From: "Dr. Greg" <greg@enjellic.com>
To: linux-security-module@vger.kernel.org
Subject: [PATCH 04/14] Implement CAP_TRUST capability.
Date: Fri, 3 Feb 2023 23:09:44 -0600 [thread overview]
Message-ID: <20230204050954.11583-5-greg@enjellic.com> (raw)
In-Reply-To: <20230204050954.11583-1-greg@enjellic.com>
TSEM was designed to support a Trust Orchestration System (TOS)
security architecture. A TOS based system uses the concept of a
minimum Trusted Computing Base of utilities, referred to as trust
orchestrators, that maintain workloads in a trusted execution
state. The trust orchestrators are thus, from a security
perspective, the most privileged assets on the platform.
Introduce the CAP_TRUST capability that is defined as a
capability that allows a process to alter the trust status of the
platform. In a fully trust orchestrated system only the
orchestrators carry this capability bit.
In TSEM the CAP_TRUST capability allows the holder to access the
control plane of the LSM. This ability allows subordinate
modeling domains to be created and managed. Most principally the
CAP_TRUST capability allows the holder to designate whether or
not a process should be trusted or untrusted.
The proposed Integrity Measurement Architecture namespaces would
also be a candidate to use the CAP_TRUST capability.
Signed-off-by: Greg Wettstein <greg@enjellic.com>
---
include/uapi/linux/capability.h | 6 +++++-
security/selinux/include/classmap.h | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index 3d61a0ae055d..af677b534949 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -417,7 +417,11 @@ struct vfs_ns_cap_data {
#define CAP_CHECKPOINT_RESTORE 40
-#define CAP_LAST_CAP CAP_CHECKPOINT_RESTORE
+/* Allow modifications to the trust status of the system */
+
+#define CAP_TRUST 41
+
+#define CAP_LAST_CAP CAP_TRUST
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index a3c380775d41..e8c497c16271 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -30,7 +30,7 @@
"wake_alarm", "block_suspend", "audit_read", "perfmon", "bpf", \
"checkpoint_restore"
-#if CAP_LAST_CAP > CAP_CHECKPOINT_RESTORE
+#if CAP_LAST_CAP > CAP_TRUST
#error New capability defined, please update COMMON_CAP2_PERMS.
#endif
--
2.39.1
next prev parent reply other threads:[~2023-02-04 5:32 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-04 5:09 [PATCH 00/14] Implement Trusted Security Event Modeling Dr. Greg
2023-02-04 5:09 ` [PATCH 01/14] Update MAINTAINERS file Dr. Greg
2023-02-04 5:09 ` [PATCH 02/14] Add TSEM specific documentation Dr. Greg
2023-02-09 11:47 ` Greg KH
2023-02-09 23:47 ` Dr. Greg
2023-02-13 4:33 ` Paul Moore
2023-02-14 11:58 ` Dr. Greg
2023-02-14 12:18 ` Roberto Sassu
2023-02-15 16:26 ` Dr. Greg
2023-03-03 4:15 ` Paul Moore
2023-03-13 22:52 ` Dr. Greg
2023-03-22 23:45 ` Paul Moore
2023-03-30 3:34 ` Dr. Greg
2023-04-05 20:45 ` Paul Moore
2023-04-07 14:10 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 03/14] Add magic number for tsemfs Dr. Greg
2023-02-04 5:09 ` Dr. Greg [this message]
2023-02-06 17:28 ` [PATCH 04/14] Implement CAP_TRUST capability Serge Hallyn (shallyn)
2023-02-11 0:32 ` Dr. Greg
[not found] ` <a12483d1-9d57-d429-789b-9e47ff575546@schaufler-ca.com>
2023-02-13 11:43 ` Dr. Greg
2023-02-13 18:02 ` Casey Schaufler
2023-02-16 21:47 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 05/14] Add TSEM master header file Dr. Greg
[not found] ` <ecb168ef-b82d-fd61-f2f8-54a4ef8c3b48@schaufler-ca.com>
2023-02-06 0:10 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 06/14] Add primary TSEM implementation file Dr. Greg
2023-02-04 5:09 ` [PATCH 07/14] Add root domain trust implementation Dr. Greg
2023-02-04 5:09 ` [PATCH 08/14] Implement TSEM control plane Dr. Greg
2023-02-09 11:30 ` Greg KH
2023-02-11 0:18 ` Dr. Greg
2023-02-11 10:59 ` Greg KH
2023-02-12 6:54 ` Dr. Greg
2023-02-16 6:53 ` Greg KH
2023-02-18 18:03 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 09/14] Add namespace implementation Dr. Greg
2023-02-04 5:09 ` [PATCH 10/14] Add security event description export facility Dr. Greg
2023-02-04 5:09 ` [PATCH 11/14] Add event description implementation Dr. Greg
2023-02-04 5:09 ` [PATCH 12/14] Implement security event mapping Dr. Greg
2023-02-04 5:09 ` [PATCH 13/14] Implement an internal Trusted Modeling Agent Dr. Greg
2023-02-04 5:09 ` [PATCH 14/14] Activate the configuration and build of the TSEM LSM Dr. Greg
2023-02-08 22:15 ` Casey Schaufler
2023-02-09 22:21 ` Dr. Greg
[not found] ` <20230204115917.1015-1-hdanton@sina.com>
2023-02-23 18:41 ` [PATCH 09/14] Add namespace implementation Dr. Greg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230204050954.11583-5-greg@enjellic.com \
--to=greg@enjellic.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.