> A question by the way: the "SE Linux patch against an LSM patched kernel" > seems to include some things not (yet) included in the BitKeeper tree. > What is the status of this additional patch? You should apply the separate SELinux patch if you want to use SELinux. It adds a few items that are not presently provided by the LSM patch. We've discussed these changes previously on the LSM list, and some of the changes have been merged into the main LSM patch in the past (e.g. the sb_kern_mount hook), but the remaining changes are presently considered too SELinux-specific or too invasive for the main LSM patch. The Makefile and defconfig changes can be omitted; they simply set the EXTRAVERSION and default options for SELinux. Russell Coker drops those two diffs when he generates his LSM patches, but he picks up the other changes. The other changes are either #ifdef'd or provide appropriate default hooks for non-SELinux modules, so you can still build with another security module even after applying the separate SELinux patch. The change to d_instantiate in fs/cache.c is to enable the security module to set up the inode security structure before it is associated with a dentry. In contrast, the existing LSM inode_post_lookup hook is subject to races, since the entry is already in the dcache and might be returned via a cached lookup before inode_post_lookup sets up the inode security structure. The existing LSM inode_post_lookup hook also doesn't address the situation where a filesystem directly populates the dcache. The changes to fs/pipe.c, fs/devpts/inode.c, and mm/shmem.c were originally to enable the security module to set up the inode security structure when its other "security" state (e.g. mode, uid) has been initialized in the proper context (i.e. the context of the creating process). The fs/pipe.c and mm/shmem.c changes may be obsolete due to the hook in d_instantiate. The fs/devpts/inode.c change still seems to be necessary, since the dentry isn't created until a subsequent lookup. The change to init/main.c is to provide early initialization of SELinux, so that it can ensure that every kernel object has a properly allocated and initialized security structure. Chris Wright proposed a general mechanism for providing this functionality to any security module, but hasn't been sufficiently satisfied with it to include it into the main LSM patch yet. The change to net/netsyms.c is to export certain symbols needed by Selopt (SELinux labeled networking) if it is enabled. -- Stephen Smalley, NSA sdsat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 13:05:06 PST