[PATCH 1/1] cr: lsm: restore LSM contexts for ipc objects

Serge E. Hallyn serue at us.ibm.com
Thu Jun 25 05:59:36 PDT 2009


Quoting Stephen Smalley (sds at epoch.ncsc.mil):
> On Wed, 2009-06-24 at 17:07 -0500, Serge E. Hallyn wrote:
> > Oh, no.  I wasn't thinking right.
> > 
> > The objects are actually restored through calls to do_shmget() etc,
> > so that security_xyz_alloc() already gets called.
> 
> Does this mean that the objects temporarily exist in the wrong security
> context and are accessible to other threads during the interval between
> creation and when they get "restored" to the right security context?

They get restored in a private IPC namespace so they aren't accessible
to any live tasks.  Also, the objects will be created using the default
context for the program doing sys_restore(), running as app_restore_t or
something, so presumably a policy could ensure that such temporary
objects aren't readable by anyone else, just in case something goes
wrong before the security_ipcxyz_restore(), right?

-serge


More information about the Containers mailing list