[PATCH 04/14] Implement CAP_TRUST capability.
Serge Hallyn (shallyn)
shallyn at cisco.com
Mon Feb 6 17:28:06 UTC 2023
On Fri, Feb 03, 2023 at 11:09:44PM -0600, Dr. Greg wrote:
> TSEM was designed to support a Trust Orchestration System (TOS)
> security architecture. A TOS based system uses the concept of a
> minimum Trusted Computing Base of utilities, referred to as trust
> orchestrators, that maintain workloads in a trusted execution
> state. The trust orchestrators are thus, from a security
> perspective, the most privileged assets on the platform.
>
> Introduce the CAP_TRUST capability that is defined as a
> capability that allows a process to alter the trust status of the
This sounds like CAP_MAC_ADMIN. Any reason not to re-use that?
> platform. In a fully trust orchestrated system only the
> orchestrators carry this capability bit.
>
> In TSEM the CAP_TRUST capability allows the holder to access the
> control plane of the LSM. This ability allows subordinate
> modeling domains to be created and managed. Most principally the
> CAP_TRUST capability allows the holder to designate whether or
> not a process should be trusted or untrusted.
>
> The proposed Integrity Measurement Architecture namespaces would
> also be a candidate to use the CAP_TRUST capability.
>
> Signed-off-by: Greg Wettstein <greg at enjellic.com>
> ---
> include/uapi/linux/capability.h | 6 +++++-
> security/selinux/include/classmap.h | 2 +-
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
> index 3d61a0ae055d..af677b534949 100644
> --- a/include/uapi/linux/capability.h
> +++ b/include/uapi/linux/capability.h
> @@ -417,7 +417,11 @@ struct vfs_ns_cap_data {
>
> #define CAP_CHECKPOINT_RESTORE 40
>
> -#define CAP_LAST_CAP CAP_CHECKPOINT_RESTORE
> +/* Allow modifications to the trust status of the system */
> +
> +#define CAP_TRUST 41
> +
> +#define CAP_LAST_CAP CAP_TRUST
>
> #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
>
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index a3c380775d41..e8c497c16271 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -30,7 +30,7 @@
> "wake_alarm", "block_suspend", "audit_read", "perfmon", "bpf", \
> "checkpoint_restore"
>
> -#if CAP_LAST_CAP > CAP_CHECKPOINT_RESTORE
> +#if CAP_LAST_CAP > CAP_TRUST
> #error New capability defined, please update COMMON_CAP2_PERMS.
> #endif
>
> --
> 2.39.1
>
More information about the Linux-security-module-archive
mailing list