My thanks to all who have contributed to the Linux Security Module framework. This message describes a small LSM project that I have been involved with, and seeks your help with comments and feedback. Linux audio workstations require a *simple* mechanism for granting realtime privileges to audio programs and users. After some discussion on the linux-audio-developers mailing list, Torben Hohn came up with an LSM approach that meets this need. I have taken his work, modified, and distributed it as an experimental package. This has gotten a fair amount of use and feedback within the Linux audio community. It seems to work. Since it has proven useful, I want to package and officially support it. In addition, there is now some interest this mechanism within the Debian multimedia project. The code is quite small and simple, thanks to the power of the LSM framework. My entire distribution package is only about 10KB. The GPL `COPYING' file is much larger than the C-language sources. :-) http://www.joq.us/realtime/realtime-0.0.3.tar.gz Several questions... (1) How best to make and distribute a separately-packaged LSM? My current Makefile uses the kernel build mechanism, passing itself as an extra subdirectory and symlinking to the kernel's version of security/commoncap.c. This seems to work reasonably well, with the INSTALL instructions telling users what to do. But, it means that they need all the kernel sources and build tools to do anything. Maybe that is inevitable. Are there other approaches I should consider? Where can I find (preferably small) LSM packaging examples to study? Is anyone using autoconf and automake tools? Has anyone built a Debian LSM package? (2) Comments and suggestions on the security of this approach? The goal is to allow audio users easy access to realtime privileges as on Mac OS X or Windows-based Digital Audio Workstations. In this environment, local denial of service attacks are considered acceptable risks. To those of you working on Orange Book style system security projects, calling this a "Security Module" must sound like an oxymoron. But, we want to eliminate the current situation in which many large, untrusted audio applications must run as root to work reliably at low latencies. (3) Examples of LSM code controlled via /proc or /sys variables? The realtime LSM provides several system admin options for various levels of permissiveness. These are implemented as parameters for the modprobe command and described in the README. I would like to extend this to allow parameter control via /proc or /sys. Where can I find code like that to study? Which is appropriate? I was leaning towards /proc, mostly because I also want to implement a similar mechanism for 2.4 with a kernel patch (LSM seems overkill in that case). But, I have seen discussion here indicating that /sys is the preferred approach for 2.6 and for LSMs. (4) What else do I need to learn? Thanks in advance for any help you can provide... -- joq
This archive was generated by hypermail 2b30 : Wed Mar 03 2004 - 20:33:03 PST