On Tuesday, October 06, 2015 08:55:33 PM Nicolas Iooss wrote:
> On 10/05/2015 10:41 PM, Paul Moore wrote:
> > Add the SELinux access control implementation for the new kdbus LSM
>
> > hooks using the new kdbus object class and the following permissions:
> [[SNIP]]
>
> > diff --git a/security/seli
Commit 124613012db1 ("af_unix: Convert the unix_sk macro to an inline
function for type safety") was recently added to catch incorrect
uses of the unix_sk helper using compiler warnings.
It has now caught one such case in lsm_audit.c. The code is technically
correct, but as it converts a const poi
On 10/05/2015 10:41 PM, Paul Moore wrote:
> Add the SELinux access control implementation for the new kdbus LSM
> hooks using the new kdbus object class and the following permissions:
>
[[SNIP]]
> diff --git a/security/selinux/include/classmap.h
> b/security/selinux/include/classmap.h
> index ecc
On Sun, Sep 27, 2015 at 06:10:28PM +0300, Petko Manolov wrote:
> __list_splice_init_rcu() can be used to splice lists forming both stack and
> queue structures, depending on its arguments. It is based on the initial
> list_splice_init_rcu() with a few minor modifications to help abstracting it.
>
On Tue, Oct 06, 2015 at 10:08:21AM +0100, Greg KH wrote:
> Just responding to one thing at the moment:
>
> On Mon, Oct 05, 2015 at 11:22:22PM +0200, Luis R. Rodriguez wrote:
> > * we should phase out the usermode helper from firmware_class long term
>
> You can "phase out", but you can not dele
On Tue, Oct 06, 2015 at 01:16:02PM +, Fuchs, Andreas wrote:
> > > I was just trying to point out that the concept is not too difficult,
> > > since
> > > kernel-space (minimal) resource-manager makes a lot of people go "oh god,
> > > never ever, way too big, way too complicated", which IMHO it
> > I was just trying to point out that the concept is not too difficult, since
> > kernel-space (minimal) resource-manager makes a lot of people go "oh god,
> > never ever, way too big, way too complicated", which IMHO it is not.
> > Until then, I think that the call should just return -EBUSY when
On Tue, Oct 06, 2015 at 06:22:29AM +, Fuchs, Andreas wrote:
> > > OK, I guess we got stuck in the follow-up discussions and missed the
> > > points.
> >
> > Yup, don't get me wrong here. I like this discussion and am willing to
> > listen to reasonable arguments.
>
> We could not agree more.
On Mon, 5 Oct 2015, Casey Schaufler wrote:
> Hi James. I'm starting my patch processing for 4.4 and wondered
> if you're planning to update security#next any time soon.
>
Now merged to -rc4.
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module"
Just responding to one thing at the moment:
On Mon, Oct 05, 2015 at 11:22:22PM +0200, Luis R. Rodriguez wrote:
> * we should phase out the usermode helper from firmware_class long term
You can "phase out", but you can not delete it as it's a user/kernel api
that we have to support for forever,
Thanks for your review I will add a lock in smaf_handle structure.
One of the goal of smaf is to create a standard kernel API to allocate
and secure buffers to avoid forking
while implementing buffer securing feature.
One concern about ION is that the selection of the heap is done by userland
so
I have mind few uses cases:
- the basic one when an HW device need contiguous memory.
- I have a device that could not cross some memory boundaries so I
need a specific allocator for it.
- when allocating memory for security some platform have address
constraints or need to allocate memory in speci
12 matches
Mail list logo
