Re: Documenting ptrace access mode checking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 24, 2016 at 8:18 AM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 6/24/2016 1:40 AM, Michael Kerrisk (man-pages) wrote:
>> So, I just want to check my understanding of a couple of points:
>>
>> 1. The commoncap LSM is invoked first, and if it denies access,
>>    then no further LSM is/needs to be called.
>
> Yes. The LSM infrastructure is "bail on fail".
>
>>
>> 2. Is it the case that only one of the other LSMs (SELinux, Yama,
>>    AppArmor, etc.) is invoked, or can more than one be invoked.
>>    I thought only one is invoked, but perhaps I am out of date
>>    in my understanding.
>
> All registered modules are invoked, but only one "major"
> module can be registered. The "minor" modules show up in
> security_init, while the majors come in via do_security_initcalls.

Just to fill in the history: prior the the recent LSM stacking changes
(v4.2), commoncap (which is effectively an LSM) was hard-coded to be
stacked with the single selected primary LSM. Then Yama got hard-coded
stacked with the primary LSM too, and then Casey saved us from total
insanity by providing a proper way to stack LSMs.

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux