Re: [RFC] No more module_* hooks

From: Chris Wright (chrisat_private)
Date: Mon Sep 30 2002 - 11:27:51 PDT

  • Next message: Stephen Smalley: "Re: Early initialization of security modules"

    * Greg KH (gregat_private) wrote:
    > On Mon, Sep 30, 2002 at 12:52:07AM -0700, Chris Wright wrote:
    > > * Stephen Smalley (sdsat_private) wrote:
    > > > 
    > > > All of the hooks in the 2.5.38-lsm-ipc.patch are used by SELinux.  Of the
    > > > hooks in the 2.5.38-lsm-misc.patch, the following hooks appear to be
    > > > unused by the existing security modules:
    > > > 	sethostname
    > > > 	setdomainname
    > > > 	reboot
    > > > 	ioperm
    > > > 	iopl
    > > > 	module_*
    > > 
    > > All of the above hooks are used by SubDomain.
    > 
    > Is subdomain going to be released under the GPL anytime soon?
    
    I hope so, yes.
    
    > And is there any reason you can't use the capabilities check for these
    > hooks, like SELinux does?  From what I remember, SubDomain didn't check
    > these hooks in the past with any finer-grained access rights from what
    > capabilities would give you, or am I forgetting things?
    
    This is certainly true for reboot, and nearly true for module_*.  However,
    set*name is simply using CAP_SYS_ADMIN...I think the change should go
    the other way.  For example, it's simple to do:
    
    cap_sethostname(...) { return cap_capable(current, CAP_SYS_ADMIN); }
    
    thanks,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 11:36:27 PDT