Hi James, On Thu, Jun 17, 2010 at 11:45:42PM +1000, James Morris wrote: > On Wed, 16 Jun 2010, Kees Cook wrote: > > [Note: it would be useful to cc: the LSM list on security discussions] Sorry, I was blindly using get_maintainer output. > > Certainly. PTRACE can already be confined by SELinux and AppArmor. I'm > > looking for a general approach that doesn't require a system builder to > > create MAC policies for unknown software. I want to define a common core > > behavior. > > > > > And even if you don't care about using the same security stuff the rest > > > of the world is using to solve the problem this like the other half baked > > > stuff you posted for links belongs as a security module. > > > > The LSM isn't stackable, so I can't put it there and choose this and > > SELinux (for the case of software-without-a-policy). > > SELinux already supports a global switch for ptrace via the allow_ptrace > boolean. You don't need to write any policy, just set it to 0. > > Global behavior can be further customized and refined (e.g. create a > generic policy module for apps without an existing policy, which allows > everything except things like ptrace and dangerous symlinks). > > SELinux users would not need the other LSM, and stacking is thus not > required. But if a user wants to disable ptrace using the SELinux LSM and then also disable sticky-symlinks via the ItsHideous LSM, they're out of luck. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html