Hi
Other fixes are ready for the pull request but for this patch peer
check might be useful.
I'm anyway sending the pull request with the five pull patches over
here even if I don't get 'Tested-by:':
https://github.com/jsakkine/linux-tpmdd/commits/fixes
I've tested this patch with fTPM and dTPM
Hello, Paul.
>> Did you want the "Reported-by" tag included? I'm also adding the SELinux
>> list
>> back to the CC line.
Yes, could you please, indeed include lost line "Reported-by: Florian Weimer
".
It was my fault of omitting it while re-composing commit message.
Vladis Dronov | Red Hat,
Helo again.
I need to get back to this issue, we still don't have a fix for socketpair()
and UDS sockets.
I was wondering if the fix i posted is ok (apart from the variables beeing
named inode), as you
can see this fields in the structure are initialized in smack_sk_alloc_security
(to cover
th
On Thu, 5 Nov 2015, Jarkko Sakkinen wrote:
> v4:
>
> * Added missing select CRYPTO_HASH_INFO in drivers/char/tpm/Kconfig
>
> Signed-off-by: Jarkko Sakkinen
Reviewed-by: James Morris
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
t
On Mon, 2015-11-02 at 00:39 +0200, Petko Manolov wrote:
> +
> +#ifdef CONFIG_IMA_READ_POLICY
> +enum {
> + mask_err = -1,
> + mask_exec = 1, mask_write, mask_read, mask_append
> +};
> +
> +static match_table_t mask_tokens = {
> + {mask_exec, "MAY_EXEC"},
> + {mask_write, "MAY
If I understand correctly the security window for 4.4 has been closed
now (as changes went to next).
Anyway, I updated the series to the latest smack-for-4.4 branch.
Including the new relabel-self interface that received namespace
treatment as well. Also the RCU fix reported on the list has been
i
On Sun, 8 Nov 2015 13:08:36 +0100 Jann Horn wrote:
> By checking the effective credentials instead of the real UID /
> permitted capabilities, ensure that the calling process actually
> intended to use its credentials.
>
> To ensure that all ptrace checks use the correct caller
> credentials (e
On Mon, Nov 09, 2015 at 12:55:54PM -0800, Andrew Morton wrote:
> > --- a/fs/proc/array.c
> > +++ b/fs/proc/array.c
> > @@ -395,7 +395,8 @@ static int do_task_stat(struct seq_file *m, struct
> > pid_namespace *ns,
> >
> > state = *get_task_state(task);
> > vsize = eip = esp = 0;
> > - p
On Mon, Nov 09, 2015 at 12:55:54PM -0800, Andrew Morton wrote:
> On Sun, 8 Nov 2015 13:08:36 +0100 Jann Horn wrote:
>
> > By checking the effective credentials instead of the real UID /
> > permitted capabilities, ensure that the calling process actually
> > intended to use its credentials.
> >
On Mon, 9 Nov 2015 22:12:09 +0100 Jann Horn wrote:
>
> > Can we do
> >
> > #define PTRACE_foo (PTRACE_MODE_READ|PTRACE_MODE_FSCREDS)
> >
> > to avoid all that?
>
> Hm. All combinations of the PTRACE_MODE_*CREDS flags with
> PTRACE_MODE_{READ,ATTACH} plus optionally PTRACE_MODE_NOAUDIT
> make s
On Wed, Oct 14, 2015 at 02:41:57PM +0200, Lukasz Pawelczyk wrote:
> int (*getprocattr)(struct task_struct *p, char *name, char **value);
> - int (*setprocattr)(struct task_struct *p, char *name, void *value,
> - size_t size);
> + int (*setprocattr)(struct t
11 matches
Mail list logo
