Hi all,
There are ACL in file system, but why there are no ACL implementation
in IPC object, eg. shm, message queue, FIFO?
Is there any fine grained granting in ipc object just like in file object?
Thanks,
Best
--
zhoupeng
On Wed, Jan 20, 2010 at 05:20:00PM +0800, zhou peng wrote:
> Hi all,
>
> There are ACL in file system, but why there are no ACL implementation
> in IPC object, eg. shm, message queue, FIFO?
> Is there any fine grained granting in ipc object just like in file object?
Not implemented yet, we can add this if you need it
(but probably will be a 3.6.0 feature).
Jeremy.
On Wed, Jan 20, 2010 at 01:50:48PM -0800, Jeremy Allison wrote:
> On Wed, Jan 20, 2010 at 05:20:00PM +0800, zhou peng wrote:
> > Hi all,
> >
> > There are ACL in file system, but why there are no ACL implementation
> > in IPC object, eg. shm, message queue, FIFO?
> > Is there any fine grained granting in ipc object just like in file object?
>
> Not implemented yet, we can add this if you need it
> (but probably will be a 3.6.0 feature).
Never mind, got my lists mixed up and thought this
was a Samba request (sorry :-).
zhou peng wrote:
> Hi all,
>
> There are ACL in file system, but why there are no ACL implementation
> in IPC object, eg. shm, message queue, FIFO?
>
Most people haven't noticed that IPC objects are even there, much less
that they have mode bits and not ACLs. Even when we were doing security
evaluations on Unix boxes in the 1990's they were considered insufficiently
interesting to justify the additional work to do ACLs.
If you really want ACLs on IPC objects it would make a dandy little
project for a summer. I would be happy to review patches.
> Is there any fine grained granting in ipc object just like in file object?
>
As Stephen Smalley points out, you can do it with SELinux, although
that it rather like driving a thumbtack with a bulldozer.
> Thanks,
> Best
>
> --
> zhoupeng
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
>
>
On Wed, Jan 20, 2010 at 07:02:27PM -0800, Casey Schaufler wrote:
> zhou peng wrote:
> > Hi all,
> >
> > There are ACL in file system, but why there are no ACL implementation
> > in IPC object, eg. shm, message queue, FIFO?
> >
>
> Most people haven't noticed that IPC objects are even there, much less
> that they have mode bits and not ACLs. Even when we were doing security
> evaluations on Unix boxes in the 1990's they were considered insufficiently
> interesting to justify the additional work to do ACLs.
>
> If you really want ACLs on IPC objects it would make a dandy little
> project for a summer. I would be happy to review patches.
Or use the posix IPC mechanisms. The Posix shared memory has ACL by
using tmpfs as the backing store, and we could add similar support to
Posix messages queues as they are also backed by a normal filesystem.
Adding this support to the old SYSV IPC mechanisms would be much harder
as they do not fit into the file backed model we use everywhere else at
all.
Thank you all for so many solutions.
I want to control some IPC object (shm, msg queue, semphore) can be
accessed by which named user or named group just like file objects ACL
do.
I studied the solution you all referred, The SELinux is powerful but
may be somewhat complicated. And I am confused with Christoph
Hellwig?s solution using tmpfs.
2010/1/21 Christoph Hellwig <[email protected]>:
> On Wed, Jan 20, 2010 at 07:02:27PM -0800, Casey Schaufler wrote:
>> zhou peng wrote:
>> > Hi all,
>> >
>> > There are ACL in file system, but why there are no ACL implementation
>> > in IPC object, eg. shm, message queue, FIFO?
>> >
>>
>> Most people haven't noticed that IPC objects are even there, much less
>> that they have mode bits and not ACLs. Even when we were doing security
>> evaluations on Unix boxes in the 1990's they were considered insufficiently
>> interesting to justify the additional work to do ACLs.
>>
>> If you really want ACLs on IPC objects it would make a dandy little
>> project for a summer. I would be happy to review patches.
Thanks. It's interesting to add ACL over IPC objects. I want to have a try.
>
> Or use the posix IPC mechanisms. ?The Posix shared memory has ACL by
> using tmpfs as the backing store, and we could add similar support to
> Posix messages queues as they are also backed by a normal filesystem.
Christoph Hellwig, This way may be convinent. Could you give some
detailed message. :)
I only find /proc/ipc/shm file which contain the info of shm objs,and
tmpfs on /dev/shm which is empty.
>
> Adding this support to the old SYSV IPC mechanisms would be much harder
> as they do not fit into the file backed model we use everywhere else at
> all.
Just like file objects, the mode bits are implment over IPC objects
without file backed, so I think adding ACL support to IPC objects may
be somewhat reasonable :)
>
>
--
zhoupeng
(Top-posting fixed.)
On Fri, Jan 22, 2010 at 5:15 PM, zhou peng <[email protected]> wrote:
>
> 2010/1/21 Christoph Hellwig <[email protected]>:
>> On Wed, Jan 20, 2010 at 07:02:27PM -0800, Casey Schaufler wrote:
>>> zhou peng wrote:
>>> > Hi all,
>>> >
>>> > There are ACL in file system, but why there are no ACL implementation
>>> > in IPC object, eg. shm, message queue, FIFO?
>>> >
>>>
>>> Most people haven't noticed that IPC objects are even there, much less
>>> that they have mode bits and not ACLs. Even when we were doing security
>>> evaluations on Unix boxes in the 1990's they were considered insufficiently
>>> interesting to justify the additional work to do ACLs.
>>>
>>> If you really want ACLs on IPC objects it would make a dandy little
>>> project for a summer. I would be happy to review patches.
>
> Thanks. It's interesting to add ACL over IPC objects. I want to have a try.
>
>>
>> Or use the posix IPC mechanisms. The Posix shared memory has ACL by
>> using tmpfs as the backing store, and we could add similar support to
>> Posix messages queues as they are also backed by a normal filesystem.
>
> Christoph Hellwig, This way may be convinent. Could you give some
> detailed message. :)
> I only find /proc/ipc/shm file which contain the info of shm objs,and
> tmpfs on /dev/shm which is empty.
>
>>
>> Adding this support to the old SYSV IPC mechanisms would be much harder
>> as they do not fit into the file backed model we use everywhere else at
>> all.
>
> Just like file objects, the mode bits are implment over IPC objects
> without file backed, so I think adding ACL support to IPC objects may
> be somewhat reasonable :)
>
> Thank you all for so many solutions.
>
> I want to control some IPC object (shm, msg queue, semphore) can be
> accessed by which named user or named group just like file objects ACL
> do.
>
> I studied the solution you all referred, The SELinux is powerful but
> may be somewhat complicated. And I am confused with Christoph
> Hellwig‘s solution using tmpfs.
Well, only posix semphores and posix share memory use tmpfs, I think,
posix msg queues use "mqueue" instead.
I have tested posix sem,posix shm and posix msg queue for ACL on
fedora 12 with kernel 2.6.32.
Posix sem and posix shm using tmpfs monted by default support ACL well .
Posix msg queue use mqueue fs mounted by manual but it seem not
surpoort ACL well. It failed for setting named ACL item:
{
$ mkdir /dev/mqueue
$ mount -o rw, acl -t mqueue none /dev/mqueue
$cd /dev/mqueue
"/mq" msg queue object created and used by processes properly
$getfacl mq
#file: mq
#owner:root
#group:root
user:rw-
group::---
other::---
$setfacl -m u:testuser:rw mq /* failed here*/
$setfacl: mq :Operation not supported
but mqueue fs works well for setting owner user and owner group items.
}
I am not sure whether mqueue don't support acl or I make mistake.
2010/1/22 Am?rico Wang <[email protected]>:
> (Top-posting fixed.)
>
> On Fri, Jan 22, 2010 at 5:15 PM, zhou peng <[email protected]> wrote:
>>
>> 2010/1/21 Christoph Hellwig <[email protected]>:
>>> On Wed, Jan 20, 2010 at 07:02:27PM -0800, Casey Schaufler wrote:
>>>> zhou peng wrote:
>>>> > Hi all,
>>>> >
>>>> > There are ACL in file system, but why there are no ACL implementation
>>>> > in IPC object, eg. shm, message queue, FIFO?
>>>> >
>>>>
>>>> Most people haven't noticed that IPC objects are even there, much less
>>>> that they have mode bits and not ACLs. Even when we were doing security
>>>> evaluations on Unix boxes in the 1990's they were considered insufficiently
>>>> interesting to justify the additional work to do ACLs.
>>>>
>>>> If you really want ACLs on IPC objects it would make a dandy little
>>>> project for a summer. I would be happy to review patches.
>>
>> Thanks. It's interesting to add ACL over IPC objects. I want to have a try.
>>
>>>
>>> Or use the posix IPC mechanisms. ?The Posix shared memory has ACL by
>>> using tmpfs as the backing store, and we could add similar support to
>>> Posix messages queues as they are also backed by a normal filesystem.
>>
>> Christoph Hellwig, This way may be convinent. Could you give some
>> detailed message. :)
>> I only find /proc/ipc/shm file which contain the info of shm objs,and
>> tmpfs on /dev/shm which is empty.
>>
>>>
>>> Adding this support to the old SYSV IPC mechanisms would be much harder
>>> as they do not fit into the file backed model we use everywhere else at
>>> all.
>>
>> Just like file objects, the mode bits are implment over IPC objects
>> without file backed, so I think adding ACL support to IPC objects may
>> be somewhat reasonable :)
>>
>> Thank you all for so many solutions.
>>
>> I want to control some IPC object (shm, msg queue, semphore) can be
>> accessed by which named user or named group just like file objects ACL
>> do.
>>
>> I studied the solution you all referred, The SELinux is powerful but
>> may be somewhat complicated. And I am confused with Christoph
>> Hellwig?s solution using tmpfs.
>
> Well, only posix semphores and posix share memory use tmpfs, I think,
> posix msg queues use "mqueue" instead.
>
--
zhoupeng
On Mon, Jan 25, 2010 at 11:21:44PM +0800, zhou peng wrote:
>I have tested posix sem,posix shm and posix msg queue for ACL on
>fedora 12 with kernel 2.6.32.
>
>Posix sem and posix shm using tmpfs monted by default support ACL well .
>Posix msg queue use mqueue fs mounted by manual but it seem not
>surpoort ACL well. It failed for setting named ACL item:
>{
> $ mkdir /dev/mqueue
> $ mount -o rw, acl -t mqueue none /dev/mqueue
> $cd /dev/mqueue
> "/mq" msg queue object created and used by processes properly
>
> $getfacl mq
> #file: mq
> #owner:root
> #group:root
> user:rw-
> group::---
> other::---
>
> $setfacl -m u:testuser:rw mq /* failed here*/
> $setfacl: mq :Operation not supported
> but mqueue fs works well for setting owner user and owner group items.
>}
>
>I am not sure whether mqueue don't support acl or I make mistake.
>
A quick look at the source code shows mqueue doesn't support ACL.
--
Live like a child, think like the god.