From: Golden_Miller83@protonmail.ch (Jordan Glover)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v1 00/22] LSM: Full security module stacking
Date: Tue, 14 Aug 2018 23:22:03 +0000 [thread overview]
Message-ID: <kubjHWMWfFDu8Rk19x79iMDKVbewTUMWwSjOA7vFGIbYsWYcGb50jb-Z-PSXxmcby3ZFMZWi0HCeuFgo3F8BRskxo_JUdSHFhdIsIlBxHyQ=@protonmail.ch> (raw)
In-Reply-To: <a287800e-bd4d-2b99-8c4c-bd61ba87fab1@schaufler-ca.com>
On August 14, 2018 8:28 PM, Casey Schaufler <casey@schaufler-ca.com> wrote:
> On 8/14/2018 10:05 AM, Sargun Dhillon wrote:
>
> > On Mon, Jul 16, 2018 at 10:53 AM, Casey Schaufler
> > casey at schaufler-ca.com wrote:
> >
> > > LSM: Full security module stacking
> > > I'm calling this v1 not because it's the first version
> > > I've put out but because it's the first version I'm getting
> > > serious external pressure to get upstream.
> > > Awesome work, I'm glad that this is getting further.
>
> It's following the 90/90 rule pretty closely. The first
> 90% of the work took 90% of the time, and the last 10% is
> taking the other 90% of the time.
>
> > > The blob management part (through "LSM: Sharing of security blobs")
> > > is ready for prime-time. These changes move the management of
> > > security blobs out of the security modules and into the security
> > > module infrastructure. With this change the proposed S.A.R.A,
> > > LandLock and PTAGS security modules could co-exist with any of
> > > the existing "major" security modules. The changes reduce some
> > > code duplication.
> > > Beyond the blob management there's a bit of clean-up.
> > > Mounting filesystems had to be changed so that options
> > > a security module doesn't recognize won't be considered
> > > a fatal error. The mount infrastructure is somewhat
> > > more complex than one might assume.
> >
> > Casey,
> > Do you think you can break out 1 into its own patch? It seems like
> > that'd be valuable to everyone.
>
> Yes, I think that is a good idea. Landlock, S.A.R.A. and a couple
> other security modules could be added upstream if this part of the
> work was available. It would not provide everything needed to stack
> all the existing modules. I believe there is concern that if this
> much went upstream the work on finishing what's required to make
> everything work might be abandoned.
>
On the other hand there is concern that those security modules might
be abandoned if they have to wait until everything is finished :)
> > What's your thought here if we ever introduce dynamic security
> > modules? It's nice that we now have a way around rolling back blobs if
> > one fails, but what if a new module was activated, would we just
> > resize the slab cache?
>
> Making the blob size dynamic at run time makes the blob management
> more complicated because you have to keep track of the modules in
> play when the blob was allocated, and pay attention to that when hooks
> are called. It's a lot simpler if you don't let blobs get smaller,
> but still requires more bookkeeping than if the size is static. It
> is completely doable. I have played with it a bit. There are performance
> implications.
Jordan
next prev parent reply other threads:[~2018-08-14 23:22 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-16 17:53 [PATCH v1 00/22] LSM: Full security module stacking Casey Schaufler
2018-07-16 18:22 ` [PATCH v1 01/22] procfs: add smack subdir to attrs Casey Schaufler
2018-07-16 18:22 ` [PATCH v1 02/22] Smack: Abstract use of cred security blob Casey Schaufler
2018-07-16 18:22 ` [PATCH v1 03/22] SELinux: " Casey Schaufler
2018-07-16 18:22 ` [PATCH v1 04/22] LSM: Infrastructure management of the " Casey Schaufler
2018-07-16 18:22 ` [PATCH v1 05/22] SELinux: Abstract use of file " Casey Schaufler
2018-07-16 18:22 ` [PATCH v1 06/22] LSM: Infrastructure management of the " Casey Schaufler
2018-07-16 18:23 ` [PATCH v1 07/22] LSM: Infrastructure management of the task " Casey Schaufler
2018-07-16 18:23 ` PATCH v1 08/22] SELinux: Abstract use of inode " Casey Schaufler
2018-07-16 18:23 ` [PATCH v1 09/22] Smack: " Casey Schaufler
2018-07-16 18:23 ` [PATCH v1 10/22] LSM: Infrastructure management of the inode security Casey Schaufler
2018-07-16 18:23 ` [PATCH v1 11/22] LSM: Infrastructure management of the superblock security blob Casey Schaufler
2018-07-16 18:23 ` [PATCH v1 12/22] LSM: Infrastructure management of the sock security Casey Schaufler
2018-07-16 18:23 ` [PATCH v1 13/22] LSM: Infrastructure management of the ipc security blob Casey Schaufler
2018-07-16 18:23 ` [PATCH v1 14/22] LSM: Infrastructure management of the key " Casey Schaufler
2018-07-16 18:24 ` [PATCH v1 15/22] LSM: Mark security blob allocation failures as unlikely Casey Schaufler
2018-07-16 18:24 ` [PATCH v1 16/22] LSM: Sharing of security blobs Casey Schaufler
2018-07-16 18:24 ` [PATCH v1 17/22] LSM: Allow mount options from multiple security modules Casey Schaufler
2018-07-16 18:24 ` [PATCH v1 18/22] LSM: Use multiple secids in security module interfaces Casey Schaufler
2018-07-16 18:24 ` [PATCH v1 19/22] LSM: Use multiple secids in LSM interfaces Casey Schaufler
2018-07-16 18:24 ` [PATCH v1 20/22] Move common usercopy into security_getpeersec_stream Casey Schaufler
[not found] ` <CGME20180803091011eucas1p29e46a12d1986f11e63547ea1ec8e8663@eucas1p2.samsung.com>
2018-08-03 9:10 ` Piotr Sawicki
2018-08-03 15:27 ` Casey Schaufler
2018-07-16 18:24 ` [PATCH v1 21/22] LSM: Multiple concurrent major security modules Casey Schaufler
[not found] ` <CGME20181009140944eucas1p1b935c2b8b2534cb15e36d28b7f9b134b@eucas1p1.samsung.com>
2018-10-09 14:09 ` Piotr Sawicki
2018-07-16 18:24 ` [PATCH v1 22/22] Netfilter: Add a selection for Smack Casey Schaufler
2018-07-16 18:28 ` [PATCH v1 00/22] LSM: Full security module stacking Casey Schaufler
2018-07-16 18:53 ` James Morris
2018-07-16 19:49 ` Casey Schaufler
2018-08-14 17:05 ` Sargun Dhillon
2018-08-14 18:28 ` Casey Schaufler
2018-08-14 23:22 ` Jordan Glover [this message]
2018-08-14 23:50 ` Casey Schaufler
2018-08-15 5:19 ` Kees Cook
2018-08-16 16:05 ` Salvatore Mesoraca
2018-08-22 9:59 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='kubjHWMWfFDu8Rk19x79iMDKVbewTUMWwSjOA7vFGIbYsWYcGb50jb-Z-PSXxmcby3ZFMZWi0HCeuFgo3F8BRskxo_JUdSHFhdIsIlBxHyQ=@protonmail.ch' \
--to=golden_miller83@protonmail.ch \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).