Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management

[David Howells]

James Morris <jmorris@xxxxxxxxx> wrote:

> > > Access checks seem to be usually done before this point via 
> > > lookup_user_key(), which is ideal.
> > 
> > Eh? lookup_user_key()? That's not necessarily called before, not if you're
> > creating a key.
> 
> I thought this was generally called before key operations.
> 
> For example, sys_add_key() calls it with KEY_WRITE against the destination 
> keyring.

Yes, but not in regard to the new key, which is what I thought you were
implying.

Besides, it's logically two operations: create key and link key to
keyring. The reason they have to be combined is that the key would be
immediately destroyed if it wasn't attached to a keyring.

The permissions check done on the keyring merely assures that the keyring can
be modified, not that a new key may or may not actually be created.

Maybe we're talking at cross-purposes here.

> > > I don't think SELinux would care about this yet.  If so, the hook can be 
> > > added later.
> > 
> > Auditing?
> 
> SELinux does not audit object creation, it will sometimes use a _post hook 
> to update its internal state or perform the access control check for 
> creating the object.

I meant the auditing service. Doesn't that use the security module hooks?

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/