[PATCH v1 00/22] LSM: Full security module stacking

[PATCH v1 00/22] LSM: Full security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 01/22] procfs: add smack subdir to attrs · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 02/22] Smack: Abstract use of cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 03/22] SELinux: Abstract use of cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 04/22] LSM: Infrastructure management of the cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 05/22] SELinux: Abstract use of file security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 06/22] LSM: Infrastructure management of the file security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 07/22] LSM: Infrastructure management of the task security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
PATCH v1 08/22] SELinux: Abstract use of inode security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 09/22] Smack: Abstract use of inode security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 10/22] LSM: Infrastructure management of the inode security · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 11/22] LSM: Infrastructure management of the superblock security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 12/22] LSM: Infrastructure management of the sock security · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 13/22] LSM: Infrastructure management of the ipc security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 14/22] LSM: Infrastructure management of the key security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 15/22] LSM: Mark security blob allocation failures as unlikely · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 16/22] LSM: Sharing of security blobs · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 17/22] LSM: Allow mount options from multiple security modules · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 18/22] LSM: Use multiple secids in security module interfaces · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 19/22] LSM: Use multiple secids in LSM interfaces · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
[PATCH v1 20/22] Move common usercopy into security_getpeersec_stream · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
Re: [PATCH v1 20/22] Move common usercopy into security_getpeersec_stream · Piotr Sawicki <hidden> · 2018-08-03
Re: [PATCH v1 20/22] Move common usercopy into security_getpeersec_stream · Casey Schaufler <casey@schaufler-ca.com> · 2018-08-03
[PATCH v1 21/22] LSM: Multiple concurrent major security modules · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
Re: [PATCH v1 21/22] LSM: Multiple concurrent major security modules · Piotr Sawicki <hidden> · 2018-10-09
[PATCH v1 22/22] Netfilter: Add a selection for Smack · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
Re: [PATCH v1 00/22] LSM: Full security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
Re: [PATCH v1 00/22] LSM: Full security module stacking · James Morris <jmorris@namei.org> · 2018-07-16
Re: [PATCH v1 00/22] LSM: Full security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2018-07-16
Re: [PATCH v1 00/22] LSM: Full security module stacking · Sargun Dhillon <hidden> · 2018-08-14
Re: [PATCH v1 00/22] LSM: Full security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2018-08-14
Re: [PATCH v1 00/22] LSM: Full security module stacking · Jordan Glover <hidden> · 2018-08-14
Re: [PATCH v1 00/22] LSM: Full security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2018-08-14
Re: [PATCH v1 00/22] LSM: Full security module stacking · Kees Cook <hidden> · 2018-08-15
Re: [PATCH v1 00/22] LSM: Full security module stacking · Salvatore Mesoraca <hidden> · 2018-08-16
Re: [PATCH v1 00/22] LSM: Full security module stacking · James Morris <jmorris@namei.org> · 2018-08-22

From: casey@schaufler-ca.com (Casey Schaufler)
Date: 2018-08-14 18:28:33
Also in: lkml, selinux

On 8/14/2018 10:05 AM, Sargun Dhillon wrote:

On Mon, Jul 16, 2018 at 10:53 AM, Casey Schaufler
[off-list ref] wrote:

quoted

LSM: Full security module stacking

I'm calling this v1 not because it's the first version
I've put out but because it's the first version I'm getting
serious external pressure to get upstream.

Awesome work, I'm glad that this is getting further.

It's following the 90/90 rule pretty closely. The first
90% of the work took 90% of the time, and the last 10% is
taking the other 90% of the time.

quoted

The blob management part (through "LSM: Sharing of security blobs")
is ready for prime-time. These changes move the management of
security blobs out of the security modules and into the security
module infrastructure. With this change the proposed S.A.R.A,
LandLock and PTAGS security modules could co-exist with any of
the existing "major" security modules. The changes reduce some
code duplication.

Beyond the blob management there's a bit of clean-up.
Mounting filesystems had to be changed so that options
a security module doesn't recognize won't be considered
a fatal error. The mount infrastructure is somewhat
more complex than one might assume.

Casey,
Do you think you can break out 1 into its own patch? It seems like
that'd be valuable to everyone.

Yes, I think that is a good idea. Landlock, S.A.R.A. and a couple
other security modules could be added upstream if this part of the
work was available. It would not provide everything needed to stack
all the existing modules. I believe there is concern that if this
much went upstream the work on finishing what's required to make
everything work might be abandoned.

What's your thought here if we ever introduce dynamic security
modules? It's nice that we now have a way around rolling back blobs if
one fails, but what if a new module was activated, would we just
resize the slab cache?

Making the blob size dynamic at run time makes the blob management
more complicated because you have to keep track of the modules in
play when the blob was allocated, and pay attention to that when hooks
are called. It's a lot simpler if you don't let blobs get smaller,
but still requires more bookkeeping than if the size is static. It
is completely doable. I have played with it a bit. There are performance
implications.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help