Home » Mailing list archives » linux-kernel » 2008 » January » 14

Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: David Howells
Subject: Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]
Date: Monday, January 14, 2008 - 7:06 am

David Howells <dhowells@redhat.com> wrote:


FYI, I added the following vectors:

	# kernel services that need to override task security
	class kernel_service
	{
		use_as_override
		create_files_as
	}

The first allows:

	avc_has_perm(daemon_tsec->sid, nominated_sid,
		     SECCLASS_KERNEL_SERVICE,
		     KERNEL_SERVICE__USE_AS_OVERRIDE,
		     NULL);

And the second something like:

	avc_has_perm(tsec->sid, inode->sid,
		     SECCLASS_KERNEL_SERVICE,
		     KERNEL_SERVICE__CREATE_FILES_AS,
		     NULL);

Rather than specifically dedicating them to the cache, I made them general.

David
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH 00/28] Permit filesystem local caching [try #2], David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 01/28] KEYS: Increase the payload size when instant ..., David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 02/28] KEYS: Check starting keyring as part of sear ..., David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 03/28] KEYS: Allow the callout data to be passed as ..., David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 04/28] KEYS: Add keyctl function to get a security ..., David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 05/28] Security: Change current-&gt;fs[ug]id to curren ..., David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 06/28] SECURITY: Separate task security context fro ..., David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 07/28] SECURITY: De-embed task security record from ..., David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 08/28] SECURITY: Allow kernel services to override ..., David Howells, (Wed Dec 5, 12:38 pm)
[PATCH 09/28] FS-Cache: Release page-&gt;private after failed ..., David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 10/28] FS-Cache: Recruit a couple of page flags for ..., David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 11/28] FS-Cache: Provide an add_wait_queue_tail() f ..., David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 12/28] FS-Cache: Generic filesystem caching facilit ..., David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 13/28] CacheFiles: Add missing copy_page export for ..., David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 14/28] CacheFiles: Be consistent about the use of m ..., David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 16/28] CacheFiles: Permit the page lock state to be ..., David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 17/28] CacheFiles: Export things for CacheFiles [tr ..., David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 18/28] CacheFiles: A cache that backs onto a mounte ..., David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 19/28] NFS: Use local caching [try #2], David Howells, (Wed Dec 5, 12:39 pm)
[PATCH 20/28] NFS: Configuration and mount option changes ..., David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 21/28] NFS: Display local caching state [try #2], David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 22/28] fcrypt endianness misannotations [try #2], David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 23/28] AFS: Add TestSetPageError() [try #2], David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 24/28] AFS: Add a function to excise a rejected wri ..., David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 25/28] AFS: Improve handling of a rejected writebac ..., David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 26/28] AF_RXRPC: Save the operation ID for debuggin ..., David Howells, (Wed Dec 5, 12:40 pm)
[PATCH 28/28] FS-Cache: Make kAFS use FS-Cache [try #2], David Howells, (Wed Dec 5, 12:40 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Mon Dec 10, 9:46 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Mon Dec 10, 10:07 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Mon Dec 10, 10:23 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Mon Dec 10, 2:27 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Mon Dec 10, 3:26 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Mon Dec 10, 4:36 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Mon Dec 10, 4:44 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Mon Dec 10, 4:46 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Mon Dec 10, 4:56 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Tue Dec 11, 11:34 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Tue Dec 11, 12:26 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Tue Dec 11, 12:37 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Tue Dec 11, 12:52 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Tue Dec 11, 12:56 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Tue Dec 11, 1:40 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Tue Dec 11, 1:42 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Tue Dec 11, 2:18 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Tue Dec 11, 2:34 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Tue Dec 11, 4:04 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Karl MacMillan, (Wed Dec 12, 7:41 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Dec 12, 7:53 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Karl MacMillan, (Wed Dec 12, 7:59 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Wed Dec 12, 8:25 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Wed Dec 12, 9:51 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Wed Dec 12, 11:12 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Dec 12, 11:25 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Dec 12, 11:29 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Wed Dec 12, 12:20 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Dec 12, 12:29 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Wed Dec 12, 12:33 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Wed Dec 12, 12:35 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Wed Dec 12, 12:37 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Wed Dec 12, 12:44 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Wed Dec 12, 12:49 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Wed Dec 12, 1:09 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Dec 12, 3:29 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Dec 12, 3:49 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Dec 12, 3:55 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Thu Dec 13, 7:49 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Thu Dec 13, 7:51 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Thu Dec 13, 8:36 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Thu Dec 13, 9:03 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Thu Dec 13, 9:23 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Thu Dec 13, 10:01 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Thu Dec 13, 10:27 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Thu Dec 13, 11:04 am)
Re: [PATCH 09/28] FS-Cache: Release page-&gt;private after fa ..., Nick Piggin, (Thu Dec 13, 8:51 pm)
Re: [PATCH 10/28] FS-Cache: Recruit a couple of page flags ..., Nick Piggin, (Thu Dec 13, 9:08 pm)
Re: [PATCH 24/28] AFS: Add a function to excise a rejected ..., Nick Piggin, (Thu Dec 13, 9:21 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Jan 9, 9:51 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Jan 9, 10:27 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Wed Jan 9, 11:11 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Wed Jan 9, 12:19 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Thu Jan 10, 4:09 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Mon Jan 14, 7:01 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Mon Jan 14, 7:06 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Mon Jan 14, 7:52 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Mon Jan 14, 8:19 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Tue Jan 15, 7:56 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Tue Jan 15, 7:58 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Tue Jan 15, 9:03 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Tue Jan 15, 9:08 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Tue Jan 15, 11:10 am)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Stephen Smalley, (Tue Jan 15, 12:15 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Tue Jan 15, 2:55 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., Casey Schaufler, (Tue Jan 15, 3:23 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., David Howells, (Wed Jan 23, 1:52 pm)
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ..., James Morris, (Wed Jan 23, 3:03 pm)