linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Dr. Greg" <greg@enjellic.com>
To: "Serge Hallyn (shallyn)" <shallyn@cisco.com>
Cc: "linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 04/14] Implement CAP_TRUST capability.
Date: Fri, 10 Feb 2023 18:32:51 -0600	[thread overview]
Message-ID: <20230211003251.GA32521@wind.enjellic.com> (raw)
In-Reply-To: <Y+E4pe8T7Z1ekJqo@jerom>

On Mon, Feb 06, 2023 at 05:28:06PM +0000, Serge Hallyn (shallyn) wrote:
> On Fri, Feb 03, 2023 at 11:09:44PM -0600, Dr. Greg wrote:
> > TSEM was designed to support a Trust Orchestration System (TOS)
> > security architecture.  A TOS based system uses the concept of a
> > minimum Trusted Computing Base of utilities, referred to as trust
> > orchestrators, that maintain workloads in a trusted execution
> > state.  The trust orchestrators are thus, from a security
> > perspective, the most privileged assets on the platform.
> > 
> > Introduce the CAP_TRUST capability that is defined as a
> > capability that allows a process to alter the trust status of the

> This sounds like CAP_MAC_ADMIN.  Any reason not to re-use that?

Hi Serge, thanks for passing along the question.

Casey raised the same issue, will respond in more detail in a reply to
his e-mail.

Have a good weekend.

As always,
Dr. Greg

The Quixote Project - Flailing at the Travails of Cybersecurity

  reply	other threads:[~2023-02-11  0:33 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-04  5:09 [PATCH 00/14] Implement Trusted Security Event Modeling Dr. Greg
2023-02-04  5:09 ` [PATCH 01/14] Update MAINTAINERS file Dr. Greg
2023-02-04  5:09 ` [PATCH 02/14] Add TSEM specific documentation Dr. Greg
2023-02-09 11:47   ` Greg KH
2023-02-09 23:47     ` Dr. Greg
2023-02-13  4:33   ` Paul Moore
2023-02-14 11:58     ` Dr. Greg
2023-02-14 12:18       ` Roberto Sassu
2023-02-15 16:26         ` Dr. Greg
2023-03-03  4:15       ` Paul Moore
2023-03-13 22:52         ` Dr. Greg
2023-03-22 23:45           ` Paul Moore
2023-03-30  3:34             ` Dr. Greg
2023-04-05 20:45               ` Paul Moore
2023-04-07 14:10                 ` Dr. Greg
2023-02-04  5:09 ` [PATCH 03/14] Add magic number for tsemfs Dr. Greg
2023-02-04  5:09 ` [PATCH 04/14] Implement CAP_TRUST capability Dr. Greg
2023-02-06 17:28   ` Serge Hallyn (shallyn)
2023-02-11  0:32     ` Dr. Greg [this message]
     [not found]   ` <a12483d1-9d57-d429-789b-9e47ff575546@schaufler-ca.com>
2023-02-13 11:43     ` Dr. Greg
2023-02-13 18:02       ` Casey Schaufler
2023-02-16 21:47         ` Dr. Greg
2023-02-04  5:09 ` [PATCH 05/14] Add TSEM master header file Dr. Greg
     [not found]   ` <ecb168ef-b82d-fd61-f2f8-54a4ef8c3b48@schaufler-ca.com>
2023-02-06  0:10     ` Dr. Greg
2023-02-04  5:09 ` [PATCH 06/14] Add primary TSEM implementation file Dr. Greg
2023-02-04  5:09 ` [PATCH 07/14] Add root domain trust implementation Dr. Greg
2023-02-04  5:09 ` [PATCH 08/14] Implement TSEM control plane Dr. Greg
2023-02-09 11:30   ` Greg KH
2023-02-11  0:18     ` Dr. Greg
2023-02-11 10:59       ` Greg KH
2023-02-12  6:54         ` Dr. Greg
2023-02-16  6:53           ` Greg KH
2023-02-18 18:03             ` Dr. Greg
2023-02-04  5:09 ` [PATCH 09/14] Add namespace implementation Dr. Greg
2023-02-04  5:09 ` [PATCH 10/14] Add security event description export facility Dr. Greg
2023-02-04  5:09 ` [PATCH 11/14] Add event description implementation Dr. Greg
2023-02-04  5:09 ` [PATCH 12/14] Implement security event mapping Dr. Greg
2023-02-04  5:09 ` [PATCH 13/14] Implement an internal Trusted Modeling Agent Dr. Greg
2023-02-04  5:09 ` [PATCH 14/14] Activate the configuration and build of the TSEM LSM Dr. Greg
2023-02-08 22:15   ` Casey Schaufler
2023-02-09 22:21     ` Dr. Greg
     [not found] ` <20230204115917.1015-1-hdanton@sina.com>
2023-02-23 18:41   ` [PATCH 09/14] Add namespace implementation Dr. Greg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230211003251.GA32521@wind.enjellic.com \
    --to=greg@enjellic.com \
    --cc=linux-security-module@vger.kernel.org \
    --cc=shallyn@cisco.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).