[redhat-lspp] New pam src rpm with namespace
Stephen Smalley
sds at tycho.nsa.gov
Fri Feb 17 15:58:56 UTC 2006
On Fri, 2006-02-17 at 08:56 -0600, Serge E. Hallyn wrote:
> Quoting Stephen Smalley (sds at tycho.nsa.gov):
> > On Fri, 2006-02-17 at 07:29 -0600, Serge E. Hallyn wrote:
> > > Sounds like a good idea to me. The other thing of course - which could
> > > be done in addition to this - would be to have unshare be checked by an
> > > LSM hook, security_task_unshare(), which in capability.c happens to
> > > check CAP_SYS_ADMIN, but in selinux checks for
> > >
> > > self:process unshare
> > >
> > > and doesn't propagate the check to capability.
> > >
> > > But if the same helper would unshare and mount, then I guess it may not
> > > be worthwhile.
> >
> > We have to be careful about dropping out capability checks in the
> > SELinux case because of people running targeted policy (with unconfined
> > users).
>
> Good point. But Russell's separate mount helper should suffice, right?
Yes, if he can cleanly separate out not only the unshare/mount
processing but also the user session creation (since that has to occur
as a child of the process that unshare'd). Not sure how straightforward
that will be to do and maintain as a patch.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list