From: valdis.kletnieks@vt.edu
To: Lev Olshvang <levonshe@yandex.com>
Cc: linux-il <linux-il@cs.huji.ac.il>,
kernelnewbies <kernelnewbies@kernelnewbies.org>
Subject: Re: Kernel default security configuration - how it affects LSM policy?
Date: Sun, 25 Nov 2018 22:26:41 -0500 [thread overview]
Message-ID: <134786.1543202801@turing-police.cc.vt.edu> (raw)
Message-ID: <20181126032641.KxR83mi841AXh0xX86NWuZ5t3pT8Ptau307_ZDxTehs@z> (raw)
In-Reply-To: <2782681542810050@sas1-890ba5c2334a.qloud-c.yandex.net>
[-- Attachment #1.1: Type: text/plain, Size: 1082 bytes --]
On Wed, 21 Nov 2018 17:20:50 +0300, Lev Olshvang said:
> So the questioned config option seems obsolete ?
> Wheher LSM always consulted last ?
If an LSM is configured/loaded, it is always consulted *after* applying
standard DAC file permission bits checks. (Discretionary Access Control- the
owner of the file/object is allowed to make their own decisions)
LSMs are always restrictive MAC (Mandatory access control - they are applied by
the system regardless of what the user/owner wants) calls. Restrictive means
they can only prohibit a call that has already passed the DAC check, they
cannot allow a call that would otherwise be failed by DAC.
LSMs are called after DAC checks for a number of reasons. One big one
is that when the LSM hooks were designed, the file permission checks were
(and still are) incredibly cheap - 3-4 opcodes or so. So it makes sense to
do the cheap check first, as things like SELinux or AppArmor take a lot
more cycles to do the check. (There's also a few oddball corner cases where
doing the MAC check first results in non-intuitive results)
[-- Attachment #1.2: Type: application/pgp-signature, Size: 486 bytes --]
[-- Attachment #2: Type: text/plain, Size: 170 bytes --]
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
next prev parent reply other threads:[~2018-11-26 3:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-21 14:20 Kernel default security configuration - how it affects LSM policy? Lev Olshvang
2018-11-21 14:20 ` Lev Olshvang
2018-11-24 16:55 ` Lev Olshvang
2018-11-24 16:55 ` Lev Olshvang
2018-11-26 3:26 ` valdis.kletnieks at vt.edu [this message]
2018-11-26 3:26 ` valdis.kletnieks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=134786.1543202801@turing-police.cc.vt.edu \
--to=valdis.kletnieks@vt.edu \
--cc=kernelnewbies@kernelnewbies.org \
--cc=levonshe@yandex.com \
--cc=linux-il@cs.huji.ac.il \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).