(Oops. I chose a wrong mail. Replying to intended mail.)
On 2022/10/25 1:37, Casey Schaufler wrote:
>> What I'm insisting is that "warrant the freedom to load
>> loadable LSM modules without recompiling the whole kernel".
>
> Since security modules are optional and the LSM infrastructure
> itsel
On 10/24/2022 8:13 AM, Tetsuo Handa wrote:
> On 2022/10/24 2:13, Casey Schaufler wrote:
>>> We won't be able to accept whatever LSM modules to upstream, and we won't
>>> be able to enable whatever LSM modules in distributor kernels.
>> A built in module loader security module would address this iss
On 2022/10/24 2:13, Casey Schaufler wrote:
>> We won't be able to accept whatever LSM modules to upstream, and we won't
>> be able to enable whatever LSM modules in distributor kernels.
>
> A built in module loader security module would address this issue.
> Getting such a module accepted upstream
On 10/23/2022 3:10 AM, Tetsuo Handa wrote:
> On 2022/10/23 16:27, Tetsuo Handa wrote:
>> On 2022/10/21 8:42, Casey Schaufler wrote:
>>> I will, on the other hand, listen to compelling arguments. It is not the
>>> intention of this code to lock out loadable modules. If I thought it would
>>> I would
On 10/23/2022 12:27 AM, Tetsuo Handa wrote:
> On 2022/10/21 8:42, Casey Schaufler wrote:
>> On 10/13/2022 3:04 AM, Tetsuo Handa wrote:
>>> On 2022/09/28 4:53, Casey Schaufler wrote:
@@ -483,6 +491,16 @@ void __init security_add_hooks(struct
security_hook_list *hooks, int count,
{
>
On 2022/10/23 16:27, Tetsuo Handa wrote:
> On 2022/10/21 8:42, Casey Schaufler wrote:
>> I will, on the other hand, listen to compelling arguments. It is not the
>> intention of this code to lock out loadable modules. If I thought it would
>> I would not have proposed it.
>
> This code is exactly
On 2022/10/21 8:42, Casey Schaufler wrote:
> On 10/13/2022 3:04 AM, Tetsuo Handa wrote:
>> On 2022/09/28 4:53, Casey Schaufler wrote:
>>> @@ -483,6 +491,16 @@ void __init security_add_hooks(struct
>>> security_hook_list *hooks, int count,
>>> {
>>> int i;
>>>
>>> + /*
>>> +* A securit
On 10/13/2022 3:04 AM, Tetsuo Handa wrote:
> On 2022/09/28 4:53, Casey Schaufler wrote:
>> @@ -483,6 +491,16 @@ void __init security_add_hooks(struct
>> security_hook_list *hooks, int count,
>> {
>> int i;
>>
>> +/*
>> + * A security module may call security_add_hooks() more
>> +
On 2022/09/28 4:53, Casey Schaufler wrote:
> @@ -483,6 +491,16 @@ void __init security_add_hooks(struct security_hook_list
> *hooks, int count,
> {
> int i;
>
> + /*
> + * A security module may call security_add_hooks() more
> + * than once. Landlock is one such case.
> +
As LSMs are registered add their lsm_id pointers to a table.
This will be used later for attribute reporting.
Signed-off-by: Casey Schaufler
---
include/linux/security.h | 17 +
security/security.c | 18 ++
2 files changed, 35 insertions(+)
diff --git a/incl
10 matches
Mail list logo
