diff options
author | Michael LeMay <mdlemay@epoch.ncsc.mil> | 2006-06-22 17:47:17 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-22 18:05:55 -0400 |
commit | d720024e94de4e8b7f10ee83c532926f3ad5d708 (patch) | |
tree | 8f21613c29a26bfbeb334cb0104b8b998b09fbdc /Documentation | |
parent | f893afbe1262e27e91234506f72e17716190dd2f (diff) |
[PATCH] selinux: add hooks for key subsystem
Introduce SELinux hooks to support the access key retention subsystem
within the kernel. Incorporate new flask headers from a modified version
of the SELinux reference policy, with support for the new security class
representing retained keys. Extend the "key_alloc" security hook with a
task parameter representing the intended ownership context for the key
being allocated. Attach security information to root's default keyrings
within the SELinux initialization routine.
Has passed David's testsuite.
Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/keys.txt | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt index aaa01b0e3ee9..703020012708 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt | |||
@@ -19,6 +19,7 @@ This document has the following sections: | |||
19 | - Key overview | 19 | - Key overview |
20 | - Key service overview | 20 | - Key service overview |
21 | - Key access permissions | 21 | - Key access permissions |
22 | - SELinux support | ||
22 | - New procfs files | 23 | - New procfs files |
23 | - Userspace system call interface | 24 | - Userspace system call interface |
24 | - Kernel services | 25 | - Kernel services |
@@ -232,6 +233,34 @@ For changing the ownership, group ID or permissions mask, being the owner of | |||
232 | the key or having the sysadmin capability is sufficient. | 233 | the key or having the sysadmin capability is sufficient. |
233 | 234 | ||
234 | 235 | ||
236 | =============== | ||
237 | SELINUX SUPPORT | ||
238 | =============== | ||
239 | |||
240 | The security class "key" has been added to SELinux so that mandatory access | ||
241 | controls can be applied to keys created within various contexts. This support | ||
242 | is preliminary, and is likely to change quite significantly in the near future. | ||
243 | Currently, all of the basic permissions explained above are provided in SELinux | ||
244 | as well; SE Linux is simply invoked after all basic permission checks have been | ||
245 | performed. | ||
246 | |||
247 | Each key is labeled with the same context as the task to which it belongs. | ||
248 | Typically, this is the same task that was running when the key was created. | ||
249 | The default keyrings are handled differently, but in a way that is very | ||
250 | intuitive: | ||
251 | |||
252 | (*) The user and user session keyrings that are created when the user logs in | ||
253 | are currently labeled with the context of the login manager. | ||
254 | |||
255 | (*) The keyrings associated with new threads are each labeled with the context | ||
256 | of their associated thread, and both session and process keyrings are | ||
257 | handled similarly. | ||
258 | |||
259 | Note, however, that the default keyrings associated with the root user are | ||
260 | labeled with the default kernel context, since they are created early in the | ||
261 | boot process, before root has a chance to log in. | ||
262 | |||
263 | |||
235 | ================ | 264 | ================ |
236 | NEW PROCFS FILES | 265 | NEW PROCFS FILES |
237 | ================ | 266 | ================ |