Re: LSM adapted to support XFS

From: Stephen D. Smalley (sdsat_private)
Date: Tue Dec 17 2002 - 06:21:11 PST

  • Next message: Oliver Tennert: "Re: LSM adapted to support XFS"

    > A question by the way: the "SE Linux patch against an LSM patched kernel"
    > seems to include some things not (yet) included in the BitKeeper tree.
    > What is the status of this additional patch?
    
    You should apply the separate SELinux patch if you want to use SELinux.
    It adds a few items that are not presently provided by the LSM patch.
    We've discussed these changes previously on the LSM list, and some
    of the changes have been merged into the main LSM patch in the past
    (e.g. the sb_kern_mount hook), but the remaining changes are presently
    considered too SELinux-specific or too invasive for the main LSM patch.
    
    The Makefile and defconfig changes can be omitted; they simply set the
    EXTRAVERSION and default options for SELinux.  Russell Coker drops those
    two diffs when he generates his LSM patches, but he picks up the other
    changes.  The other changes are either #ifdef'd or provide appropriate
    default hooks for non-SELinux modules, so you can still build with another
    security module even after applying the separate SELinux patch.
    
    The change to d_instantiate in fs/cache.c is to enable the security module
    to set up the inode security structure before it is associated with a dentry.
    In contrast, the existing LSM inode_post_lookup hook is subject to races, since 
    the entry is already in the dcache and might be returned via a cached lookup
    before inode_post_lookup sets up the inode security structure.  The existing
    LSM inode_post_lookup hook also doesn't address the situation where a
    filesystem directly populates the dcache.
    
    The changes to fs/pipe.c, fs/devpts/inode.c, and mm/shmem.c were originally
    to enable the security module to set up the inode security structure when
    its other "security" state (e.g. mode, uid) has been initialized in the 
    proper context (i.e. the context of the creating process).  The fs/pipe.c
    and mm/shmem.c changes may be obsolete due to the hook in d_instantiate.
    The fs/devpts/inode.c change still seems to be necessary, since the
    dentry isn't created until a subsequent lookup.
    
    The change to init/main.c is to provide early initialization of SELinux,
    so that it can ensure that every kernel object has a properly allocated
    and initialized security structure.  Chris Wright proposed a general
    mechanism for providing this functionality to any security module, but
    hasn't been sufficiently satisfied with it to include it into the main
    LSM patch yet.
    
    The change to net/netsyms.c is to export certain symbols needed by 
    Selopt (SELinux labeled networking) if it is enabled.
    
    --
    Stephen Smalley, NSA
    sdsat_private
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 13:05:06 PST