[trustees] Kernel 2.6.24 wrecks trustees :(

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Well all,

I've been putting in some good time/code into trustees the last few
weeks.  I've cleaned up the code quite a bit, especially the hashing
code which has always been unstable (although I think I HAD finally
stabilized it) and messy.  I also put together a testsuite which works
pretty well, and has enabled me to find and track down other bugs.  In
fact, on the experimental branch, I'd just put up a fix (not ready for
use yet) a few weeks ago for the last real remaining security issue
related to nested trustees (a security issue that has been around since
the first trustees).

I had been doing all my work against 2.6.23.  Tonight, I had just
upgraded my kernel to 2.6.24-rc4 only to find that commit:

commit 20510f2f4e2dabb0ff6c13901807627ec9452f98
Author: James Morris <jm...@na...>
Date:   Tue Oct 16 23:31:32 2007 -0700

    security: Convert LSM into a static interface

In short, the Linux Security Module(LSM) API is no longer available for
kernel modules.  This is *bad*.  I have a strong suspicion that there is
no chance trustees will ever make it into the mainline kernel due to its
complete disregard for standard unix permissions, the ACL system, and in
some ways it abuses the spirit of the LSM API (LSM was intended to take
rights away for the most part, not grant them).

So there's really only a handful of options here.

a.) target an older kernel
b.) maintain a full git fork of the kernel (this makes the maintenance
burden much higher, although would be the road to mainline kernel
acceptance, which IMO won't ever happen).  This also potentially makes
it much more difficult to get trustees going against distro-supplied
kernel source.
c.) ???

I'm pretty much out of ideas.  Thoughts on what any of you would prefer?

Cheers,
Andy

P.S. This could be much worse, the selinux guys are keen on them
becoming the *only* LSM project.  In fact, I believe there was a big
push from them a few months ago to actually *remove* LSM and put just
selinux in its place.  As a person on #kernelnewbies said just a few
minutes ago as I was asking for suggestions regarding this dilemma:

21:44 < zakalwe> right now an army of redhat and nsa employees are
mobilising to smack your idea into oblivion.  you better be wearing a
flame proof suit.

-- 
Andrew Ruder <an...@ae...>
http://www.aeruder.net