On 27/09/2022 21:53, Casey Schaufler wrote:
Move management of the sock->sk_security blob out
of the individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the
Please Cc me for the next versions.
On 27/09/2022 21:53, Casey Schaufler wrote:
Create a struct lsm_id to contain identifying information
about Linux Security Modules (LSMs). At inception this contains
a single member, which is the name of the module. Change the
security_add_hooks() interface t
On 27/09/2022 21:54, Casey Schaufler wrote:
Create two new prctl() options PR_LSM_ATTR_SET and PR_LSM_ATTR_GET
which change and report the Interface LSM respectively.
The LSM ID number of an active LSM that supplies hooks for
human readable data may be passed in the arg2 value with the
PR_LSM_
At least linux-...@vger.kernel.org should be in Cc for new syscalls.
You need a dedicated patch to wire this syscall with all architectures.
It will help a lot dealing with merge conflicts because of other new
syscalls. You can take a look at the Landlock syscall implementations:
https://git.k
On 27/09/2022 21:53, Casey Schaufler wrote:
Add an integer member "id" to the struct lsm_id. This value is
a unique identifier associated with each security module. The
values are defined in a new UAPI header file. Each existing LSM
has been updated to include it's LSMID in the lsm_id.
Signed-
On 27/09/2022 21:53, Casey Schaufler wrote:
When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.
The lsmblob structure is currently an array of
u32 "se
On 27/09/2022 22:31, Casey Schaufler wrote:
Create a system call to report the list of Linux Security Modules
that are active on the system. The list is provided as an array
of LSM ID numbers.
With lsm_self_attr(), this would look like a dir/file structure.
Would it be useful for user space
e audit_lsm_rules is defined to avoid the
confusion which commonly accompanies the use of
void ** parameters.
Signed-off-by: Casey Schaufler
Reviewed-by: Mickaël Salaün
Minor fixes:
---
include/linux/audit.h| 10 -
include/linux/lsm_hooks.h| 12 +-
include/linux
On 12/08/2021 16:32, Paul Moore wrote:
> On Thu, Aug 12, 2021 at 5:32 AM Mickaël Salaün wrote:
>> On 11/08/2021 22:48, Paul Moore wrote:
>>> Extending the secure anonymous inode support to other subsystems
>>> requires that we have a secure anon_inode_getfile() var
On 11/08/2021 22:48, Paul Moore wrote:
> Extending the secure anonymous inode support to other subsystems
> requires that we have a secure anon_inode_getfile() variant in
> addition to the existing secure anon_inode_getfd() variant.
>
> Thankfully we can reuse the existing __anon_inode_getfile()
On 26/05/2021 01:52, Casey Schaufler wrote:
> On 5/22/2021 1:39 AM, Mickaël Salaün wrote:
>> I like this design but there is an issue with Landlock though, see below.
>>
>> On 13/05/2021 22:07, Casey Schaufler wrote:
>>> When more than one security module is e
cked-by: John Johansen
> Signed-off-by: Casey Schaufler
> Cc:
> Cc: linux-audit@redhat.com
> Cc: linux-security-mod...@vger.kernel.org
> Cc: seli...@vger.kernel.org
> To: Mimi Zohar
> To: Mickaël Salaün
> ---
> include/linux/audit.h | 4 +-
>
On 12/10/2017 18:33, Casey Schaufler wrote:
> On 10/12/2017 7:14 AM, Richard Guy Briggs wrote:
>> Containers are a userspace concept. The kernel knows nothing of them.
>>
>> The Linux audit system needs a way to be able to track the container
>> provenance of events and actions. Audit needs the
13 matches
Mail list logo