Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758825AbbGHUHW (ORCPT ); Wed, 8 Jul 2015 16:07:22 -0400 Received: from mx1.redhat.com ([209.132.183.28]:38133 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755567AbbGHUHQ (ORCPT ); Wed, 8 Jul 2015 16:07:16 -0400 From: Paul Moore To: Casey Schaufler Cc: Stephen Smalley , Paul Osmialowski , James Morris , "Serge E. Hallyn" , Kees Cook , Tetsuo Handa , Neil Brown , Mark Rustad , Greg Kroah-Hartman , Daniel Mack , David Herrmann , Djalal Harouni , Shuah Khan , Al Viro , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Karol Lewandowski , Lukasz Skalski Subject: Re: [RFC 4/8] lsm: smack: smack callbacks for kdbus security hooks Date: Wed, 08 Jul 2015 16:07:11 -0400 Message-ID: <2412238.IhG4IMMuSs@sifl> Organization: Red Hat User-Agent: KMail/4.14.8 (Linux/3.16.7-gentoo; KDE/4.14.9; x86_64; ; ) In-Reply-To: <559D5201.6060400@schaufler-ca.com> References: <1436351110-5902-1-git-send-email-p.osmialowsk@samsung.com> <559D28DE.4070406@tycho.nsa.gov> <559D5201.6060400@schaufler-ca.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1843 Lines: 39 On Wednesday, July 08, 2015 09:38:25 AM Casey Schaufler wrote: > On 7/8/2015 6:42 AM, Stephen Smalley wrote: > > On 07/08/2015 06:25 AM, Paul Osmialowski wrote: ... > > If Smack only truly needs 3 hooks, then it begs the question of why > > there are so many other hooks defined. Are the other hooks just to > > support finer-grained distinctions, or is Smack's coverage incomplete? > > I haven't been following kdbus closely for a while, but the original > intent for Smack and kdbus was that it Smack controls would be on the > objects involved, and that to accomplish that only a small number of > hooks would be necessary. After all, Smack uses fewer hooks than SELinux > on other things. I do agree that without a user there is no point in > having hooks. If SELinux requires the other hooks we might want to > hold off on asking for the hooks until the SELinux implementation is > exposed. I also think that AppArmor should be examined as a potential > user of the hooks, just to make sure the hooks aren't excessively > oriented toward subject/object based security modules. In Paul O.'s defense, we did have some discussion about the reasons for these hooks, although that seems like ages ago and I would need to dig through the archives (my inbox?) to find the reasoning for each. However, I don't remember being very comfortable with the hooks back them largely due to uncertainty about how we were treating kdbus with respect to subjects/objects. I think it's worth restarting that discussion now before we nit pick the patches themselves. -- paul moore security @ redhat -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/