subject:"\[PATCH\] Smack\: replace capable\(\) with ns

Re: [PATCH] Smack: replace capable() with ns_capable()

2015-07-28 Thread Casey Schaufler

On 7/28/2015 8:06 AM, Serge E. Hallyn wrote: > On Tue, Jul 28, 2015 at 07:36:30AM -0700, Casey Schaufler wrote: >> On 7/26/2015 6:27 PM, Sungbae Yoo wrote: >>> So, Do you agree to allow the process to change its own labels? >> No. This requires CAP_MAC_ADMIN. Smack is mandatory access control. >> B

Re: [PATCH] Smack: replace capable() with ns_capable()

2015-07-28 Thread Serge E. Hallyn

On Tue, Jul 28, 2015 at 07:36:30AM -0700, Casey Schaufler wrote: > On 7/26/2015 6:27 PM, Sungbae Yoo wrote: > > So, Do you agree to allow the process to change its own labels? > > No. This requires CAP_MAC_ADMIN. Smack is mandatory access control. > Being in a namespace (as they are implemented to

Re: [PATCH] Smack: replace capable() with ns_capable()

2015-07-28 Thread Casey Schaufler

, July 24, 2015 8:41 PM > To: Sungbae Yoo; Casey Schaufler > Cc: James Morris; Serge E. Hallyn; linux-security-mod...@vger.kernel.org; > linux-kernel@vger.kernel.org > Subject: Re: [PATCH] Smack: replace capable() with ns_capable() > > On pią, 2015-07-24 at 20:26 +0900, Sungbae Yo

Re: [PATCH] Smack: replace capable() with ns_capable()

2015-07-27 Thread Lukasz Pawelczyk

> -Original Message- > From: Lukasz Pawelczyk [mailto:l.pawelc...@samsung.com] > Sent: Friday, July 24, 2015 8:41 PM > To: Sungbae Yoo; Casey Schaufler > Cc: James Morris; Serge E. Hallyn; > linux-security-mod...@vger.kernel.org; linux-kernel@vger.kernel.org > Su

RE: [PATCH] Smack: replace capable() with ns_capable()

2015-07-26 Thread Sungbae Yoo

-- From: Lukasz Pawelczyk [mailto:l.pawelc...@samsung.com] Sent: Friday, July 24, 2015 8:41 PM To: Sungbae Yoo; Casey Schaufler Cc: James Morris; Serge E. Hallyn; linux-security-mod...@vger.kernel.org; linux-kernel@vger.kernel.org Subject: Re: [PATCH] Smack: replace capable() with ns_capable() On pią, 2

Re: [PATCH] Smack: replace capable() with ns_capable()

2015-07-25 Thread Casey Schaufler

On 7/24/2015 4:40 AM, Lukasz Pawelczyk wrote: > On pią, 2015-07-24 at 20:26 +0900, Sungbae Yoo wrote: >> If current task has capabilities, Smack operations (eg. Changing own >> smack >> label) should be available even inside of namespace. >> >> Signed-off-by: Sungbae Yoo For the reasons Lukasz o

Re: [PATCH] Smack: replace capable() with ns_capable()

2015-07-24 Thread Lukasz Pawelczyk

On pią, 2015-07-24 at 20:26 +0900, Sungbae Yoo wrote: > If current task has capabilities, Smack operations (eg. Changing own > smack > label) should be available even inside of namespace. > > Signed-off-by: Sungbae Yoo > > diff --git a/security/smack/smack_access.c > b/security/smack/smack_acc

[PATCH] Smack: replace capable() with ns_capable()

2015-07-24 Thread Sungbae Yoo

If current task has capabilities, Smack operations (eg. Changing own smack label) should be available even inside of namespace. Signed-off-by: Sungbae Yoo diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 00f6b38..f6b2c35 100644 --- a/security/smack/smack_access.c

Re: [PATCH] Smack: replace capable() with ns_capable()

Re: [PATCH] Smack: replace capable() with ns_capable()

Re: [PATCH] Smack: replace capable() with ns_capable()

Re: [PATCH] Smack: replace capable() with ns_capable()

RE: [PATCH] Smack: replace capable() with ns_capable()

Re: [PATCH] Smack: replace capable() with ns_capable()

Re: [PATCH] Smack: replace capable() with ns_capable()

[PATCH] Smack: replace capable() with ns_capable()

8 matches

Site Navigation

Mail list logo

Footer information