Re: LSM stacking in next for 6.1?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>, Paul Moore <paul@xxxxxxxxxxxxxx>
Subject: Re: LSM stacking in next for 6.1?
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 10 Sep 2022 13:17:30 +0900
Cc: John Johansen <john.johansen@xxxxxxxxxxxxx>, LSM List <linux-security-module@xxxxxxxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, linux-audit@xxxxxxxxxx, Mimi Zohar <zohar@xxxxxxxxxxxxx>, keescook@xxxxxxxxxxxx, SElinux list <selinux@xxxxxxxxxxxxxxx>
In-reply-to: <c679cea7-bb90-7a62-2e17-888826857d55@schaufler-ca.com>
References: <791e13b5-bebd-12fc-53de-e9a86df23836.ref@schaufler-ca.com> <791e13b5-bebd-12fc-53de-e9a86df23836@schaufler-ca.com> <CAHC9VhSF8hWg=7tbFiCrizNF61vpwJcU3793LcStiu-anW4i1g@mail.gmail.com> <CAHC9VhTDGwO789t59EyOV0SwnwGrdyBhRiuJpoY7cB4MSe02BQ@mail.gmail.com> <e2b6ae44-1037-666f-5012-6abd4d46c0b7@schaufler-ca.com> <CAHC9VhQ+UcJw4G=VHNE8wMa+EBG-UcoZ7ox0vNqLHoSKAd9XZQ@mail.gmail.com> <269014c6-5ce6-3322-5208-004cb1b40792@canonical.com> <CAHC9VhRrOgDMO9fo632tSL7vCMAy1_x3smaAok-nWdMAUFB8xQ@mail.gmail.com> <1958a0d3-c4fb-0661-b516-93f8955cdb95@schaufler-ca.com> <CAHC9VhQPvcunvBDvSnrUChwmGLen0Rcy8KEk_uOjNF1kr4_m9w@mail.gmail.com> <6552af17-e511-a7d8-f462-cafcf41a33bb@schaufler-ca.com> <CAHC9VhQMeyxQJSAUuigu=CCr44WtpJg=LEh1xng_bPfCCjqq6Q@mail.gmail.com> <5ef4a1ae-e92c-ca77-7089-2efe1d4c4e6d@schaufler-ca.com> <CAHC9VhQRpeOMkeEfy=VRPnpuYMUDYgLp56OjQZPYwoXmfHYREQ@mail.gmail.com> <c679cea7-bb90-7a62-2e17-888826857d55@schaufler-ca.com>
User-agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.1

On 2022/09/09 7:56, Casey Schaufler wrote:
> Good idea. I'm reading the official how-to-write-a-syscall documentation.

Can't we use prctl() syscall? We can assign an LSM ID when an (built-in or loadable) LSM
is loaded, and pass that LSM ID as one of arguments for prctl().

Since we have security_task_prctl(option, arg2, arg3, arg4, arg5) inside prctl(), an LSM 
which was assigned that LSM ID upon load checks arguments (including PID argument).
That will be something like ioctl() without open("/proc/pid/*/attr/*").

Follow-Ups:
- Re: LSM stacking in next for 6.1?
  - From: Casey Schaufler

References:
- LSM stacking in next for 6.1?
  - From: Casey Schaufler
- Re: LSM stacking in next for 6.1?
  - From: Paul Moore
- Re: LSM stacking in next for 6.1?
  - From: Paul Moore
- Re: LSM stacking in next for 6.1?
  - From: Casey Schaufler
- Re: LSM stacking in next for 6.1?
  - From: Paul Moore
- Re: LSM stacking in next for 6.1?
  - From: John Johansen
- Re: LSM stacking in next for 6.1?
  - From: Paul Moore
- Re: LSM stacking in next for 6.1?
  - From: Casey Schaufler
- Re: LSM stacking in next for 6.1?
  - From: Paul Moore
- Re: LSM stacking in next for 6.1?
  - From: Casey Schaufler
- Re: LSM stacking in next for 6.1?
  - From: Paul Moore
- Re: LSM stacking in next for 6.1?
  - From: Casey Schaufler
- Re: LSM stacking in next for 6.1?
  - From: Paul Moore
- Re: LSM stacking in next for 6.1?
  - From: Casey Schaufler

Prev by Date: Re: [PATCH RFC] LSM: lsm_self_attr system call to get security module attributes
Next by Date: Re: Does NFS support Linux Capabilities
Previous by thread: Re: LSM stacking in next for 6.1?
Next by thread: Re: LSM stacking in next for 6.1?
Index(es):
- Date
- Thread

[Index of Archives] [Selinux Refpolicy] [Linux SGX] [Fedora Users] [Fedora Desktop] [Yosemite Photos] [Yosemite Camping] [Yosemite Campsites] [KDE Users] [Gnome Users]