From: Stephen Smalley <sds@epoch.ncsc.mil>
To: richard offer <offer@sgi.com>
Cc: Andreas Gruenbacher <ag@bestbits.at>,
Linus Torvalds <torvalds@transmeta.com>,
lsm <linux-security-module@wirex.com>, "Ted Ts'o" <tytso@mit.edu>,
lkml <linux-kernel@vger.kernel.org>,
Stephen Tweedie <sct@redhat.com>
Subject: Re: [RFC][PATCH] Extended Attributes for Security Modules
Date: 15 Apr 2003 14:19:39 -0400 [thread overview]
Message-ID: <1050430776.1051.137.camel@moss-huskers.epoch.ncsc.mil> (raw)
In-Reply-To: <385390000.1050425884@changeling.engr.sgi.com>
On Tue, 2003-04-15 at 12:58, richard offer wrote:
> I see modules as empheral, but attritbutes as permanant. If I'm running one
> LSM module, I reboot and use a different LSM module, what happens to the
> attributes that the first module added to the file ?
I'm not going to switch between a SELinux "module" and a non-SELinux
"module" or vice versa without relabeling the filesystem to an
appropriate initial state of security labels that is meaningful to the
"module" I want to use. I also wouldn't be performing such switching at
all on any real systems.
> Either we should guarantee that modules only touch attributes they know
> about---ignoring all others (but not overwriting them), or we have separate
> namespaces for each module's attributes.
A security module can sanity check the first few bytes of the attribute
value if it desires, and handle a mismatch as it desires. That is a
policy issue and up to the module writer.
You also need to consider the implications for userspace of using a
separate attribute name for each security module. Do you really want to
maintain your own patches for all of the utilities to let users get and
set file security labels using your attribute name? Note that we can
add or remove security attributes to/from the SELinux security context
without requiring changes to our patches for the utilities; the utility
patches don't have to be tied to a specific security model.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
next prev parent reply other threads:[~2003-04-15 18:07 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-10 12:06 [RFC][PATCH] Extended Attributes for Security Modules Stephen Smalley
2003-04-13 22:57 ` Andreas Gruenbacher
2003-04-15 13:41 ` Stephen Smalley
2003-04-15 16:58 ` richard offer
2003-04-15 18:19 ` Stephen Smalley [this message]
2003-04-16 13:47 ` Stephen Smalley
2003-04-16 22:02 ` richard offer
2003-04-17 4:24 ` Stephen Smalley
2003-04-17 20:30 ` Chris Wright
2003-04-17 20:53 ` richard offer
2003-04-18 1:07 ` Chris Wright
-- strict thread matches above, loose matches on Subject: below --
2003-04-15 18:33 Chuck Ebbert
2003-04-15 18:56 ` Chris Wright
2003-04-08 20:26 Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1050430776.1051.137.camel@moss-huskers.epoch.ncsc.mil \
--to=sds@epoch.ncsc.mil \
--cc=ag@bestbits.at \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=offer@sgi.com \
--cc=sct@redhat.com \
--cc=torvalds@transmeta.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).