From owner-freebsd-hackers@FreeBSD.ORG Thu Nov 15 21:17:57 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 764E016A417 for ; Thu, 15 Nov 2007 21:17:57 +0000 (UTC) (envelope-from loafier@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.freebsd.org (Postfix) with ESMTP id E36CB13C447 for ; Thu, 15 Nov 2007 21:17:56 +0000 (UTC) (envelope-from loafier@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so613419nfb for ; Thu, 15 Nov 2007 13:17:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=MEnYQJ1SyPmvzCLgFdcKB5dA3rP8K9SbaTaU0eBd2lQ=; b=s0c++4+1NoFQnltJHPjJtJwRWSIz1ok5Vc7isPzxmmH1TkgJ2y9732a38LF05fxvLNoKHqH0lLXmG6uc27qbflYjX61wIUy5zn6iQMNSmqNXhs44UzHVYAUKzL6UcvEsJuXf2IOXHS/IEyLWZu5bv5QiMOth4vas3sR35C2Fy6k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=MLtcX0UfkU4geLaBdA59TiMziaK9iqhdCPz6A1vmlZZu6oPX61txrkuM/HmOUPYCRdIWLRxZv9hrZpEg1tfeJEC5Ft93wISDOzLka/q4XjF+gJj4k13HuPfMiRA6H/NEcCP2dGt0w6ZKuj1IfSDsqSTe+Q+BIkBV3tOuFLxxxUg= Received: by 10.78.184.2 with SMTP id h2mr1199810huf.1195159889327; Thu, 15 Nov 2007 12:51:29 -0800 (PST) Received: by 10.78.170.9 with HTTP; Thu, 15 Nov 2007 12:51:29 -0800 (PST) Message-ID: Date: Thu, 15 Nov 2007 12:51:29 -0800 From: "Christopher Davis" Sender: loafier@gmail.com To: freebsd-hackers@freebsd.org In-Reply-To: <20071108172345.GE25224@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20071108172345.GE25224@garage.freebsd.pl> X-Google-Sender-Auth: c2d865bf29d455e8 Cc: dexterclarke@safe-mail.net, Pawel Jakub Dawidek , trustedbsd-discuss@freebsd.org Subject: Re: A TrustedBSD "voluntary sandbox" policy. X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2007 21:17:57 -0000 On Nov 8, 2007 9:23 AM, Pawel Jakub Dawidek wrote: > First problem is that it is hard to operate on file paths. MAC passes a > locked vnode to you and you cannot go from there to a file name easly. > You could do it by comparsion: call VOP_GETATTR(9) on the given vnode, > do the same for /etc/passwd and others and compare their inodes and > file system ids. Performance hit may be significant for complex > policies. > > You can register yourself for process_exit, process_fork and > process_exec in-kernel events and do your cleanups from your event > handler. Take a look at EVENTHANDLER(9). > > -- > Pawel Jakub Dawidek http://www.wheel.pl > pjd@FreeBSD.org http://www.FreeBSD.org > FreeBSD committer Am I Evil? Yes, I Am! > Couldn't you use stat() syscall on the paths from the userland utility that parses the rules, collect the mount point or mount id and the inode from the stat struct, then have the MAC policy module match that data with the file id and mount id available from the vnode? -- Christopher Davis