On Wed, 2016-12-07 at 08:37 +0100, Christian Ehrhardt wrote:
On Tue, Dec 6, 2016 at 5:40 PM, Jamie Strandboge <jamie@canonical.com> wrote:
I forgot to reiterate: the above is true *unless* there is another non-DAC, non- MAC kernel mediation (eg, does the kernel only allow modifying the 'comm' value of its own threads? If so, then the rule would be safe to add to the default abstraction (though we should document that it is safe)).
Thanks for your help Jamie on thinking through the implications of this - I really highly appreciate! For the given interface the v2 should be safe see e.g. http://man7.org/linux/man-pages/man5/proc.5.html Quoting from there: "... A thread may modify *its* comm value, or that of any of other thread *in the same thread group* ..."
Thanks for investigating this. +1 on adding this it the libvirt-qemu abstraction: # Per man(5) proc, the kernel enforces that a thread may # only modify its comm value or those in its thread group. owner @{PROC}/@{pid}/task/@{tid}/comm rw, -- Jamie Strandboge | http://www.canonical.com