1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ANSI_X3.4-1968"><title>LSM Capabilities Module</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="Linux Security Modules: General Security Hooks for Linux"><link rel="up" href="index.html" title="Linux Security Modules: General Security Hooks for Linux"><link rel="prev" href="framework.html" title="LSM Framework"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">LSM Capabilities Module</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="framework.html">Prev</a>&#160;</td><th width="60%" align="center">&#160;</th><td width="20%" align="right">&#160;</td></tr></table><hr></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cap"></a>LSM Capabilities Module</h2></div></div></div><p>
2The LSM kernel patch moves most of the existing POSIX.1e capabilities
3logic into an optional security module stored in the file
4<code class="filename">security/capability.c</code>.  This change allows
5users who do not want to use capabilities to omit this code entirely
6from their kernel, instead using the dummy module for traditional
7superuser logic or any other module that they desire.  This change
8also allows the developers of the capabilities logic to maintain and
9enhance their code more freely, without needing to integrate patches
10back into the base kernel.
11</p><p>
12In addition to moving the capabilities logic, the LSM kernel patch
13could move the capability-related fields from the kernel data
14structures into the new security fields managed by the security
15modules.  However, at present, the LSM kernel patch leaves the
16capability fields in the kernel data structures.  In his original
17remarks, Linus suggested that this might be preferable so that other
18security modules can be easily stacked with the capabilities module
19without needing to chain multiple security structures on the security field.
20It also avoids imposing extra overhead on the capabilities module
21to manage the security fields.  However, the LSM framework could
22certainly support such a move if it is determined to be desirable,
23with only a few additional changes described below.
24</p><p>
25At present, the capabilities logic for computing process capabilities
26on <code class="function">execve</code> and <code class="function">set*uid</code>,
27checking capabilities for a particular process, saving and checking
28capabilities for netlink messages, and handling the
29<code class="function">capget</code> and <code class="function">capset</code> system
30calls have been moved into the capabilities module.  There are still a
31few locations in the base kernel where capability-related fields are
32directly examined or modified, but the current version of the LSM
33patch does allow a security module to completely replace the
34assignment and testing of capabilities.  These few locations would
35need to be changed if the capability-related fields were moved into
36the security field.  The following is a list of known locations that
37still perform such direct examination or modification of
38capability-related fields:
39</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><code class="filename">fs/open.c</code>:<code class="function">sys_access</code></p></li><li class="listitem"><p><code class="filename">fs/lockd/host.c</code>:<code class="function">nlm_bind_host</code></p></li><li class="listitem"><p><code class="filename">fs/nfsd/auth.c</code>:<code class="function">nfsd_setuser</code></p></li><li class="listitem"><p><code class="filename">fs/proc/array.c</code>:<code class="function">task_cap</code></p></li></ul></div><p>
40</p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="framework.html">Prev</a>&#160;</td><td width="20%" align="center">&#160;</td><td width="40%" align="right">&#160;</td></tr><tr><td width="40%" align="left" valign="top">LSM Framework&#160;</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">&#160;</td></tr></table></div></body></html>
41