On Fri, Jul 24, 2009 at 2:18 PM, Sebastian Pfaff <sebastian.pfaff@xxxxxxxxx> wrote:
I am not sure what you mean here but seems that you are getting things wrong here. There are many LSM hooks. They are specially used for the kernel while not sure if user space object managers function to pointers too. The LSM hooks make the SELinux functionality because the monolithic architecture forced the flask architecture to get dispersed into the kernel and there are no clear boundaries for these object manager! Thats why it is stated that LSM hooks represent the kernel object managers.
Now there is one object manager and libselinux exports an interface to the userspace object managers. Stephen is referening to FLASK/FLUKE a predecessor of SELinux on micrkernel architecture.
An object manager is the sub-system that manages access control on its own objects. The kernel will handle access control for its own objects like files and process.
X server is an object manager for its own resources that it manages and so is Gconf. Dbus is object manager of its IPC objects. The in kernel security server is the PDP for all while the PEPs are kernel object managers and the userspace object manager (some mentioned earlier).
I hope these examples will clear things.
hello,
"Object managers are responsible for enforcing the policy decisions of the security server for the set
of resources they manage. For the kernel, you can think of object managers as kernel subsystems that
create and manage kernel-level objects. Examples of kernel object managers include the filesystem,
process management, and System V interprocess communication (IPC). In the LSM architecture, the
object managers are represented by the LSM hooks (!!!); these hooks are scattered throughout the kernel
subsystems and call the SELinux LSM module for access decisions. The LSM hooks then enforce
those decisions by allowing or denying access to the kernel resource." [1]
this basically says we have dozens of object managers, since every LSM hook is one!
I am not sure what you mean here but seems that you are getting things wrong here. There are many LSM hooks. They are specially used for the kernel while not sure if user space object managers function to pointers too. The LSM hooks make the SELinux functionality because the monolithic architecture forced the flask architecture to get dispersed into the kernel and there are no clear boundaries for these object manager! Thats why it is stated that LSM hooks represent the kernel object managers.
but here stephen smalley wrote:
An object manager gets access decisions from its AVC, which consults the security server when the decision isn't already cached. Meanwhile, if a policy change occurs, the security server needs to notify the AVCs of all object managers of the change
Now there is one object manager and libselinux exports an interface to the userspace object managers. Stephen is referening to FLASK/FLUKE a predecessor of SELinux on micrkernel architecture.
so that their state can be updated (in simplest form, by flushing the caches). There can be any number of object managers. In Linux, the entire kernel is really a single object manager, but in earlier microkernel-based systems, there were separate object managers for process management, filesystems, and networking.
http://marc.info/?l=selinux&m=115955074232032&w=2
What is an object manager and who says the truth? ;)
An object manager is the sub-system that manages access control on its own objects. The kernel will handle access control for its own objects like files and process.
X server is an object manager for its own resources that it manages and so is Gconf. Dbus is object manager of its IPC objects. The in kernel security server is the PDP for all while the PEPs are kernel object managers and the userspace object manager (some mentioned earlier).
I hope these examples will clear things.
"Every LSM hook object manager" vs "1 single Object Manager"
--
Sebastian Pfaff
[1] SELinux by Example: Using Security Enhanced Linux, 1st Edition. (Prentice Hall International, 2006).
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
--
Shaz
