v4: Finer granularity in the patches and other
cleanups suggested by Kees Cook.
Removed dead code created by the removal of SELinux
credential blob poisoning.
v3: Add ipc blob for SARA and task blob for Landlock.
Removing the SELinux cred blob pointer poisoning
results selinux_i
On 9/21/2018 8:02 PM, Kees Cook wrote:
> On Fri, Sep 21, 2018 at 4:59 PM, Casey Schaufler
> wrote:
>> v4: Finer granularity in the patches and other
>> cleanups suggested by Kees Cook.
>> Removed dead code created by the removal of SELinux
>> credential blob poisoning.
> Thanks for th
On Fri, Sep 21, 2018 at 4:59 PM, Casey Schaufler wrote:
> v4: Finer granularity in the patches and other
> cleanups suggested by Kees Cook.
> Removed dead code created by the removal of SELinux
> credential blob poisoning.
Thanks for the splitting, this really does make it easier to r
On Sat, Sep 22, 2018 at 9:38 AM, Casey Schaufler wrote:
> On 9/21/2018 8:02 PM, Kees Cook wrote:
>> On Fri, Sep 21, 2018 at 4:59 PM, Casey Schaufler
>> wrote:
>>> v4: Finer granularity in the patches and other
>>> cleanups suggested by Kees Cook.
>>> Removed dead code created by the remo
On 9/23/2018 8:59 AM, Tetsuo Handa wrote:
> On 2018/09/23 11:43, Kees Cook wrote:
I'm excited about getting this landed!
>>> Soon. Real soon. I hope. I would very much like for
>>> someone from the SELinux camp to chime in, especially on
>>> the selinux_is_enabled() removal.
>> Agreed.
>>
> Th
On 2018/09/24 2:09, Casey Schaufler wrote:
>> Since all free hooks are called when one of init hooks failed, each
>> free hook needs to check whether init hook was called. An example is
>> inode_free_security() in security/selinux/hooks.c (but not addressed in
>> this patch).
>
> I *think*
On 2018/09/23 11:43, Kees Cook wrote:
>>> I'm excited about getting this landed!
>>
>> Soon. Real soon. I hope. I would very much like for
>> someone from the SELinux camp to chime in, especially on
>> the selinux_is_enabled() removal.
>
> Agreed.
>
This patchset from Casey lands before the patc
On 09/23/2018 01:09 PM, Casey Schaufler wrote:
On 9/23/2018 8:59 AM, Tetsuo Handa wrote:
On 2018/09/23 11:43, Kees Cook wrote:
I'm excited about getting this landed!
Soon. Real soon. I hope. I would very much like for
someone from the SELinux camp to chime in, especially on
the selinux_is_enab
On 9/24/2018 8:01 AM, Stephen Smalley wrote:
> On 09/23/2018 01:09 PM, Casey Schaufler wrote:
>> On 9/23/2018 8:59 AM, Tetsuo Handa wrote:
>>> On 2018/09/23 11:43, Kees Cook wrote:
>> I'm excited about getting this landed!
> Soon. Real soon. I hope. I would very much like for
> someone
On 9/23/2018 6:53 PM, Tetsuo Handa wrote:
> On 2018/09/24 2:09, Casey Schaufler wrote:
>>> Since all free hooks are called when one of init hooks failed, each
>>> free hook needs to check whether init hook was called. An example is
>>> inode_free_security() in security/selinux/hooks.c (but no
On 2018/09/25 1:15, Casey Schaufler wrote:
Since all free hooks are called when one of init hooks failed, each
free hook needs to check whether init hook was called. An example is
inode_free_security() in security/selinux/hooks.c (but not addressed in
this patch).
>>
On 2018/09/25 2:16, Casey Schaufler wrote:
>> Not all of LKM-based LSMs use security blobs. And some of LKM-based LSMs
>> might use security blobs for only a few objects. For example, AKARI uses
>> inode security blob for remembering whether source address/port of an
>> accept()ed socket was alread
On 9/24/2018 10:53 AM, Tetsuo Handa wrote:
> On 2018/09/25 2:16, Casey Schaufler wrote:
>>> Not all of LKM-based LSMs use security blobs. And some of LKM-based LSMs
>>> might use security blobs for only a few objects. For example, AKARI uses
>>> inode security blob for remembering whether source ad
On Sun, 23 Sep 2018, Casey Schaufler wrote:
> > How do you plan to handle LKM-based LSMs?
>
> My position all along has been that I don't plan to handle LKM
> based LSMs, but that I won't do anything to prevent someone else
> from adding them later. I believe that I've done that. Several
> desi
14 matches
Mail list logo
