From: Daniel Jurgens
Add new LSM hooks to allocate and free security contexts and check for
permission to access a PKey.
Allocate and free a security context when creating and destroying a QP.
This context is used for controlling access to PKeys.
When a request is made to modify a QP that chang
On Sun, May 21, 2017 at 8:35 PM, James Morris wrote:
> On Fri, 19 May 2017, Dan Jurgens wrote:
>
>> From: Daniel Jurgens
>
> What kind of testing has this code had? It's relatively complex and as a
> security feature, it especially needs to be well-tested.
Check the relevant threads on the SELi
On Mon, May 22, 2017 at 6:42 AM, Daniel Jurgens wrote:
> On 5/21/2017 7:13 PM, James Morris wrote:
>> On Fri, 19 May 2017, Dan Jurgens wrote:
>>
>>> security/security.c | 385 ++
>> This looks wrong -- merge problem?
>
> Yes, it was a merge problem. I added bac
Hi,
2017-05-18 23:49 GMT+02:00 Paul Moore :
> My apologies to you and Sebastien for not reviewing these patches sooner.
It is ok, no problem.
Thanks for all the advice from you and Stephen. I will try to take all
this into account.
As I understand it, I should not give the choice to allocate or
On Tue, May 23, 2017 at 6:57 AM, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Add new LSM hooks to allocate and free security contexts and check for
> permission to access a PKey.
>
> Allocate and free a security context when creating and destroying a QP.
> This context is used for controlling a
FYI: I've rebased selinux/next on top of the latest linux-security/next branch.
-- Forwarded message --
From: James Morris
Date: Mon, May 22, 2017 at 3:40 AM
Subject: security-next merged to v4.12-rc2
To: linux-security-mod...@vger.kernel.org
FYI, for subsystem developers.
--
On Tue, May 23, 2017 at 12:29 PM, Sebastien Buisson
wrote:
> Hi,
Hello.
> 2017-05-18 23:49 GMT+02:00 Paul Moore :
>> My apologies to you and Sebastien for not reviewing these patches sooner.
>
> It is ok, no problem.
> Thanks for all the advice from you and Stephen. I will try to take all
> this
On Tue, 2017-05-23 at 18:29 +0200, Sebastien Buisson wrote:
> Hi,
>
> 2017-05-18 23:49 GMT+02:00 Paul Moore :
> > My apologies to you and Sebastien for not reviewing these patches
> > sooner.
>
> It is ok, no problem.
> Thanks for all the advice from you and Stephen. I will try to take
> all
> th
On Sat, 2017-05-20 at 12:11 +0200, Nicolas Iooss wrote:
> When allocating an array with calloc(), the first argument usually is
> the number of items and the second one the size of an item. Doing so
> silences a warning reported by clang's static analyzer:
>
> kernel_to_cil.c:2050:14: warning: