[redhat-lspp] LSPP Development Telecon 11/28/2005 Minutes
Steve Grubb
sgrubb at redhat.com
Tue Nov 29 14:50:32 UTC 2005
On Tuesday 29 November 2005 09:31, Stephen Smalley wrote:
> Not sure where this idea originated, but changing SIDs is neither
> necessary nor desirable for audit by role.
I've been thinking about this problem since its not being solved. I was hoping
to discuss this idea. My concern is that strcmp will not be accepted as its
too slow. I was thinking that if we could get it down to an "and" operation
and a compare, it will be high performance.
> 1) pass the filter rule to SELinux to compile to an internal form (this
> _may_ include conversion to an integer id value for the role, but that
> isn't the same as the SID), and later call SELinux when the filter rule
> needs to be evaluated, or
How easy is this? Is this a performance hit? It will affect every single
syscall.
> 2) retain the rule with the role still in string form, and only use
> SELinux to split security contexts into components as needed to compare
> the strings.
I'm thinking this is not going to be acceptable due to performance. This
affects every single syscall.
The basic idea that I was thinking about was to loosely add meaning to the SID
- a bit map perhaps. Not a strict definition of say bits 4-8 will always be
the role...but a loose definition where the compiler looks to see how many
roles are actually called for and how many bits it takes to express that.
Then an interface would be needed to get that bit map. auditctl code would
query selinux to see what the role definition is. The kernel would then "and"
with bit mask, shift bits, and compare to see if its a role we want.
Whatever we do needs to be high performance.
-Steve
More information about the redhat-lspp
mailing list