On Wed, Sep 25, 2019 at 05:32:04PM +0300, Jarkko Sakkinen wrote:
> On Tue, Sep 24, 2019 at 10:20:09AM -0700, Andy Lutomirski wrote:
> > > I think either can be considered post-upstreaming.
> >
> > Indeed, as long as the overall API is actually compatible with these
> > types of restrictions.
>
>
On Tue, Sep 24, 2019 at 10:20:09AM -0700, Andy Lutomirski wrote:
> > I think either can be considered post-upstreaming.
>
> Indeed, as long as the overall API is actually compatible with these
> types of restrictions.
I include LSM changes to the follow up versions of the patch set. This
is done
> On Sep 15, 2019, at 10:24 PM, Jarkko Sakkinen
> wrote:
>
> On Sat, Sep 14, 2019 at 08:32:38AM -0700, Dave Hansen wrote:
On 9/14/19 6:41 AM, Jarkko Sakkinen wrote:
The proposed LSM hooks give the granularity to make yes/no decision
based on the
* The origin of the source of
On Sat, Sep 14, 2019 at 08:32:38AM -0700, Dave Hansen wrote:
> On 9/14/19 6:41 AM, Jarkko Sakkinen wrote:
> >
> > The proposed LSM hooks give the granularity to make yes/no decision
> > based on the
> >
> > * The origin of the source of the source for the enclave.
> > * The requested permissions
On 9/14/19 6:41 AM, Jarkko Sakkinen wrote:
>
> The proposed LSM hooks give the granularity to make yes/no decision
> based on the
>
> * The origin of the source of the source for the enclave.
> * The requested permissions for the added or mapped peage.
>
> The hooks to do these checks are provid
On Fri, Sep 13, 2019 at 01:38:18PM -0700, Dave Hansen wrote:
> On 9/3/19 7:26 AM, Jarkko Sakkinen wrote:
> > Not having LSM hooks does not cause any risk to other parts of the
> > kernel as the device can still be controlled by using DAC permissions.
> > The hooks just provide more granularity than
On 9/3/19 7:26 AM, Jarkko Sakkinen wrote:
> Not having LSM hooks does not cause any risk to other parts of the
> kernel as the device can still be controlled by using DAC permissions.
> The hooks just provide more granularity than DAC in access decisions.
Could we translate the security-speak to e
7 matches
Mail list logo
