From: Casey Schaufler <casey@schaufler-ca.com>
To: Stephen Smalley <sds@tycho.nsa.gov>,
jmorris@namei.org, linux-security-module@vger.kernel.org,
selinux@vger.kernel.org
Cc: keescook@chromium.org, john.johansen@canonical.com,
penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com
Subject: Re: [PATCH 00/97] LSM: Complete module stacking
Date: Fri, 1 Mar 2019 09:06:59 -0800 [thread overview]
Message-ID: <92e75397-13a6-c048-e667-7a4f71879807@schaufler-ca.com> (raw)
In-Reply-To: <c334385a-89e8-169a-3e92-4b816145391d@tycho.nsa.gov>
On 3/1/2019 6:17 AM, Stephen Smalley wrote:
> On 2/28/19 5:17 PM, Casey Schaufler wrote:
>> This is a preliminary version of the complete stacking
>> implementation. The patches need to be cleaned up, and
>> several are not strictly necessary. There is likely to
>> be work required in the audit sub-system. It does address
>> all the shared data, including CIPSO headers. It should
>> handle CALIPSO once Smack supports it. I will be revising
>> the set after 5.1.
>>
>> Complete the transition from module based blob management
>> to infrastructure based blob management. This includes
>> the socket, superblock and key blobs.
>>
>> Change the LSM infrastructure from exposing secids to
>> exposing an opaque "lsm_export" structure that can contain
>> information for multiple active security modules. Update
>> all of the security modules to use information from the
>> lsm_export structure. Update the LSM interfaces that expose
>> secids for more than one module to use the export structure.
>> Update all the users of these interfaces.
>>
>> Change the LSM infrastructure from using a string/size pair
>> for security "contexts" to a "lsm_context" structure that
>> can represent information for multiple modules. This contains
>> information that allows the "context" to be properly freed
>> regardless of where it is allocated and where it is used.
>>
>> Add an interface to identify which security module data
>> should be presented with SO_PEERSEC. /proc/.../attr/display
>> will set and report the name of the LSM for which the
>> security_secid_to_secctx() will use to translate to text.
>> If it is not explicitly set, the first security module that
>> supplies secid (now lsm_export) interfaces will be used.
>> To ensure consistency, a set of module hooks dealing with
>> the secid/context processing is maintained with each process
>> that explicitly sets it.
>>
>> Before sending a network packet verify that all interested
>> security modules agree on the labeling. Fail if the labeling
>> cannot be reconciled. This requires a new Netlabel interface
>> to compare proposed labels, and a change to the return values
>> from the existing netlabel attribute setting functions.
>
> Have you run any benchmarks to assess the performance impact of these
> changes?
Nothing I can publish. Benchmarking is getting close
to the top of the list.
next prev parent reply other threads:[~2019-03-01 17:07 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-28 22:17 [PATCH 00/97] LSM: Complete module stacking Casey Schaufler
2019-02-28 22:17 ` [PATCH 01/97] LSM: Infrastructure management of the superblock Casey Schaufler
2019-03-01 14:02 ` Edwin Zimmerman
2019-03-01 16:50 ` Casey Schaufler
2019-02-28 22:17 ` [PATCH 02/97] LSM: Infrastructure management of the sock security Casey Schaufler
2019-02-28 22:17 ` [PATCH 03/97] LSM: Infrastructure management of the key security blob Casey Schaufler
2019-02-28 22:18 ` [PATCH 04/97] SCAFFOLD: Move sock_graft out of sock.h Casey Schaufler
2019-02-28 22:18 ` [PATCH 05/97] LSM: Create an lsm_export data structure Casey Schaufler
2019-03-01 14:00 ` Stephen Smalley
2019-03-01 16:46 ` Casey Schaufler
2019-02-28 22:18 ` [PATCH 06/97] LSM: Use lsm_export in the inode_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 07/97] SCAFFOLD: Move security.h out of route.h Casey Schaufler
2019-02-28 22:18 ` [PATCH 08/97] LSM: Use lsm_export in the cred_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 09/97] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 10/97] LSM: Use lsm_export in the sk_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 11/97] LSM: Use lsm_export in the kernel_ask_as hooks Casey Schaufler
2019-03-01 14:59 ` Edwin Zimmerman
2019-03-01 16:59 ` Casey Schaufler
2019-02-28 22:18 ` [PATCH 12/97] LSM: Use lsm_export in the getpeersec_dgram hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 13/97] LSM: Use lsm_export in the audit_rule_match hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 14/97] LSM: Fix logical operation in lsm_export checks Casey Schaufler
2019-02-28 22:18 ` [PATCH 15/97] LSM: Use lsm_export in the secid_to_secctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 16/97] LSM: Use lsm_export in the secctx_to_secid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 17/97] LSM: Use lsm_export in security_audit_rule_match Casey Schaufler
2019-02-28 22:18 ` [PATCH 18/97] LSM: Use lsm_export in security_kernel_act_as Casey Schaufler
2019-02-28 22:18 ` [PATCH 19/97] LSM: Use lsm_export in security_socket_getpeersec_dgram Casey Schaufler
2019-02-28 22:18 ` [PATCH 20/97] LSM: Use lsm_export in security_secctx_to_secid Casey Schaufler
2019-02-28 22:18 ` [PATCH 21/97] LSM: Use lsm_export in security_secid_to_secctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 22/97] LSM: Use lsm_export in security_ipc_getsecid Casey Schaufler
2019-02-28 22:18 ` [PATCH 23/97] LSM: Use lsm_export in security_task_getsecid Casey Schaufler
2019-02-28 22:18 ` [PATCH 24/97] LSM: FIXUP - security_secctx_to_secid Casey Schaufler
2019-02-28 22:18 ` [PATCH 25/97] LSM: FIXUP - security_secid_to_secctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 26/97] LSM: Use lsm_export in security_inode_getsecid Casey Schaufler
2019-02-28 22:18 ` [PATCH 27/97] LSM: Use lsm_export in security_cred_getsecid Casey Schaufler
2019-02-28 22:18 ` [PATCH 28/97] LSM: REVERT Use lsm_export in the sk_getsecid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 29/97] Audit: Change audit_sig_sid to audit_sig_lsm Casey Schaufler
2019-02-28 22:18 ` [PATCH 30/97] Audit: Convert target_sid to an lsm_export structure Casey Schaufler
2019-02-28 22:18 ` [PATCH 31/97] Audit: Convert osid " Casey Schaufler
2019-02-28 22:18 ` [PATCH 32/97] IMA: Clean out lsm_export scaffolding Casey Schaufler
2019-02-28 22:18 ` [PATCH 33/97] NET: Store LSM access information in the socket blob for UDS Casey Schaufler
2019-02-28 22:18 ` [PATCH 34/97] NET: Remove scaffolding on secmarks Casey Schaufler
2019-02-28 22:18 ` [PATCH 35/97] NET: Remove scaffolding on new secmarks Casey Schaufler
2019-02-28 22:18 ` [PATCH 36/97] NET: Remove netfilter scaffolding for lsm_export Casey Schaufler
2019-02-28 22:18 ` [PATCH 37/97] Netlabel: Replace secids with lsm_export Casey Schaufler
2019-02-28 22:18 ` [PATCH 38/97] LSM: Remove lsm_export scaffolding functions Casey Schaufler
2019-02-28 22:18 ` [PATCH 39/97] IMA: FIXUP prototype using lsm_export Casey Schaufler
2019-02-28 22:18 ` [PATCH 40/97] Smack: Restore the release_secctx hook Casey Schaufler
2019-02-28 22:18 ` [PATCH 41/97] AppArmor: Remove unnecessary hook stub Casey Schaufler
2019-02-28 22:18 ` [PATCH 42/97] LSM: Limit calls to certain module hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 43/97] LSM: Create a data structure for a security context Casey Schaufler
2019-02-28 22:18 ` [PATCH 44/97] LSM: Use lsm_context in secid_to_secctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 45/97] LSM: Use lsm_context in secctx_to_secid hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 46/97] LSM: Use lsm_context in inode_getsecctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 47/97] LSM: Use lsm_context in inode_notifysecctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 48/97] LSM: Use lsm_context in dentry_init_security hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 49/97] LSM: Use lsm_context in security_dentry_init_security Casey Schaufler
2019-02-28 22:18 ` [PATCH 50/97] LSM: Use lsm_context in security_inode_notifysecctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 51/97] LSM: Use lsm_context in security_inode_getsecctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 52/97] LSM: Use lsm_context in security_secctx_to_secid Casey Schaufler
2019-02-28 22:18 ` [PATCH 53/97] LSM: Use lsm_context in release_secctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 54/97] LSM: Use lsm_context in security_release_secctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 55/97] LSM: Use lsm_context in security_secid_to_secctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 56/97] fs: remove lsm_context scaffolding Casey Schaufler
2019-02-28 22:18 ` [PATCH 57/97] LSM: Add the release function to the lsm_context Casey Schaufler
2019-02-28 22:18 ` [PATCH 58/97] LSM: Use lsm_context in inode_setsecctx hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 59/97] LSM: Use lsm_context in security_inode_setsecctx Casey Schaufler
2019-02-28 22:18 ` [PATCH 60/97] kernfs: remove lsm_context scaffolding Casey Schaufler
2019-02-28 22:18 ` [PATCH 61/97] LSM: Remove unused macro Casey Schaufler
2019-02-28 22:18 ` [PATCH 62/97] LSM: Special handling for secctx lsm hooks Casey Schaufler
2019-02-28 22:18 ` [PATCH 63/97] SELinux: Use blob offset in current_sid Casey Schaufler
2019-02-28 22:19 ` [PATCH 64/97] LSM: Specify which LSM to display with /proc/self/attr/display Casey Schaufler
2019-02-28 22:19 ` [PATCH 65/97] AppArmor: Remove the exclusive flag Casey Schaufler
2019-02-28 22:19 ` [PATCH 66/97] LSM: Add secmark_relabel_packet to the set of one call hooks Casey Schaufler
2019-02-28 22:19 ` [PATCH 67/97] LSM: Make getting the secmark right cleaner with lsm_export_one_secid Casey Schaufler
2019-02-28 22:19 ` [PATCH 68/97] netfilter: Fix memory leak introduced with lsm_context Casey Schaufler
2019-02-28 22:19 ` [PATCH 69/97] Smack: Consolidate secmark conversions Casey Schaufler
2019-02-28 22:19 ` [PATCH 70/97] netfilter: Remove unnecessary NULL check in lsm_context Casey Schaufler
2019-03-01 14:17 ` [PATCH 00/97] LSM: Complete module stacking Stephen Smalley
2019-03-01 17:06 ` Casey Schaufler [this message]
2019-02-28 22:43 Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=92e75397-13a6-c048-e667-7a4f71879807@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.