On 01/26/2012 04:45 AM, Miklos Szeredi wrote: > Forwarding from an internal bug report: > > "AppArmor does not mediate the xattr system calls for confined processes. > > As a consequence, a confined process can cross the confinement privilege > boundary by reading or writing to extended attributes that the confined > task should not have access to. The restrictions for security and user > attributes read and write still apply according to DAC; however, this > does not comply with the claim of AppArmor to mediate fipe > operations. The use of extended attributes is very flexible, so that the > effect of a missing mediation can lead to false assumptions in > subsequent policy decisions (eCryptfs)." > > AFAIU this boils down to missing security hooks in *xattr(). > > Would it be possible to add these hooks? > right, this is something we lost when we moved to the security_path hooks and while we have spent some time looking at the problem, we haven't addressed it yet. New hooks would certainly be the easiest solution. I looked at it back when I initially did the port, and considered proposing new hooks at the time, but for various reasons it was decided to separate that from the main apparmor submission, and I haven't had a chance to revisit this since. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
