[PATCH] selinux: add hooks for key subsystem
Introduce SELinux hooks to support the access key retention subsystem within the kernel. Incorporate new flask headers from a modified version of the SELinux reference policy, with support for the new security class representing retained keys. Extend the "key_alloc" security hook with a task parameter representing the intended ownership context for the key being allocated. Attach security information to root's default keyrings within the SELinux initialization routine. Has passed David's testsuite. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Michael LeMay
committed by
Linus Torvalds
Linus Torvalds
parent
f893afbe12
commit
d720024e94
@@ -19,6 +19,7 @@ This document has the following sections:
|
||||
- Key overview
|
||||
- Key service overview
|
||||
- Key access permissions
|
||||
- SELinux support
|
||||
- New procfs files
|
||||
- Userspace system call interface
|
||||
- Kernel services
|
||||
@@ -232,6 +233,34 @@ For changing the ownership, group ID or permissions mask, being the owner of
|
||||
the key or having the sysadmin capability is sufficient.
|
||||
|
||||
|
||||
===============
|
||||
SELINUX SUPPORT
|
||||
===============
|
||||
|
||||
The security class "key" has been added to SELinux so that mandatory access
|
||||
controls can be applied to keys created within various contexts. This support
|
||||
is preliminary, and is likely to change quite significantly in the near future.
|
||||
Currently, all of the basic permissions explained above are provided in SELinux
|
||||
as well; SE Linux is simply invoked after all basic permission checks have been
|
||||
performed.
|
||||
|
||||
Each key is labeled with the same context as the task to which it belongs.
|
||||
Typically, this is the same task that was running when the key was created.
|
||||
The default keyrings are handled differently, but in a way that is very
|
||||
intuitive:
|
||||
|
||||
(*) The user and user session keyrings that are created when the user logs in
|
||||
are currently labeled with the context of the login manager.
|
||||
|
||||
(*) The keyrings associated with new threads are each labeled with the context
|
||||
of their associated thread, and both session and process keyrings are
|
||||
handled similarly.
|
||||
|
||||
Note, however, that the default keyrings associated with the root user are
|
||||
labeled with the default kernel context, since they are created early in the
|
||||
boot process, before root has a chance to log in.
|
||||
|
||||
|
||||
================
|
||||
NEW PROCFS FILES
|
||||
================
|
||||
|
||||
Reference in New Issue
Block a user