Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 24 Oct 2002 04:39:44 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 24 Oct 2002 04:39:44 -0400 Received: from tsv.sws.net.au ([203.36.46.2]:65291 "EHLO tsv.sws.net.au") by vger.kernel.org with ESMTP id ; Thu, 24 Oct 2002 04:39:43 -0400 Content-Type: text/plain; charset=US-ASCII From: Russell Coker Reply-To: Russell Coker To: Nathan Scott Subject: Re: [PATCH] remove sys_security Date: Thu, 24 Oct 2002 10:45:44 +0200 User-Agent: KMail/1.4.3 Cc: linux-kernel@vger.kernel.org, linux-security-module@wirex.com References: <20021023173635.A15896@infradead.org> <20021024062602.GD937@frodo> In-Reply-To: <20021024062602.GD937@frodo> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Message-Id: <200210241045.44160.russell@coker.com.au> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2242 Lines: 47 On Thu, 24 Oct 2002 08:26, Nathan Scott wrote: > > Also, the EA API lacks support for > > creating files with specified security attributes (as opposed to creating > > and then calling setxattr to change the attributes, possibly after > > someone has already obtained access to the file), so it isn't ideal for > > our purposes anyway. > > This is not a shortcoming of the xattr interfaces, they do what > they were designed to do. I think the only interfaces suited to > setting up things in the way you've described are create, mkdir, > mknod, and co. It isn't clear to me how sys_security helps in > this situation? -- it would also seem to be non-atomic wrt the > inode creation syscalls, in the same way the xattr calls are. Currently sys_security is used to implement open_secure(), mkdir_secure(), etc which do this atomically. > The ACL code has to address a similar problem to the one you've > described - if a directory has a default ACL set on it, then new > children must be created with that ACL. This is implemented by > giving filesystems knowledge of the semantics of this attribute, > and having them create the ACL along with the inode if need be. SE Linux needs that functionality, but also it needs the ability to support file type automatic transition rules, for example when a program in fingerd_t domain creates a file in a directory of var_log_t then the file will have type var_log_fingerd_t. But this doesn't require any extra system calls either. What requires more system calls is the logrotate program which has to create new log files with the same security context as the log file it renamed. I suggest that you check the archives for the full thread as it explains all this and more in detail. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/