Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

From: Kurt Garloff (garloff@private)
Date: Wed Feb 23 2005 - 16:55:51 PST


Hi Amon,

On Mon, Feb 21, 2005 at 11:19:16AM +0100, Amon Ott wrote:
> > -> 5. Posix Capabilities Without Stacking Support
> > 
> > I don't get the point of these claims.
> > The LSM framework currently has full support for dynamic and
> > logic-changeable POSIX.1e capabilities, using the capable() hook and
> > calling capable(from whatever location inside any other hook to apply
> > further logic checks (ie. in capable() check for jailed @current  process
> > and deny use of CAP_SYS_CHROOT and CAP_SYS_ADMIN or what-ever-else
> > capabilities) or in syslog() to deny access to kernel messages stack to
> > unprivileged users.
> 
> Without rechecking the current state: At least the last time I 
> checked, the hardwired kernel capabilities were explicitely disabled 
> when LSM got switched on. You had to use the capabilities LSM module 
> instead, which was not able to stack. It always had to be the last in 
> the chain, thus effectively sealing against any other LSM module to 
> be loaded later.

My patches posted Feb 13 fix this.

If you apply them (and I hope Linus will), capabilities is default
and you can replace that by loading an LSM. You can stack capability
on top of the primary LSM again, if the latter supports this.

Best regards,
-- 
Kurt Garloff, Director SUSE Labs, Novell Inc.





This archive was generated by hypermail 2.1.3 : Wed Feb 23 2005 - 19:46:22 PST