Difference between revisions of "Kernel Development"
From SELinux Wiki
(→To Do List) |
|||
Line 1: | Line 1: | ||
== To Do List == | == To Do List == | ||
− | * | + | * Distinguish access(2) from open(2) auditing. |
* Audit hooks to ensure that we don't have any more cases where DAC can be weakened. | * Audit hooks to ensure that we don't have any more cases where DAC can be weakened. | ||
Line 12: | Line 12: | ||
* UBIFS support. | * UBIFS support. | ||
− | |||
− | |||
* Add LTP tests for recent kernel changes. | * Add LTP tests for recent kernel changes. | ||
* Eliminate the need for secondary_ops altogether by providing LSM support for reverting to the original (capability) security module. | * Eliminate the need for secondary_ops altogether by providing LSM support for reverting to the original (capability) security module. | ||
− | |||
− | |||
* Reduce size of critical sections and use of GFP_ATOMIC. | * Reduce size of critical sections and use of GFP_ATOMIC. | ||
Line 28: | Line 24: | ||
* crfs ? | * crfs ? | ||
− | |||
− | |||
− | |||
− | |||
* Automate checking for new syscalls in kernels (-mm, -rc etc). | * Automate checking for new syscalls in kernels (-mm, -rc etc). | ||
− | * fine grained | + | * fine-grained labeling for usbfs and other pseudo filesystems of interest |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
* NFSv4 support (in progress) | * NFSv4 support (in progress) | ||
Line 56: | Line 42: | ||
* CIFS support for single-context clients (also has xattrs & Karl says it's better than NFS). | * CIFS support for single-context clients (also has xattrs & Karl says it's better than NFS). | ||
− | |||
− | |||
* Crypto policy for domains & object handling | * Crypto policy for domains & object handling | ||
Line 69: | Line 53: | ||
* move *mem permissions to new memprotect class. Bump policy version. | * move *mem permissions to new memprotect class. Bump policy version. | ||
− | + | * better support for FS whose labelling behaviour is not specified in policy. If nothing from policy just test for xattr support and use it if it is there (RH in progress, patch reverted due to fuse deadlocks). | |
− | + | ||
− | * better support for FS whose labelling behaviour is not specified in policy. If nothing from policy just test for xattr support and use it if it is there (RH in progress, patch reverted due to | + | |
* memory leak detector pops on policy reload. probably due to {new,old}policydb being on stack and memcpy'd into the data section policydb (aka probably false positive) | * memory leak detector pops on policy reload. probably due to {new,old}policydb being on stack and memcpy'd into the data section policydb (aka probably false positive) | ||
− | * better | + | * better validation of classes/perms on policy reload. Warn if any permissions are defined in a kernel class in the policy that are not defined in the kernel's classmap. |
''Notes:'' | ''Notes:'' | ||
<p> | <p> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</p> | </p> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Resources == | == Resources == |
Revision as of 14:17, 5 October 2009
To Do List
- Distinguish access(2) from open(2) auditing.
- Audit hooks to ensure that we don't have any more cases where DAC can be weakened.
- Fix the performance issue apparently related to syscall audit which Linus keeps whining about.
- Add support for SCTP.8
- Fix signal inheritance controls (possibly drop some or all, or only enforce in policy for certain domains).
- UBIFS support.
- Add LTP tests for recent kernel changes.
- Eliminate the need for secondary_ops altogether by providing LSM support for reverting to the original (capability) security module.
- Reduce size of critical sections and use of GFP_ATOMIC.
- Investigate security policy for cgroups.
- Add a 'map' check on mmap and mprotect so that we can distinguish memory mapped access (since it has different implications for revocation).
- crfs ?
- Automate checking for new syscalls in kernels (-mm, -rc etc).
- fine-grained labeling for usbfs and other pseudo filesystems of interest
- NFSv4 support (in progress)
- Revoke memory-mapped file access upon policy change or setxattr.
- Real device labeling and access control (i.e. bind a label to a device in the kernel irrespective of what device node is used to access it so that a process that can create any device nodes at all can't effectively bypass all device access controls just by creating an arbitrary node to any device in a type accessible to it),
- Full APIs for getting and setting security contexts of sockets and IPC objects. Ensure that socket context is kept consistent on socket inode and sock structures when changed.
- Polyinstantiated ports
- Increased granularity for Generic Netlink
- CIFS support for single-context clients (also has xattrs & Karl says it's better than NFS).
- Crypto policy for domains & object handling
- Expand LTP as a full regression testuite for every permission & class
- Redo performance testing & profiling
- Better controls for posix message queues (?)
- move *mem permissions to new memprotect class. Bump policy version.
- better support for FS whose labelling behaviour is not specified in policy. If nothing from policy just test for xattr support and use it if it is there (RH in progress, patch reverted due to fuse deadlocks).
- memory leak detector pops on policy reload. probably due to {new,old}policydb being on stack and memcpy'd into the data section policydb (aka probably false positive)
- better validation of classes/perms on policy reload. Warn if any permissions are defined in a kernel class in the policy that are not defined in the kernel's classmap.
Notes:
Resources
- Adding New Permissions How to add a new permission to SELinux
- kerneloops.org oopses relating to SELinux.