[redhat-lspp] Objects
James Morris
jmorris at redhat.com
Mon Sep 19 21:25:20 UTC 2005
On Mon, 19 Sep 2005, Stephen Smalley wrote:
> On Mon, 2005-09-19 at 15:51 -0400, Steve Grubb wrote:
> > I have finished reviewing all the LSPP/RBAC requirements. During the process,
> > I found a new system resource that might be considered an object. There is a
> > new api for managing keys in the kernel. The keys can be for a thread,
> > process, session, user, or group. It is manipulated via keyctl. I was
> > wondering if this needs to be labeled and treated like any other object?
>
> IMHO, yes. The need to consider LSM/SELinux was raised when the key
> support was originally proposed on linux-kernel, but I guess we weren't
> heeded. Looks like one would need to add a security field to the key
> structure, and modify the permission checking functions in
> include/linux/key-ui.h to invoke a LSM hook as well.
David Howells was talking about adding LSM hooks for this recently.
Not sure what the status is.
Do we really need this for LSPP?
- James
--
James Morris
<jmorris at redhat.com>
More information about the redhat-lspp
mailing list