On Thursday 25 September 2008 1:25:53 pm Tilman Baumann wrote:
The intention behind this patch is that i needed a way to (firewall)
match for packets originating from specific processes.
The existing owner match did not work well enough, especially since
the cmd-owner part is removed.
Then i thought about a way to tag processes and somehow match this
tag in the firewall.
I recalled that SELinux can do this (SECMARK) but SELinux would have
been way to complex for what i want. But the idea was born, i just
needed something more simple.
It appears the simplest option would be to provide the necessary SECMARK
support in Smack. SECMARK has provisions for supporting different
types of LSMs and adding Smack support should be relatively trivial.
In fact, it is possible for SECMARK to be made entirely LSM agnostic
and have it deal strictly with secctx/label and secid/token values. We
would need to retain the SELinux specific interface for
legacy/compatibility reasons but I would encourage new patches to take
this more general approach rather than LSM specific extension.
[NOTE: you may notice the above code changing slightly in futureGood to know.
kernels, it turns out that skb->sk == NULL is not a true indicator of a
non-local sender, see my labeled networking patches for 2.6.28 or
linux-next for the revised approach]
This of course only works for packets with a local socket, but this
was my intention anyway.
You could also expand it to handle non-local senders. However, from my
discussions with Casey about Smack and network access controls,
enforcing policy against forwarded traffic is not something he is
interested in at this point.
okI have no kernel coding experience whatsoever and little C coding
history. So i would really like you guys to look over it a bit.
[NOTE: you will want to post your patches inline in the future, sending
patches as attachments are frowned upon]
I don't like how the access control is being done outside of the Smack
LSM; once again I would encourage you to further investigate the
approach taken by SECMARK. If you must do access control outside of
the LSM then please at least abstract the actual access control
decision, in this case strncmp(), to a LSM interface.