FS#29366 - [linux] Enable CONFIG_SECURITY_SMACK (The SMACK LSM)

Attached to Project: Arch Linux
Opened by Wolfgang Bumiller (Wrybane) - Tuesday, 10 April 2012, 07:39 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 15 October 2012, 07:01 GMT
Task Type Feature Request
Category Kernel
Status Closed
Assigned To Tobias Powalowski (tpowa)
Thomas Bächler (brain0)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

SMACK (Simplified Mandatory Access Control Kernel)
is another security model, like TOMOYO and AppArmor which are already enabled.
As such it also doesn't have any effect unless activated using the bootparameter security=smack
and so I think there's no harm in including it in the stock kernel.

I realize that there are probably not too many people out there using it,
but it's a rather small and simple LSM, and since TOMOYO and AppArmor are
available by default I thought it wouldn't be a big deal :)
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Monday, 15 October 2012, 07:01 GMT
Reason for closing:  Won't implement
Comment by Tobias Powalowski (tpowa) - Tuesday, 10 April 2012, 07:45 GMT
We had this request already and denied it due to possible breakage.
Comment by Tobias Powalowski (tpowa) - Tuesday, 10 April 2012, 07:46 GMT
https://bugs.archlinux.org/task/13486
Comment by Wolfgang Bumiller (Wrybane) - Tuesday, 10 April 2012, 11:13 GMT
Ah, I didn't see that the search by default doesn't show closed tasks, sorry.

In any case, it's been over 2 years since then.
I do not seem to have any of the issues mentioned. Also tried chrooting into a different system.
And I don't see how, since it's not even supposed to be used unless explicitly enabled, since it's an LSM.
After all, AppArmor and TOMOYO also don't seem to have any effect unless explicitly enabled at boot.
Comment by Jan de Groot (JGC) - Friday, 13 April 2012, 19:34 GMT
The problem with SMACK is that even if you don't configure it (CONFIG_SECURITY_SMACK=y, no config done in userspace), it alters the way a system works.
First, it alters network traffic by adding IP options, which breaks programs like SSH. It seems this issue has been fixed by not setting labels by default anymore, so it should not be a problem anymore.
The second problem is that it puts extended attributes on the filesystem, even when it's not configured to do so. I guess this triggered issues with coreutils in  FS#13486 . Personally, I'm not fond of having random xattrs set for a security system that I don't use at all.
Comment by Wolfgang Bumiller (Wrybane) - Saturday, 14 April 2012, 08:57 GMT
Does it do that even when it's not in *use*? (meaning, no security= option set, so that DAC is used instead, since that's configured as default)
I thought LSM code isn't executed at all if the module is not activated...

A quick grep for CONFIG_SECURITY_SMACK in the kernel source didn't reveal much outside /security
It enables in #ifdef in include/linux/lsm_audit.h in which only a data-structure gets defined
and the use in security/integrity/evm/evm_main.c adds the xattr name to a list which is only read.
The rest is just the smack implementation in /security/smack, and Makefiles adding that subdir and its objects.

Guess I'll have to test when I have the time.

Loading...