[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: UNS: [Dazuko-devel] 2.3.5-pre1 (patch) posted
From: |
jim burns |
Subject: |
Re: UNS: [Dazuko-devel] 2.3.5-pre1 (patch) posted |
Date: |
Sun, 23 Mar 2008 22:26:24 -0400 |
User-agent: |
KMail/1.9.9 |
On Thursday 20 March 2008 07:34:52 pm John Ogness wrote:
> One of the nice things about the patch is that it allows you to
> configure a boot parameter for Dazuko. It is hoped that this will
> encourage some distributions to include the kernel patch with Dazuko
> disabled by default. Then users could activate Dazuko by simply adding
> "dazuko=1" as a boot parameter. This is also how SElinux does it.
>
> LSM modules will be loaded in the following order:
>
> 1. SElinux
> 2. Dazuko
> 3. Capabilities
>
> As always, only 2 of the 3 modules can be used simultaneously.
And in more detail from your patch, security/dazuko/Kconfig section:
+config SECURITY_DAZUKO
+ bool "Dazuko Support"
[...]
+ This module will NOT work if both "NSA SELinux Support" and
+ "Default Linux Capabilities" are enabled.
This could cause problems having to disable selinux or capabilities.
There are a number of Fedora services that will not start without
capabilities, such as dbus and ntp/ntpdate, and not having dbus causes other
services not to initialize, such as mcstrans & avahi. (For some reason, SuSE
works fine w/o capabilities.) What I used to do was delay loading dazuko
until I could unload capabilities in /etc/rc.local, but now your patch
compiles dazuko statically into the kernel, not as a module.
I could easily do with out selinux personally, but I suspect I would not
always have that option when working for other people.
So I'm thinking out loud about solutions:
1) disable something at runtime. from security/selinux/Kconfig:
config SECURITY_SELINUX_DISABLE
bool "NSA SELinux runtime disable"
depends on SECURITY_SELINUX
default n
help
This option enables writing to a selinuxfs node 'disable', which
allows SELinux to be disabled at runtime prior to the policy load.
SELinux will then remain disabled until the next boot.
This option is similar to the selinux=0 boot parameter, but is to
support runtime disabling of SELinux, e.g. from /sbin/init, for
portability across platforms where boot parameters are difficult
to employ.
Not sure what a 'selinuxfs node' is, or what commands get that to work, but
not being able to re-enable till the next reboot is not what I'm looking for.
For this to work, both dazuko & (selinux or capabilities) would have to
support dynamic enable/disable.
2) Some kernel patch to allow all three functions to be active at the same
time. Is there such a beast?
3) Your patch did give me an idea about a simple patch to security/Kconfig.
Change:
config SECURITY_CAPABILITIES
bool "Default Linux Capabilities"
back to:
config SECURITY_CAPABILITIES
tristate "Default Linux Capabilities"
so you can once again select 'm' for module in kernel configuration. Of
course, that will only work till kernel.org prunes what they think is dead
code from the security code, and you won't be able to compile capabilities as
a module anymore. Of course, I'm sure John knows all about chasing a moving
target. I'm currently recompiling my fc8 kernel to see if this will work.
Any other ideas?