On Thu, 1 Jun 2017 16:59:24 -0700
Casey Schaufler wrote:
> On 6/1/2017 4:38 PM, James Morris wrote:
> > On Thu, 1 Jun 2017, Casey Schaufler wrote:
> >
> >> Subject: [PATCH] procfs: add smack subdir to attrs
> > Is there value in this without major stacking support?
On Thu, 1 Jun 2017 16:59:24 -0700
Casey Schaufler wrote:
> On 6/1/2017 4:38 PM, James Morris wrote:
> > On Thu, 1 Jun 2017, Casey Schaufler wrote:
> >
> >> Subject: [PATCH] procfs: add smack subdir to attrs
> > Is there value in this without major stacking support?
>
> Yes. If a Smack
On Tue, 30 May 2017 23:29:10 +0900
Tetsuo Handa wrote:
> James Morris wrote:
> > On Sun, 28 May 2017, Tetsuo Handa wrote:
> >
> > > can afford enabling". And we know that we cannot merge all
> > > security modules into mainline. Thus, allowing LKM-based LSM
On Tue, 30 May 2017 23:29:10 +0900
Tetsuo Handa wrote:
> James Morris wrote:
> > On Sun, 28 May 2017, Tetsuo Handa wrote:
> >
> > > can afford enabling". And we know that we cannot merge all
> > > security modules into mainline. Thus, allowing LKM-based LSM
> > > modules is inevitable.
> >
kind of clock+pid(ns) would be able to replace
at lower resource cost what I proposed. That leads to use of 128 bits
puids but without changing anything in {pid,pid_namespace}.[ch]. Great!
But I still have to check.
I wanted to get advices first so I didn't sent the fs part of pui
because it is not still existing. This fs part will allow access to
task by their pui.
I'll probably send an update in a month or more.
Best regards
José Bollo
kind of clock+pid(ns) would be able to replace
at lower resource cost what I proposed. That leads to use of 128 bits
puids but without changing anything in {pid,pid_namespace}.[ch]. Great!
But I still have to check.
I wanted to get advices first so I didn't sent the fs part of pui
because it is not still existing. This fs part will allow access to
task by their pui.
I'll probably send an update in a month or more.
Best regards
José Bollo
Le lundi 28 novembre 2016 à 22:41 +0900, Tetsuo Handa a écrit :
> Jose Bollo wrote:
> > The fact is that ptags is seat behind the implementation of the
> > special
> > files in /proc/PID/attr/.. Thus, it has to return an allocated
> > buffer.
> > I'm not aware of what kind of allocation is
Le lundi 28 novembre 2016 à 22:41 +0900, Tetsuo Handa a écrit :
> Jose Bollo wrote:
> > The fact is that ptags is seat behind the implementation of the
> > special
> > files in /proc/PID/attr/.. Thus, it has to return an allocated
> > buffer.
> > I'm not aware of what kind of allocation is
Le samedi 26 novembre 2016 à 13:25 +0900, Tetsuo Handa a écrit :
> Jose Bollo wrote:
> > +/**
> > + * is_valid_utf8 - Is buffer a valid utf8 string?
snip
> Do we really need to check UTF-8 inside kernel? What do you do if
> people start using UTF-32 in the future? There was a discussion
> about
Le samedi 26 novembre 2016 à 13:25 +0900, Tetsuo Handa a écrit :
> Jose Bollo wrote:
> > +/**
> > + * is_valid_utf8 - Is buffer a valid utf8 string?
snip
> Do we really need to check UTF-8 inside kernel? What do you do if
> people start using UTF-32 in the future? There was a discussion
> about
I prefer the use of sizeof that can't be faked even by error but why not
Le dimanche 03 janvier 2016 à 20:56 +0100, Toralf Förster a écrit :
> use the definition in include/uapi/linux/xattr.h
>
> Signed-off-by: Toralf Förster
> ---
> fs/ext4/xattr_security.c | 2 +-
> 1 file changed, 1
I prefer the use of sizeof that can't be faked even by error but why not
Le dimanche 03 janvier 2016 à 20:56 +0100, Toralf Förster a écrit :
> use the definition in include/uapi/linux/xattr.h
>
> Signed-off-by: Toralf Förster
> ---
> fs/ext4/xattr_security.c | 2 +-
> 1
he tags that are
not specials;
- otherwise, processes only keep tags that are prefixed with the
character * (star).
Because changes only occur through tag files accesses, the
notifications might be available to any possible observer.
Signed-off-by: José Bollo
---
fs/proc/base.c
Security
[2] https://wiki.tizen.org/wiki/Security/Tizen_3.X_Cynara
[3] https://github.com/jobol/keyzen
[4] https://archive.fosdem.org/2015/schedule/event/sec_enforcement/
José Bollo (1):
Tags: Adding tagging feature to security modules
fs/proc/base.c | 3 +
security/Kcon
he tags that are
not specials;
- otherwise, processes only keep tags that are prefixed with the
character * (star).
Because changes only occur through tag files accesses, the
notifications might be available to any possible observer.
Signed-off-by: José Bollo <jo...@nonadev.net>
---
fs
Security
[2] https://wiki.tizen.org/wiki/Security/Tizen_3.X_Cynara
[3] https://github.com/jobol/keyzen
[4] https://archive.fosdem.org/2015/schedule/event/sec_enforcement/
José Bollo (1):
Tags: Adding tagging feature to security modules
fs/proc/base.c | 3 +
security/Kcon
With this commit, the LSM Smack implements the LSM
side part of the system call keyctl with the action
code KEYCTL_GET_SECURITY.
It is now possible to get the context of, for example,
the user session key using the command "keyctl security @s".
Signed-off-by: José Bollo
---
secu
With this commit, the LSM Smack implements the LSM
side part of the system call keyctl with the action
code KEYCTL_GET_SECURITY.
It is now possible to get the context of, for example,
the user session key using the command keyctl security @s.
Signed-off-by: José Bollo jose.bo
ding: 8bit
Change-Id: I140648f08dd8fd991be6a9b3a2e649a3677c1be5
Signed-off-by: José Bollo
---
security/smack/smack_lsm.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 47ed6a4..285d908 100644
---
reasons of some
system failures. For example, it is currently impossible to get the context
of the user session key using the command keyctl security @s.
This patch (attached) is obvious, it simply implements the missing part of
the LSM Smack.
I tested and it works fine.
Best regards
José bollo
Signed-off-by: José Bollo
---
security/smack/smack_lsm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3f01cf5..28d482c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -893,18 +893,20
Signed-off-by: José Bollo jose.bo...@open.eurogiciel.org
---
security/smack/smack_lsm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3f01cf5..28d482c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack
22 matches
Mail list logo