* straceing SE Linux @ 2002-02-27 9:47 Russell Coker 2002-02-27 11:31 ` Metrix 2002-02-27 13:53 ` straceing SE Linux Stephen Smalley 0 siblings, 2 replies; 6+ messages in thread From: Russell Coker @ 2002-02-27 9:47 UTC (permalink / raw) To: wakkerma; +Cc: SE Linux I'm working on hacking strace to trace LSM system calls as used by SE Linux. Firstly what name should I use to refer to this syscall? lsm() as the library code uses or security() after the sys_security() definition in the kernel? The next issue is that there is one system call defined for LSM (number 223 on Intel). The first parameter of this call is the id of the security service to manage. I would like to display selinux() for a SE system call lids() for a LIDS call, etc. However it seems that this would require a change to the strace structure. Should I do so, or am I on the wrong track by wanting to display these as different function calls depending on the id parameter? -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read). -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* (no subject) 2002-02-27 9:47 straceing SE Linux Russell Coker @ 2002-02-27 11:31 ` Metrix 2002-02-27 13:36 ` your mail Stephen Smalley 2002-02-27 13:53 ` straceing SE Linux Stephen Smalley 1 sibling, 1 reply; 6+ messages in thread From: Metrix @ 2002-02-27 11:31 UTC (permalink / raw) To: selinux Hey people, just wanted to compliment you on the good job, I will actualy be using RSBAC as it suits my needs a bit better... My question is, what are the diferences of RSBAC [rsbac.org] and SELinux from a technical standpoint? __________________________________________________ Do You Yahoo!? Yahoo! Greetings - Send FREE e-cards for every occasion! http://greetings.yahoo.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: your mail 2002-02-27 11:31 ` Metrix @ 2002-02-27 13:36 ` Stephen Smalley 0 siblings, 0 replies; 6+ messages in thread From: Stephen Smalley @ 2002-02-27 13:36 UTC (permalink / raw) To: Metrix; +Cc: selinux On Wed, 27 Feb 2002, Metrix wrote: > Hey people, just wanted to compliment you on the good > job, I will actualy be using RSBAC as it suits my > needs a bit better... > > My question is, what are the diferences of RSBAC > [rsbac.org] and SELinux from a technical standpoint? This has been previously discussed on the mailing list, and is also summarized in the related work section of the Freenix '01 paper. The mailing list thread starts at http://marc.theaimsgroup.com/?l=selinux&m=98618795624462&w=2 and the Freenix '01 paper is available at http://www.nsa.gov/selinux/freenix01-abs.html. -- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: straceing SE Linux 2002-02-27 9:47 straceing SE Linux Russell Coker 2002-02-27 11:31 ` Metrix @ 2002-02-27 13:53 ` Stephen Smalley 2002-02-27 16:04 ` Russell Coker 1 sibling, 1 reply; 6+ messages in thread From: Stephen Smalley @ 2002-02-27 13:53 UTC (permalink / raw) To: Russell Coker; +Cc: wakkerma, SE Linux On Wed, 27 Feb 2002, Russell Coker wrote: > Firstly what name should I use to refer to this syscall? lsm() as the > library code uses or security() after the sys_security() definition in the > kernel? I'd use the 'security' name, since it is the name used in unistd.h (__NR_security). We were using 'lsm' as the name of the system call before there was any unistd.h definition, and it is now just an alias for the security call. > The next issue is that there is one system call defined for LSM (number 223 > on Intel). The first parameter of this call is the id of the security > service to manage. I would like to display selinux() for a SE system call > lids() for a LIDS call, etc. However it seems that this would require a > change to the strace structure. > > Should I do so, or am I on the wrong track by wanting to display these as > different function calls depending on the id parameter? I'd suggest looking at how strace handles the socketcall call, since the security call is similar to it in form, with an additional module identifier parameter to identify the security module. strace does appear to interpret the call value and the argument array for socketcall, displaying socket operations with the corresponding call name and interpreted argument list. I suppose a first step for making strace aware of security calls would be to translate the 'id' parameter to the security call and display the corresponding module name. However, the longer term goal would be to actually display a name based on both the 'id' and the 'call' parameter and to interpret the argument array based on the (id, call) pair. -- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: straceing SE Linux 2002-02-27 13:53 ` straceing SE Linux Stephen Smalley @ 2002-02-27 16:04 ` Russell Coker 2002-02-27 18:30 ` Stephen Smalley 0 siblings, 1 reply; 6+ messages in thread From: Russell Coker @ 2002-02-27 16:04 UTC (permalink / raw) To: Stephen Smalley; +Cc: wakkerma, SE Linux On Wed, 27 Feb 2002 14:53, Stephen Smalley wrote: > On Wed, 27 Feb 2002, Russell Coker wrote: > > Firstly what name should I use to refer to this syscall? lsm() as the > > library code uses or security() after the sys_security() definition in > > the kernel? > > I'd use the 'security' name, since it is the name used in unistd.h > (__NR_security). We were using 'lsm' as the name of the system call > before there was any unistd.h definition, and it is now just an alias > for the security call. OK. > > The next issue is that there is one system call defined for LSM (number > > 223 on Intel). The first parameter of this call is the id of the > > security service to manage. I would like to display selinux() for a SE > > system call lids() for a LIDS call, etc. However it seems that this > > would require a change to the strace structure. > > > > Should I do so, or am I on the wrong track by wanting to display these as > > different function calls depending on the id parameter? > > I'd suggest looking at how strace handles the socketcall call, since the > security call is similar to it in form, with an additional module > identifier parameter to identify the security module. strace does appear > to interpret the call value and the argument array for socketcall, > displaying socket operations with the corresponding call name and > interpreted argument list. >From inspecting the kernel code and the strace it appears that socketcall doesn't get processed the way you might expect. It appears that for every function that works with socketcall() there is a separate system call for it. So when I strace a socket program on my system it displays the socket(), connect() etc because those system calls are called directly. It appears that my libc does not use socketcall()! I could not find any special handling in the strace source for socketcall, it appears that socketcall() will be displayed as such! Also I'm using strace version 4.4, I grabbed the source from the Debian unstable tree, as Wichert is both upstream author and Debian developer for strace I presume that there is no version of strace that has more capabilities in this regard. Another thing, I just checked out the code for ioctl() and it doesn't help me as the output always matches "^ioctl(". > I suppose a first step for making strace aware of security calls would be > to translate the 'id' parameter to the security call and display the > corresponding module name. However, the longer term goal would be to > actually display a name based on both the 'id' and the 'call' parameter > and to interpret the argument array based on the (id, call) pair. I agree. What I think is necessary is firstly to write code to handle unknown id parameters from the security() system call as security(id = %d, ... Then have code to handle known module IDs but unknown system calls as security(SELINUX, ... (or whatever the name is). Then have code to handle known system calls by the full name. -- If you send email to me or to a mailing list that I use which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: straceing SE Linux 2002-02-27 16:04 ` Russell Coker @ 2002-02-27 18:30 ` Stephen Smalley 0 siblings, 0 replies; 6+ messages in thread From: Stephen Smalley @ 2002-02-27 18:30 UTC (permalink / raw) To: Russell Coker; +Cc: wakkerma, SE Linux On Wed, 27 Feb 2002, Russell Coker wrote: > From inspecting the kernel code and the strace it appears that socketcall > doesn't get processed the way you might expect. It appears that for every > function that works with socketcall() there is a separate system call for it. > So when I strace a socket program on my system it displays the socket(), > connect() etc because those system calls are called directly. It appears > that my libc does not use socketcall()! I could not find any special > handling in the strace source for socketcall, it appears that socketcall() > will be displayed as such! If you look at arch/i386/kernel/entry.S in the kernel tree, you'll see that there are no entrypoints for the individual socket calls. Just for sys_socketcall. Similarly for the System V IPC system calls - they are all multiplexed through sys_ipc. It is true that there are separate library functions for the different calls, but not different system calls. You won't find any definitions for connect and friends in include/asm-i386/unistd.h either. -- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2002-02-27 18:31 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2002-02-27 9:47 straceing SE Linux Russell Coker 2002-02-27 11:31 ` Metrix 2002-02-27 13:36 ` your mail Stephen Smalley 2002-02-27 13:53 ` straceing SE Linux Stephen Smalley 2002-02-27 16:04 ` Russell Coker 2002-02-27 18:30 ` Stephen Smalley
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.