On 12/17/2010 07:27 PM, Janne Karhunen wrote:
Hey,
It seems that we haven't gotten any sane comments on initial security
patches on gitorious security tree. Let's try again in form of quilt
patches.
I'm not familiar with the security stuff, but I want to try to test/study it.
Seems the attached patches are all with dos style line breaks.
Please use unix line breaks, then send them one by one
Creds kernel module adds security module for fetching big blob of
remote task credentials based on given namespace PID or connected
socket file descriptor (note: latter still missing from given patch,
will update shortly - newer version of the patch is under testing).
Access control wise we enable SMACK and extend it with label assignment
on exec, transmuting capability and SCM_PEERSEC remote label fetching.
Given patches are on their way to upstream kernel (CC: Casey).
Proposed config options to be added into trunk.
#
# Security options
#
CONFIG_KEYS=y
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_FILE_CAPABILITIES=y
CONFIG_CRYPTO=y
CONFIG_SECURITY_SMACK=y
CONFIG_IP_NF_SECURITY=y
CONFIG_IP6_NF_SECURITY=y
CONFIG_SECURITY_AEGIS=y
CONFIG_SECURITY_AEGIS_CREDS=y
+ CONFIG_NETLABEL
Please comment.
--
Thanks
Yang Ruirui
_______________________________________________
MeeGo-kernel mailing list
[email protected]
http://lists.meego.com/listinfo/meego-kernel
