On Thu, 27 Sep 2018, Casey Schaufler wrote: > On 9/27/2018 2:45 PM, James Morris wrote: > > On Wed, 26 Sep 2018, Casey Schaufler wrote: > > > >> + /* > >> + * Namespace checks. Considered safe if: > >> + * cgroup namespace is the same > >> + * User namespace is the same > >> + * PID namespace is the same > >> + */ > >> + if (current->nsproxy) > >> + ccgn = current->nsproxy->cgroup_ns; > >> + if (p->nsproxy) > >> + pcgn = p->nsproxy->cgroup_ns; > >> + if (ccgn != pcgn) > >> + return -EACCES; > >> + if (current->cred->user_ns != p->cred->user_ns) > >> + return -EACCES; > >> + if (task_active_pid_ns(current) != task_active_pid_ns(p)) > >> + return -EACCES; > >> + return 0; > > I really don't like the idea of hard-coding namespace security semantics > > in an LSM. Also, I'm not sure if these semantics make any sense. > > Checks on namespaces where explicitly requested. By whom and what is the rationale? -- James Morris <jmorris@xxxxxxxxx> _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
