|
Message-ID: <alpine.LRH.2.21.1809280744560.8410@namei.org> Date: Fri, 28 Sep 2018 07:45:00 +1000 (AEST) From: James Morris <jmorris@...ei.org> To: Casey Schaufler <casey.schaufler@...el.com> cc: kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov, dave.hansen@...el.com, deneen.t.dock@...el.com, kristen@...ux.intel.com, arjan@...ux.intel.com Subject: Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel On Wed, 26 Sep 2018, Casey Schaufler wrote: > + /* > + * Namespace checks. Considered safe if: > + * cgroup namespace is the same > + * User namespace is the same > + * PID namespace is the same > + */ > + if (current->nsproxy) > + ccgn = current->nsproxy->cgroup_ns; > + if (p->nsproxy) > + pcgn = p->nsproxy->cgroup_ns; > + if (ccgn != pcgn) > + return -EACCES; > + if (current->cred->user_ns != p->cred->user_ns) > + return -EACCES; > + if (task_active_pid_ns(current) != task_active_pid_ns(p)) > + return -EACCES; > + return 0; I really don't like the idea of hard-coding namespace security semantics in an LSM. Also, I'm not sure if these semantics make any sense. It least make it user configurable. -- James Morris <jmorris@...ei.org>
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.