Quoting James Morris ([EMAIL PROTECTED]):
> On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
>
> > Patch tests fine for me for expected capability behavior with lsm=n,
> > lsm=y, lsm=y+capability=y, lsm=y+selinux=y, and lsm=y+caps=y+selinux=y.
> >
> > So while I'm opposed to the patch, it appears to
On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
> Patch tests fine for me for expected capability behavior with lsm=n,
> lsm=y, lsm=y+capability=y, lsm=y+selinux=y, and lsm=y+caps=y+selinux=y.
>
> So while I'm opposed to the patch, it appears to be safe.
I've also tested a bunch of scenarios:
Quoting Serge E. Hallyn ([EMAIL PROTECTED]):
> Quoting James Morris ([EMAIL PROTECTED]):
> > On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
> >
> > > Quoting Kyle Moffett ([EMAIL PROTECTED]):
> > > > This whole discussion boils down to 2 points:
> > >
> > > Yes it can, but not the two you list.
> >
Quoting James Morris ([EMAIL PROTECTED]):
> On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
>
> > Quoting Kyle Moffett ([EMAIL PROTECTED]):
> > > This whole discussion boils down to 2 points:
> >
> > Yes it can, but not the two you list.
> >
> > > 1) As currently implemented, no LSM may be safely
On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
> Quoting Kyle Moffett ([EMAIL PROTECTED]):
> > This whole discussion boils down to 2 points:
>
> Yes it can, but not the two you list.
>
> > 1) As currently implemented, no LSM may be safely rmmod-ed
>
> That's not the rationale for the patch,
Quoting Kyle Moffett ([EMAIL PROTECTED]):
> This whole discussion boils down to 2 points:
Yes it can, but not the two you list.
> 1) As currently implemented, no LSM may be safely rmmod-ed
That's not the rationale for the patch, it's just some talking point you
picked up. The rationale for
Quoting Kyle Moffett ([EMAIL PROTECTED]):
This whole discussion boils down to 2 points:
Yes it can, but not the two you list.
1) As currently implemented, no LSM may be safely rmmod-ed
That's not the rationale for the patch, it's just some talking point you
picked up. The rationale for the
On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
Quoting Kyle Moffett ([EMAIL PROTECTED]):
This whole discussion boils down to 2 points:
Yes it can, but not the two you list.
1) As currently implemented, no LSM may be safely rmmod-ed
That's not the rationale for the patch, it's just
Quoting James Morris ([EMAIL PROTECTED]):
On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
Quoting Kyle Moffett ([EMAIL PROTECTED]):
This whole discussion boils down to 2 points:
Yes it can, but not the two you list.
1) As currently implemented, no LSM may be safely rmmod-ed
Quoting Serge E. Hallyn ([EMAIL PROTECTED]):
Quoting James Morris ([EMAIL PROTECTED]):
On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
Quoting Kyle Moffett ([EMAIL PROTECTED]):
This whole discussion boils down to 2 points:
Yes it can, but not the two you list.
1) As
On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
Patch tests fine for me for expected capability behavior with lsm=n,
lsm=y, lsm=y+capability=y, lsm=y+selinux=y, and lsm=y+caps=y+selinux=y.
So while I'm opposed to the patch, it appears to be safe.
I've also tested a bunch of scenarios:
Quoting James Morris ([EMAIL PROTECTED]):
On Wed, 27 Jun 2007, Serge E. Hallyn wrote:
Patch tests fine for me for expected capability behavior with lsm=n,
lsm=y, lsm=y+capability=y, lsm=y+selinux=y, and lsm=y+caps=y+selinux=y.
So while I'm opposed to the patch, it appears to be safe.
* Crispin Cowan ([EMAIL PROTECTED]) wrote:
> and simple LSMs that can be
> unloaded safely can permit it.
there are none, and making the above possible is prohibitively
expensive.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL
On Jun 26, 2007, at 20:57:53, Crispin Cowan wrote:
Kyle Moffett wrote:
Let's go over the differences between "my fs" and "my LSM", and
the similarities between "my VM" and "my LSM": Filesystems don't
get hooked from virtually every userspace-initiated operation,
whereas both VMs and LSMs
Kyle Moffett wrote:
> Let's go over the differences between "my fs" and "my LSM", and the
> similarities between "my VM" and "my LSM": Filesystems don't get
> hooked from virtually every userspace-initiated operation, whereas
> both VMs and LSMs do. VMs and LSMs attach anonymous state data to a
On Jun 26, 2007, at 09:47:12, Serge E. Hallyn wrote:
Quoting Kyle Moffett ([EMAIL PROTECTED]):
On Jun 25, 2007, at 16:37:58, Andreas Gruenbacher wrote:
It's useful for some LSMs to be modular, and LSMs which are y/n
options won't have any security architecture issues with
unloading at all.
On Tue, Jun 26, 2007 at 10:53:29AM -0500, Serge E. Hallyn wrote:
> Quoting Adrian Bunk ([EMAIL PROTECTED]):
> > On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
> > > Quoting Adrian Bunk ([EMAIL PROTECTED]):
> > > > On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
>
Quoting Greg KH ([EMAIL PROTECTED]):
> On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
> > Quoting Adrian Bunk ([EMAIL PROTECTED]):
> > > On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
> > > > Quoting James Morris ([EMAIL PROTECTED]):
> > > > > On Mon, 25 Jun
On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
> Quoting Adrian Bunk ([EMAIL PROTECTED]):
> > On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
> > > Quoting James Morris ([EMAIL PROTECTED]):
> > > > On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
> > > >
> > > >
Quoting Adrian Bunk ([EMAIL PROTECTED]):
> On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
> > Quoting Adrian Bunk ([EMAIL PROTECTED]):
> > > On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
> > > > Quoting James Morris ([EMAIL PROTECTED]):
> > > > > On Mon, 25 Jun
On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
> Quoting Adrian Bunk ([EMAIL PROTECTED]):
> > On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
> > > Quoting James Morris ([EMAIL PROTECTED]):
> > > > On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
> > > >
> > > >
Quoting Adrian Bunk ([EMAIL PROTECTED]):
> On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
> > Quoting James Morris ([EMAIL PROTECTED]):
> > > On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
> > >
> > > > It's useful for some LSMs to be modular, and LSMs which are y/n options
>
Quoting Kyle Moffett ([EMAIL PROTECTED]):
> On Jun 25, 2007, at 16:37:58, Andreas Gruenbacher wrote:
> >On Monday 25 June 2007 06:33, James Morris wrote:
> >>Convert LSM into a static interface, as the ability to unload a
> >>security module is not required by in-tree users and potentially
>
On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
> Quoting James Morris ([EMAIL PROTECTED]):
> > On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
> >
> > > It's useful for some LSMs to be modular, and LSMs which are y/n options
> > > won't
> > > have any security architecture
On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
Quoting James Morris ([EMAIL PROTECTED]):
On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
It's useful for some LSMs to be modular, and LSMs which are y/n options
won't
have any security architecture issues with
Quoting Kyle Moffett ([EMAIL PROTECTED]):
On Jun 25, 2007, at 16:37:58, Andreas Gruenbacher wrote:
On Monday 25 June 2007 06:33, James Morris wrote:
Convert LSM into a static interface, as the ability to unload a
security module is not required by in-tree users and potentially
complicates
Quoting Adrian Bunk ([EMAIL PROTECTED]):
On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
Quoting James Morris ([EMAIL PROTECTED]):
On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
It's useful for some LSMs to be modular, and LSMs which are y/n options
won't
On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
Quoting Adrian Bunk ([EMAIL PROTECTED]):
On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
Quoting James Morris ([EMAIL PROTECTED]):
On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
It's useful for
Quoting Adrian Bunk ([EMAIL PROTECTED]):
On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
Quoting Adrian Bunk ([EMAIL PROTECTED]):
On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
Quoting James Morris ([EMAIL PROTECTED]):
On Mon, 25 Jun 2007, Andreas
On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
Quoting Adrian Bunk ([EMAIL PROTECTED]):
On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
Quoting James Morris ([EMAIL PROTECTED]):
On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
It's useful for
Quoting Greg KH ([EMAIL PROTECTED]):
On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
Quoting Adrian Bunk ([EMAIL PROTECTED]):
On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
Quoting James Morris ([EMAIL PROTECTED]):
On Mon, 25 Jun 2007, Andreas
On Tue, Jun 26, 2007 at 10:53:29AM -0500, Serge E. Hallyn wrote:
Quoting Adrian Bunk ([EMAIL PROTECTED]):
On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote:
Quoting Adrian Bunk ([EMAIL PROTECTED]):
On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote:
On Jun 26, 2007, at 09:47:12, Serge E. Hallyn wrote:
Quoting Kyle Moffett ([EMAIL PROTECTED]):
On Jun 25, 2007, at 16:37:58, Andreas Gruenbacher wrote:
It's useful for some LSMs to be modular, and LSMs which are y/n
options won't have any security architecture issues with
unloading at all.
Kyle Moffett wrote:
Let's go over the differences between my fs and my LSM, and the
similarities between my VM and my LSM: Filesystems don't get
hooked from virtually every userspace-initiated operation, whereas
both VMs and LSMs do. VMs and LSMs attach anonymous state data to a
large
On Jun 26, 2007, at 20:57:53, Crispin Cowan wrote:
Kyle Moffett wrote:
Let's go over the differences between my fs and my LSM, and
the similarities between my VM and my LSM: Filesystems don't
get hooked from virtually every userspace-initiated operation,
whereas both VMs and LSMs do. VMs
* Crispin Cowan ([EMAIL PROTECTED]) wrote:
and simple LSMs that can be
unloaded safely can permit it.
there are none, and making the above possible is prohibitively
expensive.
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
Oops, typo:
On Jun 26, 2007, at 00:09:24, Kyle Moffett wrote:
This sounds suspiciously like "The mere fact that the Linux-2.6-VM
cannot be built as a module is a rather weak argument for disabling
VFS modules as a whole"
Meant to say: "...disabling VM modules as a whole."
Cheers,
Kyle
On Jun 25, 2007, at 16:37:58, Andreas Gruenbacher wrote:
On Monday 25 June 2007 06:33, James Morris wrote:
Convert LSM into a static interface, as the ability to unload a
security module is not required by in-tree users and potentially
complicates the overall security architecture.
It's
Quoting James Morris ([EMAIL PROTECTED]):
> On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
>
> > It's useful for some LSMs to be modular, and LSMs which are y/n options
> > won't
> > have any security architecture issues with unloading at all.
>
> Which LSMs? Upstream, there are SELinux and
On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
> It's useful for some LSMs to be modular, and LSMs which are y/n options won't
> have any security architecture issues with unloading at all.
Which LSMs? Upstream, there are SELinux and capabilty, and they're not
safe as loadable modules.
>
On Monday 25 June 2007 06:33, James Morris wrote:
> Convert LSM into a static interface, as the ability to unload a security
> module is not required by in-tree users and potentially complicates the
> overall security architecture.
It's useful for some LSMs to be modular, and LSMs which are y/n
On Mon, 2007-06-25 at 00:33 -0400, James Morris wrote:
> Convert LSM into a static interface, as the ability to unload a security
> module is not required by in-tree users and potentially complicates the
> overall security architecture.
>
> Needlessly exported LSM symbols have been unexported,
On Mon, 2007-06-25 at 00:33 -0400, James Morris wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Needlessly exported LSM symbols have been unexported, to
On Monday 25 June 2007 06:33, James Morris wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
It's useful for some LSMs to be modular, and LSMs which are y/n
On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
It's useful for some LSMs to be modular, and LSMs which are y/n options won't
have any security architecture issues with unloading at all.
Which LSMs? Upstream, there are SELinux and capabilty, and they're not
safe as loadable modules.
The
Quoting James Morris ([EMAIL PROTECTED]):
On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
It's useful for some LSMs to be modular, and LSMs which are y/n options
won't
have any security architecture issues with unloading at all.
Which LSMs? Upstream, there are SELinux and
On Jun 25, 2007, at 16:37:58, Andreas Gruenbacher wrote:
On Monday 25 June 2007 06:33, James Morris wrote:
Convert LSM into a static interface, as the ability to unload a
security module is not required by in-tree users and potentially
complicates the overall security architecture.
It's
Oops, typo:
On Jun 26, 2007, at 00:09:24, Kyle Moffett wrote:
This sounds suspiciously like The mere fact that the Linux-2.6-VM
cannot be built as a module is a rather weak argument for disabling
VFS modules as a whole
Meant to say: ...disabling VM modules as a whole.
Cheers,
Kyle Moffett
On Sun, 24 Jun 2007, Petr Vandrovec wrote:
> > -module_param(debug, bool, 0600);
> > -MODULE_PARM_DESC(debug, "Debug enabled or not");
> > +static int __init root_plug_debug(char *str)
> > +{
> > + debug = simple_strtol(str, NULL, 0);
> > + return 1;
> > +}
> > +__setup("root_plug_debug=",
James Morris wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Hello,
-module_param(debug, bool, 0600);
-MODULE_PARM_DESC(debug, "Debug enabled or not");
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Needlessly exported LSM symbols have been unexported, to help reduce API
abuse.
Parameters for the capability and
James Morris wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Hello,
-module_param(debug, bool, 0600);
-MODULE_PARM_DESC(debug, Debug enabled or not);
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Needlessly exported LSM symbols have been unexported, to help reduce API
abuse.
Parameters for the capability and
On Sun, 24 Jun 2007, Petr Vandrovec wrote:
-module_param(debug, bool, 0600);
-MODULE_PARM_DESC(debug, Debug enabled or not);
+static int __init root_plug_debug(char *str)
+{
+ debug = simple_strtol(str, NULL, 0);
+ return 1;
+}
+__setup(root_plug_debug=, root_plug_debug);
54 matches
Mail list logo
