[RFC 0/3] WhiteEgret LSM module
Casey Schaufler
casey at schaufler-ca.com
Fri Jun 2 19:00:22 UTC 2017
On 6/2/2017 10:39 AM, Steve Kemp wrote:
>> Create an security module that looks for the attribute
> For what it is worth I thought this seemed like an interesting project
> for a beginner, so I did just that. I wrote up the experience here:
>
> https://blog.steve.fi/so_i_accidentally_wrote_a_linux_security_module.html
>
> In short it was a very simple and clean approach, which I think is
> hard to get wrong. The only part I need to work on some more is the
> difference between `user` and `security` attributes.
A 'user' attribute can be set by the file owner. A 'security'
attribute requires privilege. SELinux and Smack use 'security'
attributes to prevent users from mucking with them. You need
to create module hooks for manipulating them, including
inode_init_security
inode_setxattr
inode_post_setxattr
inode_removexattr
inode_getsecurity
inode_listsecurity
inode_setsecurity
d_instantiate
>
> Steve
> --
> https://steve.fi/
>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list