HOWTO add privileged code to the kernel without breaking LSM/SELinux

From: James Morris
Date: Tue Jun 06 2006 - 02:51:27 EST

Next message: Tejun Heo: "Re: [git patch] libata resume fix"
Previous message: Andi Kleen: "Re: 2.6.17-rc5-mm1"
Next in thread: Greg KH: "Re: HOWTO add privileged code to the kernel without breaking LSM/SELinux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you add any new code to the kernel which exposes any kind of
privileged operation to userspace, then it probably needs an LSM hook and
subsequent changes to SELinux.

It would certainly be unreasonable to expect all kernel developers to know
how to do this, however, it is usually very simple to determine when a new
LSM would be needed as a first step.

The simple tests are: does the code you're adding perform any new DAC
checks involving any of the user or group ID fields of a task? Did you
add a capable() call? Does it call DAC helper functions?

If so, it's possible that a corresponding MAC check needs to be added via
LSM; and I'd ask that you simply cc any or all of the LSM and/or SELinux
maintainers when posting such patches upstream for RFC or inclusion. We
can work on the LSM and SELinux side of things if needed.

This will not cover every case, but I think it will cover most of the ones
that are likely to come up in the future. If in doubt, it won't hurt to ask.

(CC'd GKH hoping something of this can go into his kernel hacking howto).

- James
--
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "Re: [git patch] libata resume fix"
Previous message: Andi Kleen: "Re: 2.6.17-rc5-mm1"
Next in thread: Greg KH: "Re: HOWTO add privileged code to the kernel without breaking LSM/SELinux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]