On January 17, 2020 3:21:10 AM Jeffrey Vander Stoep <jeffv@xxxxxxxxxx> wrote: > On Fri, Jan 17, 2020 at 1:32 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: >> Our current handling of netlink messages is rather crude, especially >> when you consider the significance of the netlink messages and the >> rather coarse granularity when compared to other SELinux object >> classes. I believe some (most? all?) of this is due to the number of >> netlink messages compared to the maximum number of permissions in an >> object class. Back when xperms were added, one of the motivations for >> making it a general solution was to potentially use them for netlink; >> we obviously haven't made the change in the netlink controls, but I >> think this might be the right time to do it. > That's a very large change with some unanswered questions - like how to > handle > generic netlink. I will have time later this year to make that change. > > In the meantime, this change is small (ideal for backporting) and > consistent with > how we differentiate between levels of sensitivity on netlink_audit > messages. > Would you consider taking v3 of this change with your suggested adjustment > to > selinux_policycaps_init()? Yes, it is a big change and there are some open questions, but both of the changes we are discussing here are exposed to userspace so there is a need to make sure we get this as right as possible the first time. I am not a fan of exposing a change to userspace knowing that we will be replacing it in the future. If we need to update the netlink controls, and I think we do, let's do it properly and not one message at a time. -- paul moore www.paul-moore.com
