Re: [RFC] [PATCH] [0/6] LSM Stacking

From: Valdis . Kletnieks
Date: Fri Nov 05 2004 - 11:02:23 EST

Next message: Valdis . Kletnieks: "Re: 2.6.9-mm1: LVM stopped working (dio-handle-eof.patch)"
Previous message: Arjan van de Ven: "Re: support of older compilers"
In reply to: James Morris: "Re: [RFC] [PATCH] [0/6] LSM Stacking"
Next in thread: Serge E. Hallyn: "Re: [RFC] [PATCH] [0/6] LSM Stacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 04 Nov 2004 17:04:31 CST, Serge Hallyn said:
> The following set of patches add support required to stack most
> LSMs. The most important patch is the first, which provides a
> method for more than one LSM to annotate information to kernel
> objects. LSM's known to use the LSM fields include selinux, bsdjail,
> seclvl, and digsig. Without this patch (or something like it),
> none of these modules can be used together.

After fixing some blecherous line-wrap issues, the patches applied
OK to a 2.6.10-rc1-mm2-RT-V0.7.11 tree (a few offsets here and there,
no rejects).

I'm currently running with 3 LSM's stacked (SELinux, capabilities, and
a local LSM that provides OpenWall functionality), and all seems to be
working *mostly* OK. I'll post the LSM as soon as I refactor a few
patches.

One issue: I'm seeing this from /usr/sbin/sendmail:

% /usr/sbin/sendmail
drop_privileges: setuid(0) succeeded (when it should not)

I've not tracked down what's causing this indigestion yet (I suspect some
bad interaction with capabilities - that's what caused that message to be
added to Sendmail in the first place).

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Valdis . Kletnieks: "Re: 2.6.9-mm1: LVM stopped working (dio-handle-eof.patch)"
Previous message: Arjan van de Ven: "Re: support of older compilers"
In reply to: James Morris: "Re: [RFC] [PATCH] [0/6] LSM Stacking"
Next in thread: Serge E. Hallyn: "Re: [RFC] [PATCH] [0/6] LSM Stacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]