Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752827AbZLaRGN (ORCPT ); Thu, 31 Dec 2009 12:06:13 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752755AbZLaRGM (ORCPT ); Thu, 31 Dec 2009 12:06:12 -0500 Received: from earthlight.etchedpixels.co.uk ([81.2.110.250]:60097 "EHLO www.etchedpixels.co.uk" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752722AbZLaRGL (ORCPT ); Thu, 31 Dec 2009 12:06:11 -0500 Date: Thu, 31 Dec 2009 17:06:41 +0000 From: Alan Cox To: Peter Dolding Cc: Samir Bellabes , "Eric W. Biederman" , "Serge E. Hallyn" , "Andrew G. Morgan" , Bryan Donlan , Benny Amorsen , Michael Stone , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-security-module@vger.kernel.org, Andi Kleen , David Lang , Oliver Hartkopp , Herbert Xu , Valdis Kletnieks , Evgeniy Polyakov , "C. Scott Ananian" , James Morris , Bernie Innocenti , Mark Seaborn , Randy Dunlap , =?UTF-8?B?QW3DqXJpY28=?= Wang , Tetsuo Handa , Casey Schaufler , Pavel Machek , Al Viro Subject: Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges Message-ID: <20091231170641.6dd46c6e@lxorguk.ukuu.org.uk> In-Reply-To: References: <551280e50912300652r1007dee0j8de750bf33af9b3c@mail.gmail.com> <20091230183513.GC14493@us.ibm.com> <20091230201712.GA23999@us.ibm.com> <20091230212931.233003b9@lxorguk.ukuu.org.uk> <20091230230042.5d2e78ac@lxorguk.ukuu.org.uk> X-Mailer: Claws Mail 3.7.3 (GTK+ 2.18.5; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1440 Lines: 37 > Lets step back for a moment. What is the common issue with both. > > The issue is simple. "How to I generically tell the secuirty system > want particular restrictions." You don't. It's not "the security system", its a whole collection of completely different models of security and differing tools. > There is no generic LSM API for application or users to talk to the > LSM and say I want the following restricted. That's a meaningless observation I think because security doesn't work that way. Removing specific features from a specific piece of code generally isn't a security feature - its only meaningful in the context of a more general policy and that policy expression isn't generic. > To control the LSM the applications are expected to know what the LSM. > This has caused items like chrome major issues. .. > Application does not need to be informed what is disabled from it. So why does it cause chrome problems ? There are multiple security models because nobody can agree on what they should look like, just like multiple desktops. Each of them is based on a totally different conceptual model so the idea of a single interface to them is a bit meaningless. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/