Re: Security modules and sending signals within the same process
From: John Johansen <hidden>
Date: 2018-11-30 23:38:41
Also in:
linux-security-module, selinux
Possibly related (same subject, not in this thread)
- 2018-12-11 · Re: Security modules and sending signals within the same process · Florian Weimer <hidden>
- 2018-11-30 · Re: Security modules and sending signals within the same process · Florian Weimer <hidden>
- 2018-11-30 · Re: Security modules and sending signals within the same process · Casey Schaufler <hidden>
- 2018-11-30 · Re: Security modules and sending signals within the same process · Stephen Smalley <hidden>
- 2018-11-30 · Security modules and sending signals within the same process · Florian Weimer <hidden>
On 11/30/18 9:54 AM, Casey Schaufler wrote:
On 11/30/2018 7:14 AM, Florian Weimer wrote:quoted
Is it guaranteed that tasks in the same thread group can always send signals to each other, irrespective of their respective credentials structs?No. An LSM may chose to disallow this based on just about any criteria it desires.
And apparmor is in fact doing this a few limited situations, userspace has to request the profile change via an api, and regular policy enforcement based on credentials mediates the signals. Its not something we recommend but it has been used. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor