[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Audit, LSM, SELinux, and Smack

On Wed, 2007-07-25 at 13:19 -0700, Casey Schaufler wrote:
> I'm looking at getting audit into my Smack LSM module.
> Stephen Smalley has suggested, and I concur, that this
> may be the time to convert audit from using SELinux
> specific interfaces to LSM based interfaces.
> Before I start blasting away with patches, I want to
> check and see if anyone else is looking into this.
> There's a good chunk of work to be done for LSM, audit,
> SELinux, and Smack.

Also netlink, if you need/want to be able to save the sending task's
label at send time for later use for permission checking and auditing at
receive time.  At present, netlink_sendmsg() calls
selinux_get_task_sid() to save the sending task SID in the
netlink_skb_parms struct, and that SID is later extracted by
selinux_netlink_recv and audit_receive_msg.  That parallels what happens
with the eff_cap set and the loginuid.

>  I also want to be sure that no one
> will take umberage with the notion.

At some point, objections may arise that the changes are too invasive or
costly, or that they aren't justified until such a time as it is shown
that smack or another user is actually going to be merged.  But in
abstract, I don't have a problem with converting these over to using LSM
hooks (as long as LSM remains).  What makes it a little harder is that
smack has no equivalent to a sid/secid, just the full labels (albeit
those are small and fixed size).

Stephen Smalley
National Security Agency

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]