Thread (7 messages) 7 messages, 2 authors, 2017-04-01
STALE3354d

[PATCH] TOMOYO: Switch from per "struct cred" blob to per "struct task_struct" blob.

From: penguin-kernel@I-love.SAKURA.ne.jp (Tetsuo Handa)
Date: 2017-03-31 00:52:54 

Casey Schaufler wrote:
On 3/30/2017 4:09 AM, Tetsuo Handa wrote:
quoted
Even though TOMOYO uses per "struct task_struct" blob, TOMOYO can
start running with any other LSM modules by applying below change.
What are you worrying about?
Until such time as a blob sharing scheme, either the one
I've been working on, yours below or something else, is
adopted, and until another module starts using the task
blob, you could use TOMOYO with any other module. The
existing model for choosing a "major" module does not
allow for TOMOYO+AppArmor. Ignoring the blob management
issue, how would you suggest enabling TOMOYO+AppArmor? 
Changing

-#define SECURITY_NAME_MAX       10
+#define SECURITY_NAME_MAX       64

 int __init security_module_enable(const char *module)
 {
-	return !strcmp(module, chosen_lsm);
+	return strstr(chosen_lsm, module) != NULL;
 }

and passing

  security=tomoyo,apparmor

to the kernel boot command line option, with checking for currently conflicting
choices like an example below.

	pr_info("Security Framework initialized\n");
+	if (IS_ENABLED(CONFIG_SECURITY_SELINUX) && IS_ENABLED(CONFIG_SECURITY_SMACK) && security_module_enable("selinux") && security_module_enable("smack"))
+		panic("Selected combination is not supported\n");

quoted
If we want per LSM module per "struct task_struct" blob before
TOMOYO is converted to use per "struct task_struct" blob, I'm ready to
propose that part (picked up from below change) first.
I suggest that the best thing to do regarding the task blob
is to adopt a general blob sharing scheme that is useful for
all of the blobs rather than inventing a special one for TOMOYO.
Since we are already receiving proposals of new modules which want to
use the task blob, I think priority of sharing (isolating ?) the task
blob (in other words, allow multiple modules to call task_alloc/task_free
hooks) is higher than enabling SELinux+Smack.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help