1. 28 Aug, 2008 3 commits
    • KaiGai Kohei's avatar
      SELinux: add boundary support and thread context assignment · d9250dea
      KaiGai Kohei authored
      The purpose of this patch is to assign per-thread security context
      under a constraint. It enables multi-threaded server application
      to kick a request handler with its fair security context, and
      helps some of userspace object managers to handle user's request.
      
      When we assign a per-thread security context, it must not have wider
      permissions than the original one. Because a multi-threaded process
      shares a single local memory, an arbitary per-thread security context
      also means another thread can easily refer violated information.
      
      The constraint on a per-thread security context requires a new domain
      has to be equal or weaker than its original one, when it tries to assign
      a per-thread security context.
      
      Bounds relationship between two types is a way to ensure a domain can
      never have wider permission than its bounds. We can define it in two
      explicit or implicit ways.
      
      The first way is using new TYPEBOUNDS statement. It enables to define
      a boundary of types explicitly. The other one expand the concept of
      existing named based hierarchy. If we defines a type with "." separated
      name like "httpd_t.php", toolchain implicitly set its bounds on "httpd_t".
      
      This feature requires a new policy version.
      The 24th version (POLICYDB_VERSION_BOUNDARY) enables to ship them into
      kernel space, and the following patch enables to handle it.
      Signed-off-by: default avatarKaiGai Kohei <kaigai@ak.jp.nec.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      d9250dea
    • Eric Paris's avatar
      securityfs: do not depend on CONFIG_SECURITY · da31894e
      Eric Paris authored
      Add a new Kconfig option SECURITYFS which will build securityfs support
      but does not require CONFIG_SECURITY.  The only current user of
      securityfs does not depend on CONFIG_SECURITY and there is no reason the
      full LSM needs to be built to build this fs.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      da31894e
    • James Morris's avatar
      Merge branch 'master' into next · 86d68898
      James Morris authored
      86d68898
  2. 27 Aug, 2008 25 commits
  3. 26 Aug, 2008 12 commits