Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-12 Thread Casey Schaufler
On 4/12/2017 9:22 AM, Djalal Harouni wrote: > On Tue, Apr 11, 2017 at 6:43 AM, Kees Cook wrote: >> On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >>> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >>> wrote: I

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-12 Thread Casey Schaufler
On 4/12/2017 9:22 AM, Djalal Harouni wrote: > On Tue, Apr 11, 2017 at 6:43 AM, Kees Cook wrote: >> On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >>> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >>> wrote: I think that would be the prudent approach. There is still the

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-12 Thread Djalal Harouni
On Tue, Apr 11, 2017 at 6:43 AM, Kees Cook wrote: > On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >> wrote: >>> I think that would be the prudent approach. There is

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-12 Thread Djalal Harouni
On Tue, Apr 11, 2017 at 6:43 AM, Kees Cook wrote: > On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >> wrote: >>> I think that would be the prudent approach. There is still >>> the possibility that blob sharing (or full stacking, if

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-12 Thread Djalal Harouni
On Tue, Apr 11, 2017 at 9:54 PM, Casey Schaufler wrote: > On 4/10/2017 9:43 PM, Kees Cook wrote: >> On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >>> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >>> wrote: I

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-12 Thread Djalal Harouni
On Tue, Apr 11, 2017 at 9:54 PM, Casey Schaufler wrote: > On 4/10/2017 9:43 PM, Kees Cook wrote: >> On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >>> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >>> wrote: I think that would be the prudent approach. There is still the

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-11 Thread Kees Cook
On Tue, Apr 11, 2017 at 12:54 PM, Casey Schaufler wrote: > On 4/10/2017 9:43 PM, Kees Cook wrote: >> On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >>> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >>> wrote: I

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-11 Thread Kees Cook
On Tue, Apr 11, 2017 at 12:54 PM, Casey Schaufler wrote: > On 4/10/2017 9:43 PM, Kees Cook wrote: >> On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >>> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >>> wrote: I think that would be the prudent approach. There is still the

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-11 Thread Casey Schaufler
On 4/10/2017 9:43 PM, Kees Cook wrote: > On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >> wrote: >>> I think that would be the prudent approach. There is still >>> the possibility that blob

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-11 Thread Casey Schaufler
On 4/10/2017 9:43 PM, Kees Cook wrote: > On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: >> On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler >> wrote: >>> I think that would be the prudent approach. There is still >>> the possibility that blob sharing (or full stacking, if you >>>

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-10 Thread Kees Cook
On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: > On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler > wrote: >> I think that would be the prudent approach. There is still >> the possibility that blob sharing (or full stacking, if you >> prefer)

Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

2017-04-10 Thread Kees Cook
On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni wrote: > On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler > wrote: >> I think that would be the prudent approach. There is still >> the possibility that blob sharing (or full stacking, if you >> prefer) won't be accepted any time soon. > > Ok