Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 21 Oct 2017 10:25:21 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: Nicolas Belouin <nicolas@...ouin.fr>, Jan Kara <jack@...e.com>,
 Theodore Ts'o <tytso@....edu>, Andreas Dilger <adilger.kernel@...ger.ca>,
 Jaegeuk Kim <jaegeuk@...nel.org>, Chao Yu <yuchao0@...wei.com>,
 David Woodhouse <dwmw2@...radead.org>, Dave Kleikamp <shaggy@...nel.org>,
 Mark Fasheh <mfasheh@...sity.com>, Joel Becker <jlbec@...lplan.org>,
 Miklos Szeredi <miklos@...redi.hu>, Phillip Lougher
 <phillip@...ashfs.org.uk>, Richard Weinberger <richard@....at>,
 Artem Bityutskiy <dedekind1@...il.com>,
 Adrian Hunter <adrian.hunter@...el.com>,
 Alexander Viro <viro@...iv.linux.org.uk>, Serge Hallyn <serge@...lyn.com>,
 Paul Moore <paul@...l-moore.com>, Stephen Smalley <sds@...ho.nsa.gov>,
 Eric Paris <eparis@...isplace.org>, James Morris
 <james.l.morris@...cle.com>, linux-ext4@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
 linux-fsdevel@...r.kernel.org, linux-mtd@...ts.infradead.org,
 jfs-discussion@...ts.sourceforge.net, ocfs2-devel@....oracle.com,
 linux-unionfs@...r.kernel.org, reiserfs-devel@...r.kernel.org,
 linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov,
 linux-api@...r.kernel.org, kernel-hardening@...ts.openwall.com
Subject: Re: [RFC PATCH 1/2] security, capabilities: create
 CAP_TRUSTED

On 10/21/2017 6:45 AM, Nicolas Belouin wrote:
> with CAP_SYS_ADMIN being bloated, the usefulness of using it to
> flag a process to be entrusted for e.g reading and writing trusted
> xattr is near zero.
> CAP_TRUSTED aims to provide userland with a way to mark a process as
> entrusted to do specific (not specially admin-centered) actions. It
> would for example allow a process to red/write the trusted xattrs.

Please explain how this is different from CAP_MAC_ADMIN in
any existing use case. If it is significantly different, how
would the two interact?

> Signed-off-by: Nicolas Belouin <nicolas@...ouin.fr>
> ---
>  include/uapi/linux/capability.h     | 6 +++++-
>  security/selinux/include/classmap.h | 5 +++--
>  2 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
> index ce230aa6d928..27e457b93c84 100644
> --- a/include/uapi/linux/capability.h
> +++ b/include/uapi/linux/capability.h
> @@ -369,7 +369,11 @@ struct vfs_ns_cap_data {
>  
>  #define CAP_SYS_MOUNT		38
>  
> -#define CAP_LAST_CAP         CAP_SYS_MOUNT
> +/* Allow read/write trusted xattr */
> +
> +#define CAP_TRUSTED		39
> +
> +#define CAP_LAST_CAP         CAP_TRUSTED
>  
>  #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
>  
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index a873dce97fd5..f5dc8e109f5a 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -24,9 +24,10 @@
>  	    "audit_control", "setfcap"
>  
>  #define COMMON_CAP2_PERMS  "mac_override", "mac_admin", "syslog", \
> -		"wake_alarm", "block_suspend", "audit_read", "sys_mount"
> +		"wake_alarm", "block_suspend", "audit_read", "sys_mount", \
> +		"trusted"
>  
> -#if CAP_LAST_CAP > CAP_SYS_MOUNT
> +#if CAP_LAST_CAP > CAP_TRUSTED
>  #error New capability defined, please update COMMON_CAP2_PERMS.
>  #endif
>  

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.