[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: jail functionality

To: Stephen Smalley <sds@xxxxxxxxxxxxx>
Subject: Re: RFC: jail functionality
From: serue@xxxxxxxxxx
Date: Wed, 29 Jun 2005 13:35:50 -0500
Cc: linux-security-module@xxxxxxxxx, SELinux <selinux@xxxxxxxxxxxxx>
In-reply-to: <1120062900.3553.151.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <20050629161409.GB16233@xxxxxxxxxxxxxxxxxxxx> <1120062900.3553.151.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx
User-agent: Mutt/1.5.8i

Quoting Stephen Smalley (sds@xxxxxxxxxxxxx):
> On Wed, 2005-06-29 at 11:14 -0500, serue@xxxxxxxxxx wrote:
> > Attached are the old task_lookup patch which was used by the bsdjail lsm,
> > a patch for selinux to utilize this hook, and a sample jail policy and
> > .fc, which presumably would eventually be changed to a jail_domain()
> > policy macro.  Does this seem at all useful by itself, or should this
> > wait until it were actually needed for a complete linux jails
> > implementation?
> 
> What's the real benefit of "hiding" tasks in this manner?

In terms of security, I'd say none, except perhaps a hard-to-exploit
covert channel.  IMO, it would only be for user convenience.

> SELinux can
> already prevent processes from accessing anything under /proc/pid for a
> process in another domain, and procps already conveniently omits entries
> for any such inaccessible /proc/pid directories, so the typical user
> experience is the same (i.e. users won't see processes that are
> inaccessible in ps output) and at most, only the pids are exposed
> in /proc.  

I didn't think procps did that.  In that case, I guess tasklookup can
be taken off the list of jail requisites.

> > Is there any interest in seeing the virtual network devices and
> > network namespaces pushed upstream?
> 
> Yes, although I can't say that I've looked at their approach.

Ok - so long as there is interest, I will try to take some time to
write a standalone patch for it.  Then hopefully if their approach
or my port of it is not acceptable, someone else will code up an
acceptable version :)

> > Read-only bind mounts?
> 
> Not sure what happened to earlier discussions and patches related to
> that issue on lkml.

Christoph Hellwig said he wants it, but wanted a different
implementation, but hasn't had a chance to write up his own.  The author
of the existing patches feels there's not enough support/interest and
too much opposition, so has not resubmitted (after I believe his 6th
version).

> > The attached task-lookup patches?
> 
> Not sure it provides much value.

Sounds good.

thanks,
-serge

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- RFC: jail functionality
  - From: serue
- Re: RFC: jail functionality
  - From: Stephen Smalley

Prev by Date: RE: file contexts and modularity
Next by Date: Re: RFC: jail functionality
Previous by thread: Re: RFC: jail functionality
Next by thread: Re: RFC: jail functionality
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.