Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mmcode

[James Morris]

On Thu, 22 Jun 2006, Serge E. Hallyn wrote:

> sorry if I'm being dense - what is actually being protected against
> here?  The only thing I can think of is one process causing performance
> degradation to another by moving it's memory further from it's cpu on a
> NUMA machine.

This is a privileged operation, which currently relies only on uid (i.e. 
traditional Unix DAC), and capability checking.

SELinux introduces Mandatory Access Control (MAC) based upon all 
security-relevant attributes of tasks and objects, not just uid/capability 
checks.  Theoretically, all processes could run with euid==0 under SELinux 
(in fact, Russell Coker's 'play box' does something similar by giving out 
the root password to everyone, although SELinux is designed to complement 
DAC, not replace it).

Any privileged operations with DAC controls also need corresponding MAC 
controls, which is what this patch implements.



- James
-- 
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/