Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

From: Kurt Garloff (garloff@private)
Date: Fri Feb 25 2005 - 02:14:24 PST


Hi Amon,

On Thu, Feb 24, 2005 at 09:28:38AM +0100, Amon Ott wrote:
> On Donnerstag 24 Februar 2005 01:55, Kurt Garloff wrote:
> > If you apply them (and I hope Linus will), capabilities is default
> > and you can replace that by loading an LSM. You can stack capability
> > on top of the primary LSM again, if the latter supports this.
> 
> Well, not quite, although it is an improvement.
> 
> As long as the capabilities module does not support stacking, anybody 
> needing capabilities and e.g. on-access scanning with Dazuko will 
> have to unload this module, load another module, and reload it. 

Nope.

With the patchset applied you get capabilities as default behaviour,
so with_out_ any LSM loaded.

> This creates a nasty race condition. 

You can load any module to replace capabilities. No race condition
(except that the point in time when the security_ops is actually
 updated is not well defined as there's no locking nor wmb()).

You can also load the capabilities module on top of the default,
but it won't change any behaviour then (other than eating a few
percent performance in some paths).

> BTW, what happens if capabilities 
> have been compiled static, not as a module?

Why would you want to do this?

> AFAIK, not all LSM modules provide correct stacking. 

True.

Regards,
-- 
Kurt Garloff, Director SUSE Labs, Novell Inc.





This archive was generated by hypermail 2.1.3 : Fri Feb 25 2005 - 02:15:00 PST