Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751086AbVJFPSX (ORCPT ); Thu, 6 Oct 2005 11:18:23 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751089AbVJFPSX (ORCPT ); Thu, 6 Oct 2005 11:18:23 -0400 Received: from mx1.redhat.com ([66.187.233.31]:4310 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S1751086AbVJFPSW (ORCPT ); Thu, 6 Oct 2005 11:18:22 -0400 From: David Howells In-Reply-To: References: <29942.1128529714@warthog.cambridge.redhat.com> <20051005211030.GC16352@shell0.pdx.osdl.net> <23333.1128596048@warthog.cambridge.redhat.com> To: James Morris Cc: David Howells , Chris Wright , Andrew Morton , Linus Torvalds , keyrings@linux-nfs.org, linux-kernel@vger.kernel.org, Stephen Smalley Subject: Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management X-Mailer: MH-E 7.84; nmh 1.1; GNU Emacs 22.0.50.1 Date: Thu, 06 Oct 2005 16:18:02 +0100 Message-ID: <30209.1128611882@warthog.cambridge.redhat.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1501 Lines: 42 James Morris wrote: > > > Access checks seem to be usually done before this point via > > > lookup_user_key(), which is ideal. > > > > Eh? lookup_user_key()? That's not necessarily called before, not if you're > > creating a key. > > I thought this was generally called before key operations. > > For example, sys_add_key() calls it with KEY_WRITE against the destination > keyring. Yes, but not in regard to the new key, which is what I thought you were implying. Besides, it's logically two operations: create key and link key to keyring. The reason they have to be combined is that the key would be immediately destroyed if it wasn't attached to a keyring. The permissions check done on the keyring merely assures that the keyring can be modified, not that a new key may or may not actually be created. Maybe we're talking at cross-purposes here. > > > I don't think SELinux would care about this yet. If so, the hook can be > > > added later. > > > > Auditing? > > SELinux does not audit object creation, it will sometimes use a _post hook > to update its internal state or perform the access control check for > creating the object. I meant the auditing service. Doesn't that use the security module hooks? David - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/