Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
From: David Howells <dhowells@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: dhowells@redhat.com, viro@zeniv.linux.org.uk,
	Casey Schaufler <casey@schaufler-ca.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	nicolas.dichtel@6wind.com, raven@themaw.net,
	Christian Brauner <christian@brauner.io>,
	keyrings@vger.kernel.org, linux-usb@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org,
	linux-block@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 10/11] selinux: Implement the watch_key security hook [ver #6]
Date: Thu, 29 Aug 2019 20:11:57 +0100
Message-ID: <14149.1567105917@warthog.procyon.org.uk> (raw)
In-Reply-To: <03eb0974-3996-f356-5fbe-17cf598b0e31@tycho.nsa.gov>

Stephen Smalley <sds@tycho.nsa.gov> wrote:

> Can watch->cred ever differ from current's cred here?  If not, why can't we
> just use current_sid() here

Um.  Not currently.  I'm not sure whether its ever likely to be otherwise.
Probably we could just use that and fix it up later if we do find otherwise.

> and why do we need the watch object at all?

It carries more than just the creds for the caller of keyctl_watch_key(), it
also carries information about the queue to which notifications will be
written, including the creds that were active when that was set up.

Note that there's no requirement that the process that opened /dev/watch_queue
be the one that sets the watch.  In the keyutils testsuite, I 'leak' a file
descriptor from the session wrangler into the program that it runs so that
tests running inside the test script can add watches to it.

David

  parent reply index

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-29 18:29 [PATCH 00/11] Keyrings, Block and USB notifications " David Howells
2019-08-29 18:29 ` [PATCH 01/11] uapi: General notification ring definitions " David Howells
2019-08-29 18:30 ` [PATCH 02/11] security: Add hooks to rule on setting a watch " David Howells
2019-08-29 18:30 ` [PATCH 03/11] security: Add a hook for the point of notification insertion " David Howells
2019-08-29 18:30 ` [PATCH 04/11] General notification queue with user mmap()'able ring buffer " David Howells
2019-08-29 18:30 ` [PATCH 05/11] keys: Add a notification facility " David Howells
2019-08-29 18:30 ` [PATCH 06/11] Add a general, global device notification watch list " David Howells
2019-08-29 18:30 ` [PATCH 07/11] block: Add block layer notifications " David Howells
2019-08-29 18:31 ` [PATCH 08/11] usb: Add USB subsystem " David Howells
2019-08-29 18:31 ` [PATCH 09/11] Add sample notification program " David Howells
2019-08-29 18:31 ` [PATCH 10/11] selinux: Implement the watch_key security hook " David Howells
2019-08-29 18:44   ` Stephen Smalley
2019-08-29 19:11   ` David Howells [this message]
2019-08-29 18:31 ` [PATCH 11/11] smack: Implement the watch_key and post_notification hooks [untested] " David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=14149.1567105917@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=casey@schaufler-ca.com \
    --cc=christian@brauner.io \
    --cc=gregkh@linuxfoundation.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=nicolas.dichtel@6wind.com \
    --cc=raven@themaw.net \
    --cc=sds@tycho.nsa.gov \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git