On Thu, Sep 13, 2018 at 8:55 AM peter enderborg
wrote:
> On 09/13/2018 01:11 PM, Michal Hocko wrote:
> > On Thu 13-09-18 09:12:04, peter enderborg wrote:
> >> On 09/13/2018 08:26 AM, Tetsuo Handa wrote:
> >>> On 2018/09/13 12:02, Paul Moore wrote:
> On Fri, Sep 7, 2018 at 12:43 PM Tetsuo
On Thu, Sep 13, 2018 at 3:12 AM peter enderborg
wrote:
> On 09/13/2018 08:26 AM, Tetsuo Handa wrote:
> > On 2018/09/13 12:02, Paul Moore wrote:
> >> On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa
> >> wrote:
> >>> syzbot is hitting warning at str_read() [1] because len parameter can
> >>> become
On Thu, Sep 13, 2018 at 2:26 AM Tetsuo Handa
wrote:
> On 2018/09/13 12:02, Paul Moore wrote:
> > On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa
> > wrote:
> >> syzbot is hitting warning at str_read() [1] because len parameter can
> >> become larger than KMALLOC_MAX_SIZE. We don't need to emit
On Thu, Sep 13, 2018 at 11:19 AM Kees Cook wrote:
> On Thu, Sep 13, 2018 at 6:16 AM, Paul Moore wrote:
> > On Thu, Sep 13, 2018 at 12:19 AM Kees Cook wrote:
> >> On Tue, Sep 11, 2018 at 9:42 AM, Casey Schaufler
> >> wrote:
> >> > Two proposed security modules require the ability to
> >> >
On 9/12/2018 4:53 PM, Kees Cook wrote:
> On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler
> wrote:
>> Move management of the cred security blob out of the
>> security modules and into the security infrastructure.
>> Instead of allocating and freeing space the security
>> modules tell the
On Thu, Sep 13, 2018 at 6:16 AM, Paul Moore wrote:
> On Thu, Sep 13, 2018 at 12:19 AM Kees Cook wrote:
>> On Tue, Sep 11, 2018 at 9:42 AM, Casey Schaufler
>> wrote:
>> > Two proposed security modules require the ability to
>> > share security blobs with existing "major" security modules.
>> >
On Thu, Sep 13, 2018 at 2:55 PM, peter enderborg
wrote:
>> syzbot is hitting warning at str_read() [1] because len parameter can
>> become larger than KMALLOC_MAX_SIZE. We don't need to emit warning for
>> this case.
>>
>> [1]
>>
On 09/13/2018 01:11 PM, Michal Hocko wrote:
> On Thu 13-09-18 09:12:04, peter enderborg wrote:
>> On 09/13/2018 08:26 AM, Tetsuo Handa wrote:
>>> On 2018/09/13 12:02, Paul Moore wrote:
On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa
wrote:
> syzbot is hitting warning at str_read() [1]
On Thu, Sep 13, 2018 at 12:19 AM Kees Cook wrote:
> On Tue, Sep 11, 2018 at 9:42 AM, Casey Schaufler
> wrote:
> > Two proposed security modules require the ability to
> > share security blobs with existing "major" security modules.
> > These modules, S.A.R.A and LandLock, provide significantly
On Thu 13-09-18 09:12:04, peter enderborg wrote:
> On 09/13/2018 08:26 AM, Tetsuo Handa wrote:
> > On 2018/09/13 12:02, Paul Moore wrote:
> >> On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa
> >> wrote:
> >>> syzbot is hitting warning at str_read() [1] because len parameter can
> >>> become larger
On Tue, Sep 11, 2018 at 9:42 AM, Casey Schaufler wrote:
> Move management of the file->f_security blob out of the
> individual security modules and into the infrastructure.
> The modules no longer allocate or free the data, instead
> they tell the infrastructure how much space they require.
>
>
On Tue, Sep 11, 2018 at 9:42 AM, Casey Schaufler wrote:
> Don't use the inode->i_security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
Pixel Security
On Tue, Sep 11, 2018 at 9:42 AM, Casey Schaufler wrote:
> Two proposed security modules require the ability to
> share security blobs with existing "major" security modules.
> These modules, S.A.R.A and LandLock, provide significantly
> different services than SELinux, Smack or AppArmor. Using
>
On Tue, Sep 11, 2018 at 9:42 AM, Casey Schaufler wrote:
> Don't use the inode->i_security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler
Happily mechanical! :)
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
Pixel
On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler wrote:
> Don't use the file->f_security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler
Seems delightfully mechanical.
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
Pixel
On Thu, Sep 13, 2018 at 5:02 AM, Paul Moore wrote:
> On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa
> wrote:
>> syzbot is hitting warning at str_read() [1] because len parameter can
>> become larger than KMALLOC_MAX_SIZE. We don't need to emit warning for
>> this case.
>>
>> [1]
>>
On 2018/09/13 12:02, Paul Moore wrote:
> On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa
> wrote:
>> syzbot is hitting warning at str_read() [1] because len parameter can
>> become larger than KMALLOC_MAX_SIZE. We don't need to emit warning for
>> this case.
>>
>> [1]
>>
On Tue, Sep 11, 2018 at 9:42 AM, Casey Schaufler wrote:
> Move management of the inode->i_security blob out
> of the individual security modules and into the security
> infrastructure. Instead of allocating the blobs from within
> the modules the modules tell the infrastructure how much
> space
On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler wrote:
> Move management of the cred security blob out of the
> security modules and into the security infrastructure.
> Instead of allocating and freeing space the security
> modules tell the infrastructure how much space they
> require.
There's
On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler wrote:
> Don't use the cred->security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler
Like smack, this seems to be largely:
On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler wrote:
> Back in 2007 I made what turned out to be a rather serious
> mistake in the implementation of the Smack security module.
> The SELinux module used an interface in /proc to manipulate
> the security context on processes. Rather than use a
On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler wrote:
> Don't use the cred->security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler
> ---
> security/smack/smack.h| 14 +++--
> security/smack/smack_access.c
Adding the SARA and LandLock authors for review & comment.
Salvatore & Mickaƫl: does this patchset meet your needs for merging to
mainline?
On Tue, 11 Sep 2018, Casey Schaufler wrote:
> LSM: Module stacking in support of S.A.R.A and Landlock
>
> v2: Reduce the patchset to what is required
On 09/13/2018 08:26 AM, Tetsuo Handa wrote:
> On 2018/09/13 12:02, Paul Moore wrote:
>> On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa
>> wrote:
>>> syzbot is hitting warning at str_read() [1] because len parameter can
>>> become larger than KMALLOC_MAX_SIZE. We don't need to emit warning for
>>>
24 matches
Mail list logo