On Mon, Aug 15, 2016 at 12:59:13PM +0200, Mickaël Salaün wrote:
>
> On 15/08/2016 05:09, Sargun Dhillon wrote:
> > On Mon, Aug 15, 2016 at 12:57:44AM +0200, Mickaël Salaün wrote:
> >> Our approaches have some common points (i.e. use eBPF in an LSM, stacked
> >> filters like seccomp) but I'm focus
On 15/08/2016 05:09, Sargun Dhillon wrote:
> On Mon, Aug 15, 2016 at 12:57:44AM +0200, Mickaël Salaün wrote:
>> Our approaches have some common points (i.e. use eBPF in an LSM, stacked
>> filters like seccomp) but I'm focused on a kind of unprivileged LSM (i.e. no
>> CAP_SYS_ADMIN), to make stan
Hi,
I've been working on an extension to seccomp-bpf since last year and published
a first RFC about it [1]. I'm working on a second RFC/PoC which use eBPF
instead of cBPF and is more close to a common LSM than the first RFC. I plan to
publish this second RFC by the end of the month.
Our appro
On Mon, Aug 15, 2016 at 12:57:44AM +0200, Mickaël Salaün wrote:
> Hi,
>
> I've been working on an extension to seccomp-bpf since last year and
> published
> a first RFC about it [1]. I'm working on a second RFC/PoC which use eBPF
> instead of cBPF and is more close to a common LSM than the firs
On Mon, Aug 8, 2016 at 5:00 PM, Sargun Dhillon wrote:
> On Mon, Aug 08, 2016 at 04:44:02PM -0700, Kees Cook wrote:
>> On Thu, Aug 4, 2016 at 12:11 AM, Sargun Dhillon wrote:
>> > I distributed this patchset to linux-security-mod...@vger.kernel.org
>> > earlier,
>> > but based on the fact that the
On Mon, Aug 08, 2016 at 04:44:02PM -0700, Kees Cook wrote:
> On Thu, Aug 4, 2016 at 12:11 AM, Sargun Dhillon wrote:
> > I distributed this patchset to linux-security-mod...@vger.kernel.org
> > earlier,
> > but based on the fact that the archive is down, and this is a fairly
> > broad-sweeping pro
On Thu, Aug 4, 2016 at 12:11 AM, Sargun Dhillon wrote:
> I distributed this patchset to linux-security-mod...@vger.kernel.org earlier,
> but based on the fact that the archive is down, and this is a fairly
> broad-sweeping proposal, I figured I'd grow the audience a little bit. Sorry
> if you rece
On Thu, Aug 04, 2016 at 11:45:08AM +0200, Daniel Borkmann wrote:
> Hi Sargun,
>
> On 08/04/2016 09:11 AM, Sargun Dhillon wrote:
> [...]
> >[It's a] minor LSM. My particular use case is one in which containers are
> >being
> >dynamically deployed to machines by internal developers in a different g
Hi Sargun,
On 08/04/2016 09:11 AM, Sargun Dhillon wrote:
[...]
[It's a] minor LSM. My particular use case is one in which containers are being
dynamically deployed to machines by internal developers in a different group.
[...]
For many of these containers, the security policies can be fairly n
On Thu, Aug 04, 2016 at 10:41:17AM +0200, Richard Weinberger wrote:
> Sargun,
>
> On Thu, Aug 4, 2016 at 9:11 AM, Sargun Dhillon wrote:
> > I distributed this patchset to linux-security-mod...@vger.kernel.org
> > earlier,
> > but based on the fact that the archive is down, and this is a fairly
>
Sargun,
On Thu, Aug 4, 2016 at 9:11 AM, Sargun Dhillon wrote:
> I distributed this patchset to linux-security-mod...@vger.kernel.org earlier,
> but based on the fact that the archive is down, and this is a fairly
> broad-sweeping proposal, I figured I'd grow the audience a little bit. Sorry
> if
I distributed this patchset to linux-security-mod...@vger.kernel.org earlier,
but based on the fact that the archive is down, and this is a fairly
broad-sweeping proposal, I figured I'd grow the audience a little bit. Sorry
if you received this multiple times.
I've begun building out the skeleto
12 matches
Mail list logo
