diff options
| author | Michael LeMay <mdlemay@epoch.ncsc.mil> | 2006-06-22 17:47:17 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-22 18:05:55 -0400 |
| commit | d720024e94de4e8b7f10ee83c532926f3ad5d708 (patch) | |
| tree | 8f21613c29a26bfbeb334cb0104b8b998b09fbdc /Documentation/keys.txt | |
| parent | f893afbe1262e27e91234506f72e17716190dd2f (diff) | |
[PATCH] selinux: add hooks for key subsystem
Introduce SELinux hooks to support the access key retention subsystem
within the kernel. Incorporate new flask headers from a modified version
of the SELinux reference policy, with support for the new security class
representing retained keys. Extend the "key_alloc" security hook with a
task parameter representing the intended ownership context for the key
being allocated. Attach security information to root's default keyrings
within the SELinux initialization routine.
Has passed David's testsuite.
Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation/keys.txt')
| -rw-r--r-- | Documentation/keys.txt | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt index aaa01b0e3ee9..703020012708 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt | |||
| @@ -19,6 +19,7 @@ This document has the following sections: | |||
| 19 | - Key overview | 19 | - Key overview |
| 20 | - Key service overview | 20 | - Key service overview |
| 21 | - Key access permissions | 21 | - Key access permissions |
| 22 | - SELinux support | ||
| 22 | - New procfs files | 23 | - New procfs files |
| 23 | - Userspace system call interface | 24 | - Userspace system call interface |
| 24 | - Kernel services | 25 | - Kernel services |
| @@ -232,6 +233,34 @@ For changing the ownership, group ID or permissions mask, being the owner of | |||
| 232 | the key or having the sysadmin capability is sufficient. | 233 | the key or having the sysadmin capability is sufficient. |
| 233 | 234 | ||
| 234 | 235 | ||
| 236 | =============== | ||
| 237 | SELINUX SUPPORT | ||
| 238 | =============== | ||
| 239 | |||
| 240 | The security class "key" has been added to SELinux so that mandatory access | ||
| 241 | controls can be applied to keys created within various contexts. This support | ||
| 242 | is preliminary, and is likely to change quite significantly in the near future. | ||
| 243 | Currently, all of the basic permissions explained above are provided in SELinux | ||
| 244 | as well; SE Linux is simply invoked after all basic permission checks have been | ||
| 245 | performed. | ||
| 246 | |||
| 247 | Each key is labeled with the same context as the task to which it belongs. | ||
| 248 | Typically, this is the same task that was running when the key was created. | ||
| 249 | The default keyrings are handled differently, but in a way that is very | ||
| 250 | intuitive: | ||
| 251 | |||
| 252 | (*) The user and user session keyrings that are created when the user logs in | ||
| 253 | are currently labeled with the context of the login manager. | ||
| 254 | |||
| 255 | (*) The keyrings associated with new threads are each labeled with the context | ||
| 256 | of their associated thread, and both session and process keyrings are | ||
| 257 | handled similarly. | ||
| 258 | |||
| 259 | Note, however, that the default keyrings associated with the root user are | ||
| 260 | labeled with the default kernel context, since they are created early in the | ||
| 261 | boot process, before root has a chance to log in. | ||
| 262 | |||
| 263 | |||
| 235 | ================ | 264 | ================ |
| 236 | NEW PROCFS FILES | 265 | NEW PROCFS FILES |
| 237 | ================ | 266 | ================ |