inode object security label

jamesbjohnson

In the latest version of AppCL LSM the following security hooks are updated to manage the security labelling of the kernel ‘inode’ object (file system objects, such as files, directories and symlinks). SELinux was consulted for inode security labelling techniques :

inode_alloc_security

Screen Shot 2015-11-26 at 18.08.42

  • Security hook now passes the ‘inode_security_struct’ to the ‘i_security’ attribute within the inode object.
  • inode_security_struct is defined in ‘appcl_lsm.h’.
  • This is defined as the inode security label.
  • AppCL must decide attributes to label within the inode_security_struct, and then manage security decisions using the inode security label values.

inode_free_security

Screen Shot 2015-11-26 at 17.48.40

  • Security hook free’s the allocated inode_security_struct.

The output from the kernel log shows an example inode and some of the values associated with the inode_security_struct (inode security label).

Screen Shot 2015-11-26 at 18.33.46

AppCL LSM must properly decide security label attributes, define handlers to process these attributes and mediate access based on application specific identifiers.

To view the public git for this project visit:

https://github.com/jamesbjohnson/appcl-lsm-public

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s