Re: [PATCH] ptrace: allow restriction of ptrace scope

From: Casey Schaufler
Date: Fri Jun 18 2010 - 22:23:19 EST

Next message: Eric W. Biederman: "Re: [PATCH] ptrace: allow restriction of ptrace scope"
Previous message: Tetsuo Handa: "Re: [PATCH] ptrace: allow restriction of ptrace scope"
In reply to: Serge E. Hallyn: "Re: [PATCH] ptrace: allow restriction of ptrace scope"
Next in thread: Eric W. Biederman: "Re: [PATCH] ptrace: allow restriction of ptrace scope"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eric W. Biederman wrote:
> Theodore Tso <tytso@xxxxxxx> writes:
>
>
>> i think we really need to have stacked LSM's,

!

>> because there is a large set
>> of people who will never use SELinux. Every few years, I take another
>> look at SELinux, my head explodes with the (IMHO unneeded complexity),
>> and I go away again...
>>
>> Yet I would really like a number of features such as this ptrace scope idea ---
>> which I think is a useful feature, and it may be that stacking is the only
>> way we can resolve this debate. The SELinux people will never believe that
>> their system is too complicated, and I don't like using things that are impossible
>> for me to understand or configure, and that doesn't seem likely to change anytime
>> in the near future.
>>
>> I mean, even IPSEC RFC's are easier for me to understand, and that's saying
>> a lot...
>>
>
>
> If anyone is going to work on this let me make a concrete suggestion.
> Let's aim at not stacked lsm's but chained lsm's, and put the chaining
> logic in the lsm core.
>

It's 35 years since my data structures course. What's the important
difference between the two?

> The core difficulty appears to be how do you multiplex the security pointers
> on various objects out there.
>

That and making sure that the hooks that maintain state get called
even if the decision to deny access has already been made by someone
else.

> My wishlist has this working so that I can logically have a local security
> policy in a container, restricted by the global policy but with additional
> restrictions.
>
> Eric
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
>
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric W. Biederman: "Re: [PATCH] ptrace: allow restriction of ptrace scope"
Previous message: Tetsuo Handa: "Re: [PATCH] ptrace: allow restriction of ptrace scope"
In reply to: Serge E. Hallyn: "Re: [PATCH] ptrace: allow restriction of ptrace scope"
Next in thread: Eric W. Biederman: "Re: [PATCH] ptrace: allow restriction of ptrace scope"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]