Kernel Development

From SELinux Wiki
Revision as of 14:33, 31 May 2007 by JamesMorris (Talk | contribs)

Jump to: navigation, search

To Do List

  • cap_override class2
  • Investigate google containers.
  • security_file_permission callsite consolidation1
  • Add hook for filesystems with binary mount data (per requests by fsdevel folk)
  • Fix performance issue with ephemeral port binding & high connection rate.
  • Compile out LSM hooks & allow SELinux to be linked directly.
  • Automate checking for new syscalls in kernels (-mm, -rc etc).
  • change Kconfig to use select instead of depends (eparis RH BZ# 228899)
  • remove secondary module stacking code (eparis RH BZ#231890)
  • security_port_sid needs optimization (eparis RH BZ#234531)
  • explicitly set i_ino on all creations in selinuxfs (eparis RH BZ#235248)
  • allow undefined classes and permissions in kernel (eparis RH BZ#235280)
  • Reduce memory usage of selinux structs (eparis RH BZ#235284)
  • fine grained enforcement of sysfs objects (RH BZ#228902)
  • labeled net needs better passing of labels over loopback
  • additional support of a security netfilter table for secmark/net forwarding
  • Normalize the SELinux in-kernel API.
  • Namespacing of SELinux global functions and variables.
  • NFSv4 support
  • KVM controls
  • Finer-grained proc checking (so that we don't require full ptrace permission just to read process state),
  • Improve/fix ioctl checking (see prior discussions on selinux and linux-security-module list),
  • Revoke memory-mapped file access upon policy change or setxattr.
  • Real device labeling and access control (i.e. bind a label to a device in the kernel irrespective of what device node is used to access it so that a process that can create any device nodes at all can't effectively bypass all device access controls just by creating an arbitrary node to any device in a type accessible to it),
  • Full APIs for getting and setting security contexts of sockets and IPC objects.
  • Polyinstantiated ports
  • Increased granularity for Generic Netlink
  • Better support for sys_splice and related syscalls
  • Review sys_fallocate if/when it is merged
  • CIFS support for single-context clients
  • lhype controls (investigate & compare with KVM controls)
  • Investigate integration with integrity & measurement
  • Crypto policy for domains & object handling
  • Expand LTP as a full regression testuite for every permission & class
  • Convert sk_callback_lock to RCU
  • Redo performance testing & profiling
  • Support for kernel namespaces
  • Better controls for posix message queues (?)


Notes:

1 Provide a static inline helper for all FMODE_READ/FMODE_WRITE checks that also includes the corresponding security_file_permission() call to help ensure that they always happen together in the future. Possibly even rolling up rw_verify_area() checking as well into it.

2Allow SELinux to selectively grant capabilities authoritatively based on SELinux domain. Executables could be made privileged w/o needing to be setuid root, all via SELinux without needing yet another mechanism like file capabilities. Eliminate the need for filesystem capabilities support (which will be a nightmare to manage, as they are per-file bitmaps vs. per-type access

vectors).

Known Bugs

  • exporting nfs with the nohide options causes problems on ia64 clients (struct nfs_mount_data corruption)


IRC Channel

  • irc.oftc.net #selinux-kernel