Date: Fri, 5 May 2017 09:18:46 -0700 From: Andy Lutomirski <luto@...nel.org> To: Djalal Harouni <tixxdz@...il.com> Cc: Kees Cook <keescook@...omium.org>, Andy Lutomirski <luto@...nel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, "Serge E. Hallyn" <serge@...lyn.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, LSM List <linux-security-module@...r.kernel.org>, Linux API <linux-api@...r.kernel.org>, Dongsu Park <dpark@...teo.net>, Casey Schaufler <casey@...aufler-ca.com>, James Morris <james.l.morris@...cle.com>, Paul Moore <paul@...l-moore.com>, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jonathan Corbet <corbet@....net>, Jessica Yu <jeyu@...hat.com>, Rusty Russell <rusty@...tcorp.com.au>, Arnaldo Carvalho de Melo <acme@...hat.com>, Mauro Carvalho Chehab <mchehab@...nel.org>, Ingo Molnar <mingo@...nel.org>, belakhdar abdeldjalil <zendyani@...il.com>, Peter Zijlstra <peterz@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction On Thu, May 4, 2017 at 6:07 AM, Djalal Harouni <tixxdz@...il.com> wrote: > On Sat, Apr 22, 2017 at 2:17 PM, Djalal Harouni <tixxdz@...il.com> wrote: >> On Sat, Apr 22, 2017 at 1:28 AM, Andy Lutomirski <luto@...capital.net> wrote: > [...] >>> >>> My point is that all of these need some way to handle configuration >>> and inheritance, and I don't think that a bunch of per-task prctls is >>> the right way. As just an example, saying that interactive users can >>> autoload modules but other users can't, or that certain systemd >>> services can, etc, might be nice. Linus already complained that he >>> (i.e. user "torvalds" or whatever) should be able to profile the >>> kernel but that other uids should not be able to. >> >> Neat, maybe this could already be achieved with this interface and >> systemd-logind, "ModulesAutoloadUsers=andy" in logind.conf where >> "andy" is the only logged-in user able to trigger and autoload kernel >> modules. However maybe we should not restrict too much other bits or >> functionality of the other users, please let me will follow up later >> on it. >> >>> I personally like my implicit_rights idea, and it might be interesting >>> to prototype it. >> > > Andy following on the idea of per user settings, I'm curious did you > manage to make some advance on how to store the user settings ? the > user database format is old and not extensible, there was cgmanager or > other libcgroup but for resources, and no simple thing for such > restrictions example: "RestrictLinuxModules=user" that will prevent > such users from making/loading extra Linux features/modules that are > not already available... > I figured that user code would figure it out somehow. Text config file? There is another odd way it could be configured: just leave the inodes around in /dev/rights with appropriate permissions. Some startup script could re-instantiate them with the same permissions (via a syscall that does that atomically).
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.