Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking

From: Stephen Smalley (sds@private)
Date: Tue Dec 07 2004 - 12:44:28 PST


On Tue, 2004-12-07 at 16:40, Serge Hallyn wrote:
> Are there good reasons not to use the attached patch?

There is a reason; we can argue about whether it is good ;)
When cap_ptrace or cap_bprm_apply_creds calls capable(), we do want that
capability to be checked by SELinux as well, just as we would for a
capable() call by the core kernel's ptrace_attach or compute_creds
logic.  From our perspective, the original capabilities logic is part of
the core kernel, despite the fact that it has been pushed into a
module.  In order to independently apply that capability check in the
corresponding SELinux hook function, we would have to duplicate the
logic in the cap_ptrace or cap_bprm_apply_creds functions that decide
whether or not to check that capability, and would end up duplicating
most of those functions in their entirety.  At that point, we lose any
value from using cap_* at all and might as well just maintain our own
copy of the entire logic in the SELinux hook functions.

On the other side, with the current situation, we have to duplicate a
copy of the logic in the cases where we need to customize it, e.g.
vm_enough_memory, inode_setxattr, inode_removexattr.  But I'd rather do
that and be able to re-use cap_bprm_apply_creds than the other way
around.

-- 
Stephen Smalley <sds@private>
National Security Agency



This archive was generated by hypermail 2.1.3 : Tue Dec 07 2004 - 12:53:03 PST