diff -urN oldtree/Documentation/realtime-lsm.txt newtree/Documentation/realtime-lsm.txt --- oldtree/Documentation/realtime-lsm.txt 1970-01-01 00:00:00.000000000 +0000 +++ newtree/Documentation/realtime-lsm.txt 2006-02-04 10:23:48.114877768 +0000 @@ -0,0 +1,39 @@ + + Realtime Linux Security Module + + +This Linux Security Module (LSM) enables realtime capabilities. It +was written by Torben Hohn and Jack O'Quin, under the provisions of +the GPL (see the COPYING file). We make no warranty concerning the +safety, security or even stability of your system when using it. But, +we will fix problems if you report them. + +Once the LSM has been installed and the kernel for which it was built +is running, the root user can load it and pass parameters as follows: + + # modprobe realtime any=1 + + Any program can request realtime privileges. This allows any local + user to crash the system by hogging the CPU in a tight loop or + locking down too much memory. But, it is simple to administer. :-) + + # modprobe realtime gid=29 + + All users belonging to group 29 and programs that are setgid to that + group have realtime privileges. Use any group number you like. A + `gid' of -1 disables group access. + + # modprobe realtime mlock=0 + + Grants realtime scheduling privileges without the ability to lock + memory using mlock() or mlockall() system calls. This option can be + used in conjunction with any of the other options. + +After the module is loaded, its parameters can be changed dynamically +via sysfs. + + # echo 1 > /sys/module/realtime/parameters/any + # echo 29 > /sys/module/realtime/parameters/gid + # echo 1 > /sys/module/realtime/parameters/mlock + +Jack O'Quin, joq@joq.us diff -urN oldtree/security/Kconfig newtree/security/Kconfig --- oldtree/security/Kconfig 2006-01-03 03:21:10.000000000 +0000 +++ newtree/security/Kconfig 2006-02-04 10:23:48.114877768 +0000 @@ -86,6 +86,17 @@ If you are unsure how to answer this question, answer N. +config SECURITY_REALTIME + tristate "Realtime Capabilities" + depends on SECURITY && SECURITY_CAPABILITIES!=y + default n + help + This module selectively grants realtime privileges + controlled by parameters set at load time or via files in + /sys/module/realtime/parameters. + + If you are unsure how to answer this question, answer N. + source security/selinux/Kconfig endmenu diff -urN oldtree/security/Kconfig.orig newtree/security/Kconfig.orig --- oldtree/security/Kconfig.orig 1970-01-01 00:00:00.000000000 +0000 +++ newtree/security/Kconfig.orig 2006-01-03 03:21:10.000000000 +0000 @@ -0,0 +1,92 @@ +# +# Security configuration +# + +menu "Security options" + +config KEYS + bool "Enable access key retention support" + help + This option provides support for retaining authentication tokens and + access keys in the kernel. + + It also includes provision of methods by which such keys might be + associated with a process so that network filesystems, encryption + support and the like can find them. + + Furthermore, a special type of key is available that acts as keyring: + a searchable sequence of keys. Each process is equipped with access + to five standard keyrings: UID-specific, GID-specific, session, + process and thread. + + If you are unsure as to whether this is required, answer N. + +config KEYS_DEBUG_PROC_KEYS + bool "Enable the /proc/keys file by which all keys may be viewed" + depends on KEYS + help + This option turns on support for the /proc/keys file through which + all the keys on the system can be listed. + + This option is a slight security risk in that it makes it possible + for anyone to see all the keys on the system. Normally the manager + pretends keys that are inaccessible to a process don't exist as far + as that process is concerned. + +config SECURITY + bool "Enable different security models" + depends on SYSFS + help + This allows you to choose different security modules to be + configured into your kernel. + + If this option is not selected, the default Linux security + model will be used. + + If you are unsure how to answer this question, answer N. + +config SECURITY_NETWORK + bool "Socket and Networking Security Hooks" + depends on SECURITY + help + This enables the socket and networking security hooks. + If enabled, a security module can use these hooks to + implement socket and networking access controls. + If you are unsure how to answer this question, answer N. + +config SECURITY_CAPABILITIES + tristate "Default Linux Capabilities" + depends on SECURITY + help + This enables the "default" Linux capabilities functionality. + If you are unsure how to answer this question, answer Y. + +config SECURITY_ROOTPLUG + tristate "Root Plug Support" + depends on USB && SECURITY + help + This is a sample LSM module that should only be used as such. + It prevents any programs running with egid == 0 if a specific + USB device is not present in the system. + + See for + more information about this module. + + If you are unsure how to answer this question, answer N. + +config SECURITY_SECLVL + tristate "BSD Secure Levels" + depends on SECURITY + select CRYPTO + select CRYPTO_SHA1 + help + Implements BSD Secure Levels as an LSM. See + for instructions on how to use this + module. + + If you are unsure how to answer this question, answer N. + +source security/selinux/Kconfig + +endmenu + diff -urN oldtree/security/Makefile newtree/security/Makefile --- oldtree/security/Makefile 2006-01-03 03:21:10.000000000 +0000 +++ newtree/security/Makefile 2006-02-04 10:23:48.114877768 +0000 @@ -17,3 +17,4 @@ obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o obj-$(CONFIG_SECURITY_SECLVL) += seclvl.o +obj-$(CONFIG_SECURITY_REALTIME) += commoncap.o realtime.o diff -urN oldtree/security/realtime.c newtree/security/realtime.c --- oldtree/security/realtime.c 1970-01-01 00:00:00.000000000 +0000 +++ newtree/security/realtime.c 2006-02-04 10:23:48.115877616 +0000 @@ -0,0 +1,147 @@ +/* + * Realtime Capabilities Linux Security Module + * + * Copyright (C) 2003 Torben Hohn + * Copyright (C) 2003, 2004 Jack O'Quin + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + */ + +#include +#include + +#define RT_LSM "Realtime LSM " /* syslog module name prefix */ +#define RT_ERR "Realtime: " /* syslog error message prefix */ + +#include +MODULE_INFO(vermagic,VERMAGIC_STRING); + +/* module parameters + * + * These values could change at any time due to some process writing + * a new value in /sys/module/realtime/parameters. This is OK, + * because each is referenced only once in each function call. + * Nothing depends on parameters having the same value every time. + */ + +/* if TRUE, any process is realtime */ +static int rt_any; +module_param_named(any, rt_any, int, 0644); +MODULE_PARM_DESC(any, " grant realtime privileges to any process."); + +/* realtime group id, or NO_GROUP */ +static int rt_gid = -1; +module_param_named(gid, rt_gid, int, 0644); +MODULE_PARM_DESC(gid, " the group ID with access to realtime privileges."); + +/* enable mlock() privileges */ +static int rt_mlock = 1; +module_param_named(mlock, rt_mlock, int, 0644); +MODULE_PARM_DESC(mlock, " enable memory locking privileges."); + +/* helper function for testing group membership */ +static inline int gid_ok(int gid) +{ + if (gid == -1) + return 0; + + if (gid == current->gid) + return 1; + + return in_egroup_p(gid); +} + +static void realtime_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) +{ + cap_bprm_apply_creds(bprm, unsafe); + + /* If a non-zero `any' parameter was specified, we grant + * realtime privileges to every process. If the `gid' + * parameter was specified and it matches the group id of the + * executable, of the current process or any supplementary + * groups, we grant realtime capabilites. + */ + + if (rt_any || gid_ok(rt_gid)) { + cap_raise(current->cap_effective, CAP_SYS_NICE); + if (rt_mlock) { + cap_raise(current->cap_effective, CAP_IPC_LOCK); + cap_raise(current->cap_effective, CAP_SYS_RESOURCE); + } + } +} + +static struct security_operations capability_ops = { + .ptrace = cap_ptrace, + .capget = cap_capget, + .capset_check = cap_capset_check, + .capset_set = cap_capset_set, + .capable = cap_capable, + .netlink_send = cap_netlink_send, + .netlink_recv = cap_netlink_recv, + .bprm_apply_creds = realtime_bprm_apply_creds, + .bprm_set_security = cap_bprm_set_security, + .bprm_secureexec = cap_bprm_secureexec, + .task_post_setuid = cap_task_post_setuid, + .task_reparent_to_init = cap_task_reparent_to_init, + .syslog = cap_syslog, + .vm_enough_memory = cap_vm_enough_memory, +}; + +#define MY_NAME __stringify(KBUILD_MODNAME) + +static int secondary; /* flag to keep track of how we were registered */ + +static int __init realtime_init(void) +{ + /* register ourselves with the security framework */ + if (register_security(&capability_ops)) { + + /* try registering with primary module */ + if (mod_reg_security(MY_NAME, &capability_ops)) { + printk(KERN_INFO RT_ERR "Failure registering " + "capabilities with primary security module.\n"); + printk(KERN_INFO RT_ERR "Is kernel configured " + "with CONFIG_SECURITY_CAPABILITIES=m?\n"); + return -EINVAL; + } + secondary = 1; + } + + if (rt_any) + printk(KERN_INFO RT_LSM + "initialized (all groups, mlock=%d)\n", rt_mlock); + else if (rt_gid == -1) + printk(KERN_INFO RT_LSM + "initialized (no groups, mlock=%d)\n", rt_mlock); + else + printk(KERN_INFO RT_LSM + "initialized (group %d, mlock=%d)\n", rt_gid, rt_mlock); + + return 0; +} + +static void __exit realtime_exit(void) +{ + /* remove ourselves from the security framework */ + if (secondary) { + if (mod_unreg_security(MY_NAME, &capability_ops)) + printk(KERN_INFO RT_ERR "Failure unregistering " + "capabilities with primary module.\n"); + + } else if (unregister_security(&capability_ops)) { + printk(KERN_INFO RT_ERR + "Failure unregistering capabilities with the kernel\n"); + } + printk(KERN_INFO "Realtime Capability LSM exiting\n"); +} + +late_initcall(realtime_init); +module_exit(realtime_exit); + +MODULE_DESCRIPTION("Realtime Capabilities Security Module"); +MODULE_LICENSE("GPL");