Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2

From: Stephen Smalley (sdsat_private)
Date: Mon Sep 30 2002 - 11:14:21 PDT

  • Next message: Greg KH: "Re: [RFC] No more module_* hooks"

    On Mon, 30 Sep 2002, Olaf Dietsche wrote:
    
    > Even SELinux would benefit from this new hook, since they could move
    > the protocol specific part away from socket_bind() to ip_prot_sock().
    > Thus, they could gain _real_ fine grained control over who has access
    > and who has not.
    
    In the original SELinux kernel patch, we did place the name_bind check
    directly in inet_bind with the existing Linux check, although we still
    only supported augmenting the existing check.  When we migrated to LSM, we
    tried to further minimize the invasiveness of our code by using the
    abstract socket layer hooks when possible (along with using the Netfilter
    hooks and a few additional network layer hooks).  Notice that
    "augmenting the existing check" aka "restrictive" is a design
    characteristic of LSM, as discussed in the published LSM papers.  SELinux
    does provide fine-grained control over what processes can bind to a
    particular port based on the security domain.
    
    However, I understand your point and don't object to your hook, except to
    suggest that you not pass both the port and the (address, addrlen) pair
    to it.  You could drop the latter without harm to SELinux, but it would be
    more general to drop the port and pass the full address.  My only other
    concern is whether the kernel developers will object to having a LSM hook
    in both sys_bind and inet_bind.
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 11:16:26 PDT