From: "Serge E. Hallyn" <serge@hallyn.com>
To: Nicolas Belouin <nicolas@belouin.fr>
Cc: Jan Kara <jack@suse.com>, Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <yuchao0@huawei.com>,
David Woodhouse <dwmw2@infradead.org>,
Dave Kleikamp <shaggy@kernel.org>,
Mark Fasheh <mfasheh@versity.com>,
Joel Becker <jlbec@evilplan.org>,
Miklos Szeredi <miklos@szeredi.hu>,
Phillip Lougher <phillip@squashfs.org.uk>,
Richard Weinberger <richard@nod.at>,
Artem Bityutskiy <dedekind1@gmail.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge@hallyn.com>, Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>,
linux-ext4@vger.kernel.o
Subject: Re: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED
Date: Sat, 21 Oct 2017 11:03:02 -0500 [thread overview]
Message-ID: <20171021160302.GA2842@mail.hallyn.com> (raw)
In-Reply-To: <20171021134558.21195-1-nicolas@belouin.fr>
Quoting Nicolas Belouin (nicolas@belouin.fr):
> with CAP_SYS_ADMIN being bloated, the usefulness of using it to
> flag a process to be entrusted for e.g reading and writing trusted
> xattr is near zero.
> CAP_TRUSTED aims to provide userland with a way to mark a process as
> entrusted to do specific (not specially admin-centered) actions. It
> would for example allow a process to red/write the trusted xattrs.
You say "for example". Are you intending to add more uses? If so, what
are they? If not, how about renaming it CAP_TRUSTED_XATTR?
What all does allowing writes to trusted xattrs give you? There are
the overlayfs whiteouts, what else?
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Nicolas Belouin <nicolas@belouin.fr>
Cc: Jan Kara <jack@suse.com>, "Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <yuchao0@huawei.com>,
David Woodhouse <dwmw2@infradead.org>,
Dave Kleikamp <shaggy@kernel.org>,
Mark Fasheh <mfasheh@versity.com>,
Joel Becker <jlbec@evilplan.org>,
Miklos Szeredi <miklos@szeredi.hu>,
Phillip Lougher <phillip@squashfs.org.uk>,
Richard Weinberger <richard@nod.at>,
Artem Bityutskiy <dedekind1@gmail.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge@hallyn.com>, Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-fsdevel@vger.kernel.org, linux-mtd@lists.infradead.org,
jfs-discussion@lists.sourceforge.net, ocfs2-devel@oss.oracle.com,
linux-unionfs@vger.kernel.org, reiserfs-devel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
linux-api@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: Re: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED
Date: Sat, 21 Oct 2017 11:03:02 -0500 [thread overview]
Message-ID: <20171021160302.GA2842@mail.hallyn.com> (raw)
In-Reply-To: <20171021134558.21195-1-nicolas@belouin.fr>
Quoting Nicolas Belouin (nicolas@belouin.fr):
> with CAP_SYS_ADMIN being bloated, the usefulness of using it to
> flag a process to be entrusted for e.g reading and writing trusted
> xattr is near zero.
> CAP_TRUSTED aims to provide userland with a way to mark a process as
> entrusted to do specific (not specially admin-centered) actions. It
> would for example allow a process to red/write the trusted xattrs.
You say "for example". Are you intending to add more uses? If so, what
are they? If not, how about renaming it CAP_TRUSTED_XATTR?
What all does allowing writes to trusted xattrs give you? There are
the overlayfs whiteouts, what else?
WARNING: multiple messages have this Message-ID (diff)
From: serge@hallyn.com (Serge E. Hallyn)
To: linux-security-module@vger.kernel.org
Subject: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED
Date: Sat, 21 Oct 2017 11:03:02 -0500 [thread overview]
Message-ID: <20171021160302.GA2842@mail.hallyn.com> (raw)
In-Reply-To: <20171021134558.21195-1-nicolas@belouin.fr>
Quoting Nicolas Belouin (nicolas at belouin.fr):
> with CAP_SYS_ADMIN being bloated, the usefulness of using it to
> flag a process to be entrusted for e.g reading and writing trusted
> xattr is near zero.
> CAP_TRUSTED aims to provide userland with a way to mark a process as
> entrusted to do specific (not specially admin-centered) actions. It
> would for example allow a process to red/write the trusted xattrs.
You say "for example". Are you intending to add more uses? If so, what
are they? If not, how about renaming it CAP_TRUSTED_XATTR?
What all does allowing writes to trusted xattrs give you? There are
the overlayfs whiteouts, what else?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Nicolas Belouin <nicolas@belouin.fr>
Cc: Jan Kara <jack@suse.com>, Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <yuchao0@huawei.com>,
David Woodhouse <dwmw2@infradead.org>,
Dave Kleikamp <shaggy@kernel.org>,
Mark Fasheh <mfasheh@versity.com>,
Joel Becker <jlbec@evilplan.org>,
Miklos Szeredi <miklos@szeredi.hu>,
Phillip Lougher <phillip@squashfs.org.uk>,
Richard Weinberger <richard@nod.at>,
Artem Bityutskiy <dedekind1@gmail.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge@hallyn.com>, Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-fsdevel@vger.kernel.org, linux-mtd@lists.infradead.org,
jfs-discussion@lists.sourceforge.net, ocfs2-devel@oss.oracle.com,
linux-unionfs@vger.kernel.org, reiserfs-devel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
linux-api@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: [kernel-hardening] Re: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED
Date: Sat, 21 Oct 2017 11:03:02 -0500 [thread overview]
Message-ID: <20171021160302.GA2842@mail.hallyn.com> (raw)
In-Reply-To: <20171021134558.21195-1-nicolas@belouin.fr>
Quoting Nicolas Belouin (nicolas@belouin.fr):
> with CAP_SYS_ADMIN being bloated, the usefulness of using it to
> flag a process to be entrusted for e.g reading and writing trusted
> xattr is near zero.
> CAP_TRUSTED aims to provide userland with a way to mark a process as
> entrusted to do specific (not specially admin-centered) actions. It
> would for example allow a process to red/write the trusted xattrs.
You say "for example". Are you intending to add more uses? If so, what
are they? If not, how about renaming it CAP_TRUSTED_XATTR?
What all does allowing writes to trusted xattrs give you? There are
the overlayfs whiteouts, what else?
next prev parent reply other threads:[~2017-10-21 16:03 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-21 13:45 [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED Nicolas Belouin
2017-10-21 13:45 ` [kernel-hardening] " Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` [RFC PATCH 2/2] fs: Grant CAP_TRUSTED rw access to trusted xattrs Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` [kernel-hardening] " Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 13:45 ` Nicolas Belouin
2017-10-21 16:03 ` Serge E. Hallyn [this message]
2017-10-21 16:03 ` [kernel-hardening] Re: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED Serge E. Hallyn
2017-10-21 16:03 ` Serge E. Hallyn
2017-10-21 16:03 ` Serge E. Hallyn
2017-10-21 19:09 ` nicolas
2017-10-21 19:09 ` nicolas at belouin.fr
2017-10-21 19:09 ` nicolas
2017-10-21 19:09 ` nicolas
2017-10-21 19:09 ` nicolas
[not found] ` <20171021160302.GA2842-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-10-21 19:09 ` nicolas-6zwZCx3K5ONGWvitb5QawA
2017-10-21 19:09 ` nicolas
2017-10-21 17:25 ` [kernel-hardening] " Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` [kernel-hardening] " Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
[not found] ` <20171021134558.21195-1-nicolas-6zwZCx3K5ONGWvitb5QawA@public.gmane.org>
2017-10-21 13:45 ` [RFC PATCH 2/2] fs: Grant CAP_TRUSTED rw access to trusted xattrs Nicolas Belouin
2017-10-21 17:25 ` [kernel-hardening] [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
2017-10-21 17:25 ` Casey Schaufler
[not found] ` <d3e1c911-138d-082a-b941-651217d0faf8-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2017-10-21 19:04 ` nicolas-6zwZCx3K5ONGWvitb5QawA
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas at belouin.fr
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas
2017-10-21 19:04 ` nicolas
2017-10-21 17:25 ` Casey Schaufler
-- strict thread matches above, loose matches on Subject: below --
2017-10-21 13:45 Nicolas Belouin
2017-10-21 13:45 Nicolas Belouin
2017-10-21 13:45 Nicolas Belouin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171021160302.GA2842@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=adilger.kernel@dilger.ca \
--cc=adrian.hunter@intel.com \
--cc=dedekind1@gmail.com \
--cc=dwmw2@infradead.org \
--cc=eparis@parisplace.org \
--cc=jack@suse.com \
--cc=jaegeuk@kernel.org \
--cc=james.l.morris@oracle.com \
--cc=jlbec@evilplan.org \
--cc=linux-ext4@vger.kernel.o \
--cc=mfasheh@versity.com \
--cc=miklos@szeredi.hu \
--cc=nicolas@belouin.fr \
--cc=paul@paul-moore.com \
--cc=phillip@squashfs.org.uk \
--cc=richard@nod.at \
--cc=sds@tycho.nsa.gov \
--cc=shaggy@kernel.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.