[redhat-lspp] Objects
Janak Desai
janak at us.ibm.com
Mon Sep 19 21:56:54 UTC 2005
James Morris wrote:
> On Mon, 19 Sep 2005, Stephen Smalley wrote:
>
>
>>On Mon, 2005-09-19 at 15:51 -0400, Steve Grubb wrote:
>>
>>>I have finished reviewing all the LSPP/RBAC requirements. During the process,
>>>I found a new system resource that might be considered an object. There is a
>>>new api for managing keys in the kernel. The keys can be for a thread,
>>>process, session, user, or group. It is manipulated via keyctl. I was
>>>wondering if this needs to be labeled and treated like any other object?
>>
>>IMHO, yes. The need to consider LSM/SELinux was raised when the key
>>support was originally proposed on linux-kernel, but I guess we weren't
>>heeded. Looks like one would need to add a security field to the key
>>structure, and modify the permission checking functions in
>>include/linux/key-ui.h to invoke a LSM hook as well.
>
>
> David Howells was talking about adding LSM hooks for this recently.
> Not sure what the status is.
>
> Do we really need this for LSPP?
>
>
LSPP (unlike MLOSPP) does give some wiggle room wrt list of objects
and gives it as an assignment for Security Target. I don't know
enough about keys and the bandwidth of data can be exchanged
through them, but LSPP does say that an object that can be used
for information exchange, and NOT covered by DAC, must be
justified. Keys do enforce DAC, right? I wonder if we can get away
by not enforcing MAC on keys and explaining that away in ST.
Klaus?
-Janak
More information about the redhat-lspp
mailing list