Re: [RFC][PATCH] Generic fallback for security xattrs

From: Casey Schaufler (casey@schaufler-ca.com)
Date: Mon Jul 18 2005 - 08:53:53 PDT

Previous message: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
In reply to: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
Reply: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

--- Stephen Smalley <sds@private> wrote:

> On Fri, 2005-07-15 at 15:09 -0700, Casey Schaufler
> wrote:
> > These require care, as there needs to be
> > some scheme to determine what attributes
> > a particular generated object should have.
> > But that's already being done for the
> > mode bits and ownership. If there are
> > exceptions it seems the Linux mount scheme
> > has everything you need to pass that along.
> 
> While you might use a mount option to specify a
> default label to apply
> to all inodes in a given filesystem (and SELinux
> supports such options),
> that doesn't address the issue of allowing userspace
> to get the security
> label of a given inode in a consistent and uniform
> manner (e.g. just
> calling getxattr).

That's correct. You still need to add to the
file system code to support the system call
interface. But really, the only hard problem
is what to do in the case of a file system with
an inflexible on disk format, and I've provided
what I can (due to corporate IP policies) on
addressing that issue.

> Otherwise, /bin/ls -Z has to go
> rummaging about
> in /etc/mtab or similar to check mount options,
> possibly read policy or
> access selinuxfs to figure out how certain
> filesystems are being
> handled, etc.

That's right.

> Also, we want (and already have) finer-grained
> labeling than just one
> label per mount for some of these filesystems, e.g.
> ptys in devpts and
> temporary files in tmpfs have labels computed in
> part based on the
> creating process, and /proc/pid inodes are assigned
> security labels
> corresponding to the associated process.

Do you store that label anywhere? If you're
referencing from the inode, no matter how
indirectly, you ought to be able to expose it
as an xattr. Now, if you have two you may have
a naming issue to address, but I'm sure you
can deal with that easily enough.

Casey Schaufler
casey@schaufler-ca.com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Previous message: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
In reply to: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
Reply: Stephen Smalley: "Re: [RFC][PATCH] Generic fallback for security xattrs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 18 2005 - 08:55:32 PDT