Problems with firmware loader and selinux
Stephen Smalley
sds at tycho.nsa.gov
Fri Apr 1 14:14:44 UTC 2005
On Fri, 2005-04-01 at 09:11 -0500, Dmitry Torokhov wrote:
> So the question is - should there be a way for the kernel to temporary
> switch context to "kernel" before executing some operations? I could
> hack firmware loader to always start a new thread, but I wonder if we
> have more places that need to temporarily override callers context and
> therefore more general solution is needed.
At present, the security_task_reparent_to_init LSM hook is used (by the
kernel reparent_to_init function, which is also called by its daemonize
function) to change the security state of the task, including both the
SELinux state and the normal uid/capability state. But that assumes a
non-reversible transformation, not a temporary change, with a definite
break from any original user context.
There used to also be a kmod_set_label hook for the kernel module
loader, but that was obsoleted by keventd.
Whether or not an interface as you describe is needed is unclear; there
is no usage case at present, and temporary changes in credentials are
often a source of security flaws.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the fedora-selinux-list
mailing list