On Wed, 2007-12-12 at 11:44 -0800, Casey Schaufler wrote: > --- David Howells <[EMAIL PROTECTED]> wrote: > > > Casey Schaufler <[EMAIL PROTECTED]> wrote: > > > > > What sort of authorization are you thinking of? I would expect > > > that to have been done by cachefileselinuxcontext (or > > > cachefilesspiffylsmcontext) up in userspace. If you're going to > > > rely on userspace applications for policy enforcement they need > > > to be good enough to count on after all. > > > > It can't be done in userspace, otherwise someone using the cachefilesd > > interface can pass an arbitrary context up. > > Yes, but I would expect that interface to be protected (owned by root, > mode 0400). If /dev/cachefiles has to be publicly accessable make it > a privileged ioctl.
Uid 0 != CAP_MAC_OVERRIDE if you configure file caps and such. > > The security context has to be > > passed across the file descriptor attached to /dev/cachefiles along with the > > other configuration parameters as a text string. > > I got that. > > > This fd selects the > > particular cache context that a particular instance of a running daemon is > > using. > > Yes, but forgive me being slow, I don't see the problem. > > > Casey Schaufler > [EMAIL PROTECTED] -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
