From: Chris PeBenito <pebenito@ieee.org>
To: Paul Moore <paul@paul-moore.com>, Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov
Subject: Re: [RFC][PATCH] selinux: Introduce a policy capability and permission for NNP transitions
Date: Wed, 12 Jul 2017 20:27:27 -0400 [thread overview]
Message-ID: <7596a965-4283-94ae-eb34-796e5979f288@ieee.org> (raw)
In-Reply-To: <CAHC9VhTYY-3po8KzYCAKqYX-t2EkMo548dOu2ufe3MODQ=V3QA@mail.gmail.com>
On 07/12/2017 05:38 PM, Paul Moore wrote:
> On Wed, Jul 12, 2017 at 9:26 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> On Tue, 2017-07-11 at 17:00 -0400, Paul Moore wrote:
>>> On Mon, Jul 10, 2017 at 4:25 PM, Stephen Smalley <sds@tycho.nsa.gov>
>>> wrote:
> While I think splitting the NNP/nosuid transition restrictions might
> be a good idea under the new policy capability, I'm not sure it is
> worth the cost of a "process2" object class.
>
> With that in mind, let's do two things with this patch:
>
> * Mention the nosuid restrictions in the patch description. It
> doesn't need much text, but something would be good so we have
> documentation in the git log.
>
> * Let's pick a new permission name that is not specific to NNP or
> nosuid. IMHO, nnpnosuid_transition is ... less than good.
> Unfortunately, I'm not sure I'm much better at picking names; how
> about "protected_transition"? "restricted_transition"?
> "enable_transition"? "override_transition"?
I vote for nnp_transition anyway. "No New Privileges" encompasses
nosuid in my mind. If the two perms had been separated I would have
been inclined to allow both every time one of them was needed, to make
sure no one was surprised by the behavior difference.
--
Chris PeBenito
next prev parent reply other threads:[~2017-07-13 0:27 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-10 20:25 [RFC][PATCH] selinux: Introduce a policy capability and permission for NNP transitions Stephen Smalley
2017-07-11 19:52 ` Stephen Smalley
2017-07-11 20:05 ` Dominick Grift
2017-07-11 20:10 ` Dominick Grift
2017-07-11 20:23 ` Stephen Smalley
2017-07-11 20:44 ` Dominick Grift
2017-07-12 13:01 ` Stephen Smalley
2017-07-12 13:30 ` Dominick Grift
2017-07-12 13:38 ` Dominick Grift
2017-07-12 13:42 ` Dominick Grift
2017-07-12 13:52 ` Stephen Smalley
2017-07-12 13:51 ` Stephen Smalley
2017-07-11 21:00 ` Paul Moore
2017-07-12 13:26 ` Stephen Smalley
2017-07-12 21:38 ` Paul Moore
2017-07-13 0:27 ` Chris PeBenito [this message]
2017-07-13 12:44 ` Stephen Smalley
2017-07-13 13:25 ` Paul Moore
2017-07-13 15:48 ` Stephen Smalley
2017-07-13 15:59 ` Stephen Smalley
2017-07-13 16:55 ` Dominick Grift
2017-07-13 18:13 ` Stephen Smalley
2017-07-13 18:16 ` Dominick Grift
2017-07-13 18:50 ` Dominick Grift
2017-07-13 19:29 ` Stephen Smalley
2017-07-13 19:28 ` Dominick Grift
2017-07-13 19:43 ` Dominick Grift
2017-07-13 19:59 ` Stephen Smalley
2017-07-13 20:11 ` Dominick Grift
2017-07-13 23:55 ` Chris PeBenito
2017-07-14 6:43 ` Dominick Grift
2017-07-13 20:15 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7596a965-4283-94ae-eb34-796e5979f288@ieee.org \
--to=pebenito@ieee.org \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.