Andrew Blaich wrote:
> Tetsuo's suggestion and looking at the tomoyo source code helped me
> narrow down and fix the issue I was having. Thank you very much
> everyone.
Oh, according audit_log_task_info(),
it seems that TOMOYO needs to call down_read(&mm->mmap_sem)
before accessing mm->mmap .
A
Quoting Casey Schaufler ([EMAIL PROTECTED]):
>
> --- "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
>
> > Quoting Stephen Smalley ([EMAIL PROTECTED]):
> > > On Tue, 2007-11-27 at 10:11 -0600, Serge E. Hallyn wrote:
> > > > Quoting Crispin Cowan ([EMAIL PROTECTED]):
> > > > > Just the name "sys_hija
Quoting Crispin Cowan ([EMAIL PROTECTED]):
> Serge E. Hallyn wrote:
> > Quoting Stephen Smalley ([EMAIL PROTECTED]):
> >
> >> I agree with this part - we don't want people to have to choose between
> >> using containers and using selinux, so if hijack is going to be a
> >> requirement for effect
Quoting Crispin Cowan ([EMAIL PROTECTED]):
> Serge E. Hallyn wrote:
> > Quoting Casey Schaufler ([EMAIL PROTECTED]):
> >
> >> Could y'all bring me up to speed on what this is intended to
> >> accomplish so that I can understand the Smack implications?
> >>
> > It's basically like ptracing a
On Tue, 2007-11-27 at 16:38 -0600, Serge E. Hallyn wrote:
> Quoting Stephen Smalley ([EMAIL PROTECTED]):
> > On Tue, 2007-11-27 at 10:11 -0600, Serge E. Hallyn wrote:
> > > Quoting Crispin Cowan ([EMAIL PROTECTED]):
> > > > Just the name "sys_hijack" makes me concerned.
> > > >
> > > > This post d
Quoting Stephen Smalley ([EMAIL PROTECTED]):
> On Tue, 2007-11-27 at 16:38 -0600, Serge E. Hallyn wrote:
> > Quoting Stephen Smalley ([EMAIL PROTECTED]):
> > > On Tue, 2007-11-27 at 10:11 -0600, Serge E. Hallyn wrote:
> > > > Quoting Crispin Cowan ([EMAIL PROTECTED]):
> > > > > Just the name "sys_h
Any complaints or questions left here? I've got more people reporting
problems with NFS/SELinux and this is the first (and hardest) step to
making NFS and any genic LSM play nicely. If there are not any
problems how should this be pushed to linus? Through James Morris's
git tree? Through Chris
Here's a question, why is there this round about way of retrieving the
path of the task? Wouldn't it be slightly more efficient to store it
explicitly as character array within the task_struct ?
On Nov 28, 2007 8:20 AM, Tetsuo Handa
<[EMAIL PROTECTED]> wrote:
>
> Andrew Blaich wrote:
> > Tetsuo's
>From 97ee046e8075a21b356fb93db0769d440437ef51 Mon Sep 17 00:00:00 2001
From: [EMAIL PROTECTED] <[EMAIL PROTECTED](none)>
Date: Tue, 27 Nov 2007 10:37:57 -0800
Subject: [PATCH -mm] capabilities: fix CAP_LAST_CAP to CAP_MAC_ADMIN
A recent SMACK patch introduced two new capabilities. The capability
Hello.
Andrew Blaich wrote:
> Here's a question, why is there this round about way of retrieving the
> path of the task? Wouldn't it be slightly more efficient to store it
> explicitly as character array within the task_struct ?
I don't know the reason. But I guess that
(1) Printing the pathnam
From: Casey Schaufler <[EMAIL PROTECTED]>
Bump the value of CAP_LAST_CAP to reflect the current last cap value.
It appears that the patch that introduced CAP_LAST_CAP and the patch
that introduced CAP_MAC_ADMIN came in more or less at the same time.
Signed-off-by: Casey Schaufler <[EMAIL PROTECTE
Quoting Casey Schaufler ([EMAIL PROTECTED]):
> From: Casey Schaufler <[EMAIL PROTECTED]>
>
> Bump the value of CAP_LAST_CAP to reflect the current last cap value.
> It appears that the patch that introduced CAP_LAST_CAP and the patch
> that introduced CAP_MAC_ADMIN came in more or less at the same
Serge E. Hallyn wrote:
> Quoting Crispin Cowan ([EMAIL PROTECTED]):
>
>> Is there to be an LSM hook, so that modules can decide on an arbitrary
>> decision of whether to allow a hijack? So that this "do the right
>> SELinux" thing can be generalized for all LSMs to do the right thing.
>>
>
Tetsuo Handa <[EMAIL PROTECTED]> writes:
> Hello.
>
> James Morris wrote:
>> From memory, one approach under discussion was to add netfilter hooks to
>> the transport layer, which could be invoked correctly by each type of
>> protocol when the target process is selected.
>>
>> If this is done f
14 matches
Mail list logo
