On Tue, Aug 1, 2023 at 9:24 AM Ondrej Mosnacek wrote:
> On Fri, Jul 28, 2023 at 5:12 PM Paul Moore wrote:
> >
> > On Fri, Jul 28, 2023 at 9:24 AM Christian Göttsche
> > wrote:
> > >
> > > On Fri, 28 Jul 2023 at 15:14, Ondrej Mosnacek wrote:
> > > >
> > > > On Fri, Jul 28, 2023 at 1:52 PM Stephe
On Fri, Jul 28, 2023 at 5:12 PM Paul Moore wrote:
>
> On Fri, Jul 28, 2023 at 9:24 AM Christian Göttsche
> wrote:
> >
> > On Fri, 28 Jul 2023 at 15:14, Ondrej Mosnacek wrote:
> > >
> > > On Fri, Jul 28, 2023 at 1:52 PM Stephen Smalley
> > > wrote:
> > > >
> > > > On Fri, Jul 28, 2023 at 7:36 AM
Ondrej Mosnacek writes:
> On Fri, Jul 28, 2023 at 4:12 AM Michael Ellerman wrote:
>>
>> Ondrej Mosnacek writes:
>> > Currently, SELinux doesn't allow distinguishing between kernel threads
>> > and userspace processes that are started before the policy is first
>> > loaded - both get the label co
On Fri, Jul 28, 2023 at 9:24 AM Christian Göttsche
wrote:
>
> On Fri, 28 Jul 2023 at 15:14, Ondrej Mosnacek wrote:
> >
> > On Fri, Jul 28, 2023 at 1:52 PM Stephen Smalley
> > wrote:
> > >
> > > On Fri, Jul 28, 2023 at 7:36 AM Ondrej Mosnacek
> > > wrote:
> > > >
> > > > On Fri, Jul 28, 2023 at
On Fri, 28 Jul 2023 at 15:14, Ondrej Mosnacek wrote:
>
> On Fri, Jul 28, 2023 at 1:52 PM Stephen Smalley
> wrote:
> >
> > On Fri, Jul 28, 2023 at 7:36 AM Ondrej Mosnacek wrote:
> > >
> > > On Fri, Jul 28, 2023 at 4:12 AM Michael Ellerman
> > > wrote:
> > > >
> > > > Ondrej Mosnacek writes:
>
On Fri, Jul 28, 2023 at 1:52 PM Stephen Smalley
wrote:
>
> On Fri, Jul 28, 2023 at 7:36 AM Ondrej Mosnacek wrote:
> >
> > On Fri, Jul 28, 2023 at 4:12 AM Michael Ellerman
> > wrote:
> > >
> > > Ondrej Mosnacek writes:
> > > > Currently, SELinux doesn't allow distinguishing between kernel threa
On Fri, Jul 28, 2023 at 7:36 AM Ondrej Mosnacek wrote:
>
> On Fri, Jul 28, 2023 at 4:12 AM Michael Ellerman wrote:
> >
> > Ondrej Mosnacek writes:
> > > Currently, SELinux doesn't allow distinguishing between kernel threads
> > > and userspace processes that are started before the policy is firs
On Fri, Jul 28, 2023 at 4:12 AM Michael Ellerman wrote:
>
> Ondrej Mosnacek writes:
> > Currently, SELinux doesn't allow distinguishing between kernel threads
> > and userspace processes that are started before the policy is first
> > loaded - both get the label corresponding to the kernel SID. T
Ondrej Mosnacek writes:
> Currently, SELinux doesn't allow distinguishing between kernel threads
> and userspace processes that are started before the policy is first
> loaded - both get the label corresponding to the kernel SID. The only
> way a process that persists from early boot can get a mea