|
Message-ID: <CAEiveUdEsRGkMAoyyoDK52qUQbv5MfgKRA72T4X-qiQ4e-BhHQ@mail.gmail.com> Date: Mon, 6 Feb 2017 13:40:46 +0100 From: Djalal Harouni <tixxdz@...il.com> To: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com, LSM List <linux-security-module@...r.kernel.org>, Kees Cook <keescook@...omium.org>, Andrew Morton <akpm@...ux-foundation.org>, Lafcadio Wluiki <wluikil@...il.com>, Dongsu Park <dongsu@...ocode.com>, Andy Lutomirski <luto@...nel.org>, James Morris <james.l.morris@...cle.com>, "Serge E. Hallyn" <serge@...lyn.com>, Alexander Viro <viro@...iv.linux.org.uk>, Daniel Mack <daniel@...que.org>, Jann Horn <jann@...jh.net>, Elena Reshetova <elena.reshetova@...el.com> Subject: Re: [RFC/PATCH 1/3] security: add the security_task_copy() hook Hi Tetsuo, On Mon, Feb 6, 2017 at 11:49 AM, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> wrote: > Djalal Harouni wrote: >> To achieve the above we add the security_task_copy() hook that allows us >> to clone the Timgad context of parent into child task_struct. >> >> The security hook can also be used by new LSMs after the child task has >> done some initialization, this way they won't clash with the major LSMs. >> The situation is not really well, this hook allows us to introduce a >> stackable LSM that can be easily used with all other LSMs. > > We are already planning to revive security_task_alloc() hook (probably in Linux 4.12) > ( news://news.gmane.org:119/201701101958.JAD43709.OtJSOQFVFOLHMF@...ove.SAKURA.ne.jp ). > Is security_task_alloc() called too early for your case? Hmm, didn't know about it, thank you! Yes that seems the same, to have a per-task vars or context. I'm reading http://www.spinics.net/linux/fedora/linux-security-module/msg17004.html For my specific use case I'm still not sure. I was thinking that since this is LSM maybe it would be useful to only add one hook after all the copy_*() functions that also copy the context, maybe another LSM will find it useful and may want to check the context of namespaces, fs (copy_namespaces(), copy_fs() ...). I mean this already happened to me with security_task_create() which is too early, so maybe try to do it right. The other thing is cgroups cgroup_can_fork() better do it after which avoids me to clean up. IMHO the best place is near or after copy_seccomp() where we hold the lock, especially if there is an LSM that wants to copy/apply the context on all other threads not only current. Ultimately if we are copying stuff then maybe it should happen as late as possible, and if we have to sleep I guess we can use security_task_create() to allocate ? What do you think ? Thanks! > (Well, we want to configure http archive like marc.info ?) -- tixxdz
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.