's initial LKM  achieve? 
    
    when lsm is initialized (see security_scaffolding_startup()
    in init/main.c::start_kernel() for exactly when this happens) it
    sets the kernel's security_operations pointer to an initial value.
    at this point the kernel enforces mode bit + root user access checks
    (as mentioned above).
    
    the lsm project has more than just the initial "dummy" security
    module implemented.  in particular, we have a POSIX.1e capabilities
    implementation, the domain and type enforcement module from serge hallyn,
    some pieces of the Openwall kernel patch ported to LSM, and NSA has
    ported SELinux to LSM.
    
    > 4. How are system-calls affected?. How many additional system calls are implemented in the base kernel for LSM support? Do LSM modules implement more 
    > system-calls?
    
    see crispin's description ;-)  if you are familiar with the
    sys_socketcall(), we use the same multiplexing mechanism to give LSMs as
    many system calls as needed through the one sys_security() multiplexor.
    
    cheers,
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sat Nov 24 2001 - 18:08:35 PST