Re: new stacker module

From: Chris Wright (chrisw@private)
Date: Mon Nov 17 2003 - 09:56:49 PST

  • Next message: Serge E. Hallyn: "Re: new stacker module"

    * Serge E. Hallyn (hallyn@private) wrote:
    > At is a patch against the
    > current lsm-2.5 bk tree to implement a new stacker module.  I started
    > with David Wheeler's module (thanks :), and updated it to work with the
    > 2.6 hooks and use sysfs.  Beyond that, I left several features for
    > later.  In particular, I'm not dealing with module unloading yet.
    > The main extension is the ability to stack more than one module needing
    > access to kernel security objects.  However it requires a bit of
    > cooperation from the stacked modules to do so.  Here's how it works:
    > insmod stacker_plug.ko
    > insmod another module (say dirjail.ko)
    > dirjail will call mod_reg_security, and get back a return value >= 0.
    > This value is it's index into a void ** array allocated by stacker for
    > each security object.  (The number of void*'s allocated is 3 by default,
    > and can is specified as a max_num_modules module parameter to stacker)
    > There seems to be no elegant way to have stacker simply be able to
    > allocate this array before any module will use it, so stacker exports a
    > set of functions for allocating the security fields.
    > void ** stacker_alloc_bprm_sec(struct linux_binprm *bprm);
    > void ** stacker_alloc_sb_sec(struct super_block *sb);
    > void ** stacker_alloc_inode_sec(struct inode *inode);
    > void ** stacker_alloc_file_sec(struct file *file);
    > void ** stacker_alloc_task_sec(struct task_struct *p);
    > void ** stacker_alloc_req_sec(struct open_request *req);
    > void ** stacker_alloc_skb_sec(struct sk_buff *skb);
    > void ** stacker_alloc_msg_sec(struct msg_msg *msg);
    > void ** stacker_alloc_msgqueue_sec(struct msg_queue *msq);
    I like the idea of better stacking, but many of the current hooks really
    expect the user to set the blob in the object after allocating it.  This
    conflicts with the stacker, no?  IOW, the cooperation you mention above
    means changing the allocation routines for any module that wants to be
    Linux Security Modules

    This archive was generated by hypermail 2b30 : Mon Nov 17 2003 - 09:58:10 PST