Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757445AbaGBRJu (ORCPT ); Wed, 2 Jul 2014 13:09:50 -0400 Received: from mail-qg0-f52.google.com ([209.85.192.52]:55442 "EHLO mail-qg0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756670AbaGBRJr (ORCPT ); Wed, 2 Jul 2014 13:09:47 -0400 MIME-Version: 1.0 In-Reply-To: <1871630.hB3tXi0r3a@sifl> References: <1404124096-21445-1-git-send-email-drysdale@google.com> <1404124096-21445-10-git-send-email-drysdale@google.com> <1871630.hB3tXi0r3a@sifl> From: David Drysdale Date: Wed, 2 Jul 2014 18:09:27 +0100 Message-ID: Subject: Re: [PATCH 09/11] capsicum: implementations of new LSM hooks To: Paul Moore Cc: Andy Lutomirski , LSM List , "linux-kernel@vger.kernel.org" , Greg Kroah-Hartman , Alexander Viro , Meredydd Luff , Kees Cook , James Morris , Linux API Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 2, 2014 at 2:49 PM, Paul Moore wrote: > On Monday, June 30, 2014 09:05:38 AM Andy Lutomirski wrote: >> On Mon, Jun 30, 2014 at 3:28 AM, David Drysdale wrote: >> > If the LSM does not provide implementations of the .file_lookup and >> > .file_install LSM hooks, always use the Capsicum implementations. >> > >> > The Capsicum implementation of file_lookup checks for a Capsicum >> > capability wrapper file and unwraps to if the appropriate rights >> > are available. >> > >> > The Capsicum implementation of file_install checks whether the file >> > has restricted rights associated with it. If it does, it is replaced >> > with a Capsicum capability wrapper file before installation into the >> > fdtable. >> >> I think I fall on the "no LSM" side of the fence. This kind of stuff >> should be available regardless of selected LSM (as it is in your >> code) ... > > I agree. Looking quickly at the patches, the code seems to take an odd > approach of living largely outside the LSM framework, but then relying on a > couple of LSM hooks. Capsicum should either live fully as a LSM or fully > outside of it, this mix seems a bit silly to me. Yeah, the end result was definitely a bit odd, hence the queries in the cover email. The consensus so far seems to be that they don't help, so I'll remove the gratuitous LSM hooks on the next iteration. Thanks, David > -- > paul moore > www.paul-moore.com > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/