[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problems with firmware loader and selinux



On Fri, 2005-04-01 at 09:11 -0500, Dmitry Torokhov wrote:
> So the question is - should there be a way for the kernel to temporary
> switch context to "kernel" before executing some operations? I could
> hack firmware loader to always start a new thread, but I wonder if we
> have more places that need to temporarily override callers context and
> therefore more general solution is needed.

At present, the security_task_reparent_to_init LSM hook is used (by the
kernel reparent_to_init function, which is also called by its daemonize
function) to change the security state of the task, including both the
SELinux state and the normal uid/capability state.  But that assumes a
non-reversible transformation, not a temporary change, with a definite
break from any original user context.

There used to also be a kmod_set_label hook for the kernel module
loader, but that was obsoleted by keventd.

Whether or not an interface as you describe is needed is unclear; there
is no usage case at present, and temporary changes in credentials are
often a source of security flaws.  

-- 
Stephen Smalley <sds tycho nsa gov>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]