Re: [PATCH v6 5/5] kernfs: initialize security of newly created nodes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/21/2019 1:13 AM, Ondrej Mosnacek wrote:
On Tue, Feb 19, 2019 at 5:43 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
.....
The state you're maintaining is kernfs state, not LSM
infrastructure state. The state should be maintained in
kernfs, not in the LSM infrastructure.
But I'm not maintaining any state. I'm merely trying to answer the
query "Is there anything that will handle this hook? Do I need to
prepare stuff for it?", which is obviously a query about the LSM
state. Granted, ideally we wouldn't need to do any preparatory work at
all, but that would require exposing more of the kernfs internals
(which brings its own issues, but maybe I'll need to look into that
approach more...).

It sounds like you're bumping up against the limitations
of the finely honed optimized implementation of kernfs. :(
If it where still the pre-android era, when using an LSM
was rare, the check for an LSM might have made sense. Today,
with the vast majority of systems using LSMs*, optimizing for
the no LSM case is nonsensical.

---
* Android, Tizen, Fedora/RHEL, Ubuntu

...
Kernfs is an important component of the kernel. So is
the security infrastructure. I would hope you don't want
to turn this into a contest to see which maintainer has
the biggest clout.
Oh, no, you misunderstood my intention. I just got a feeling that this
thread was turning into a discussion about perceived code ugliness
(and about which subsystem that ugliness ends up in), which is
naturally a very subjective topic, so I wanted to know what is the
opinion of the people that have the final decision about whether the
code should get in or not. Anyway, I'll try to find a more elegant
variant of the solution once again, hopefully I manage to get to
something less controversial.

Thank you. I believe (which, of course, doesn't make it true)
that when a component goes outside the general system architecture
the way that kernfs does *even for performance reasons* that it is
responsible for the edge cases it encounters. I know that I've had
to do a good bit of that in Smack.



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux