[PATCH 04/14] Implement CAP_TRUST capability.
Dr. Greg
greg at enjellic.com
Sat Feb 4 05:09:44 UTC 2023
TSEM was designed to support a Trust Orchestration System (TOS)
security architecture. A TOS based system uses the concept of a
minimum Trusted Computing Base of utilities, referred to as trust
orchestrators, that maintain workloads in a trusted execution
state. The trust orchestrators are thus, from a security
perspective, the most privileged assets on the platform.
Introduce the CAP_TRUST capability that is defined as a
capability that allows a process to alter the trust status of the
platform. In a fully trust orchestrated system only the
orchestrators carry this capability bit.
In TSEM the CAP_TRUST capability allows the holder to access the
control plane of the LSM. This ability allows subordinate
modeling domains to be created and managed. Most principally the
CAP_TRUST capability allows the holder to designate whether or
not a process should be trusted or untrusted.
The proposed Integrity Measurement Architecture namespaces would
also be a candidate to use the CAP_TRUST capability.
Signed-off-by: Greg Wettstein <greg at enjellic.com>
---
include/uapi/linux/capability.h | 6 +++++-
security/selinux/include/classmap.h | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index 3d61a0ae055d..af677b534949 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -417,7 +417,11 @@ struct vfs_ns_cap_data {
#define CAP_CHECKPOINT_RESTORE 40
-#define CAP_LAST_CAP CAP_CHECKPOINT_RESTORE
+/* Allow modifications to the trust status of the system */
+
+#define CAP_TRUST 41
+
+#define CAP_LAST_CAP CAP_TRUST
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index a3c380775d41..e8c497c16271 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -30,7 +30,7 @@
"wake_alarm", "block_suspend", "audit_read", "perfmon", "bpf", \
"checkpoint_restore"
-#if CAP_LAST_CAP > CAP_CHECKPOINT_RESTORE
+#if CAP_LAST_CAP > CAP_TRUST
#error New capability defined, please update COMMON_CAP2_PERMS.
#endif
--
2.39.1
More information about the Linux-security-module-archive
mailing list