Difference between revisions of "Kernel Development"
From SELinux Wiki
(add *mem permission line.) |
JamesMorris (Talk | contribs) (remove irc channel, add done section, remove dupe port sid thing) |
||
Line 2: | Line 2: | ||
* Review ''Netlink link creation API'' code for security hook coverage. | * Review ''Netlink link creation API'' code for security hook coverage. | ||
− | |||
− | |||
* cap_override class<sup>2</sup> | * cap_override class<sup>2</sup> | ||
Line 13: | Line 11: | ||
* Add hook for filesystems with binary mount data (per requests by fsdevel folk) | * Add hook for filesystems with binary mount data (per requests by fsdevel folk) | ||
− | |||
− | |||
* Compile out LSM hooks & allow SELinux to be linked directly. | * Compile out LSM hooks & allow SELinux to be linked directly. | ||
Line 58: | Line 54: | ||
* Increased granularity for Generic Netlink | * Increased granularity for Generic Netlink | ||
− | |||
− | |||
* Review sys_fallocate if/when it is merged | * Review sys_fallocate if/when it is merged | ||
− | * CIFS support for single-context clients | + | * CIFS support for single-context clients (also has xattrs & Karl says it's better than NFS). |
* lhype controls (investigate & compare with KVM controls) | * lhype controls (investigate & compare with KVM controls) | ||
Line 95: | Line 89: | ||
− | == | + | == Done == |
− | * | + | |
+ | * Fix context_struct_compute_av latency issue raised by Ingo Molnar ([http://marc.info/?l=linux-kernel&m=118095653422494&w=2 lkml post]) | ||
+ | |||
+ | * Better support for sys_splice and related syscalls |
Revision as of 02:19, 8 June 2007
To Do List
- Review Netlink link creation API code for security hook coverage.
- cap_override class2
- Investigate google containers.
- security_file_permission callsite consolidation1
- Add hook for filesystems with binary mount data (per requests by fsdevel folk)
- Compile out LSM hooks & allow SELinux to be linked directly.
- Automate checking for new syscalls in kernels (-mm, -rc etc).
- change Kconfig to use select instead of depends (eparis RH BZ# 228899)
- remove secondary module stacking code (eparis RH BZ#231890)
- security_port_sid needs optimization (eparis RH BZ#234531)
- explicitly set i_ino on all creations in selinuxfs (eparis RH BZ#235248)
- allow undefined classes and permissions in kernel (eparis RH BZ#235280)
- Reduce memory usage of selinux structs (eparis RH BZ#235284)
- fine grained enforcement of sysfs objects (RH BZ#228902)
- labeled net needs better passing of labels over loopback
- additional support of a security netfilter table for secmark/net forwarding
- Normalize the SELinux in-kernel API.
- Namespacing of SELinux global functions and variables.
- NFSv4 support
- KVM controls
- Finer-grained proc checking (so that we don't require full ptrace permission just to read process state),
- Improve/fix ioctl checking (see prior discussions on selinux and linux-security-module list),
- Revoke memory-mapped file access upon policy change or setxattr.
- Real device labeling and access control (i.e. bind a label to a device in the kernel irrespective of what device node is used to access it so that a process that can create any device nodes at all can't effectively bypass all device access controls just by creating an arbitrary node to any device in a type accessible to it),
- Full APIs for getting and setting security contexts of sockets and IPC objects.
- Polyinstantiated ports
- Increased granularity for Generic Netlink
- Review sys_fallocate if/when it is merged
- CIFS support for single-context clients (also has xattrs & Karl says it's better than NFS).
- lhype controls (investigate & compare with KVM controls)
- Investigate integration with integrity & measurement
- Crypto policy for domains & object handling
- Expand LTP as a full regression testuite for every permission & class
- Convert sk_callback_lock to RCU
- Redo performance testing & profiling
- Support for kernel namespaces
- Better controls for posix message queues (?)
- move *mem permissions to new memprotect class. Bump policy version.
Notes:
1 Provide a static inline helper for all FMODE_READ/FMODE_WRITE checks that also includes the corresponding security_file_permission() call to help ensure that they always happen together in the future. Possibly even rolling up rw_verify_area() checking as well into it.
2Allow SELinux to selectively grant capabilities authoritatively based on SELinux domain. Executables could be made privileged w/o needing to be setuid root, all via SELinux without needing yet another mechanism like file capabilities. Eliminate the need for filesystem capabilities support (which will be a nightmare to manage, as they are per-file bitmaps vs. per-type access
vectors).Known Bugs
- exporting nfs with the nohide options causes problems on ia64 clients (struct nfs_mount_data corruption)
Done
- Fix context_struct_compute_av latency issue raised by Ingo Molnar (lkml post)
- Better support for sys_splice and related syscalls