On Thu, Apr 23, 2015 at 09:30:13PM +0200, Greg Kroah-Hartman wrote: > On Thu, Apr 23, 2015 at 01:42:25PM -0400, Stephen Smalley wrote: > > On 04/23/2015 01:16 PM, Greg Kroah-Hartman wrote: > > > The binder developers at Samsung have stated that the implementation we > > > have here works for their model as well, so I guess that is some kind of > > > verification it's not entirely tied to D-Bus. They have plans on > > > dropping the existing binder kernel code and using the kdbus code > > > instead when it is merged. > > > > Where do things stand wrt LSM hooks for kdbus? I don't see any security > > hook calls in the kdbus tree except for the purpose of metadata > > collection of process security labels. But nothing for enforcing MAC > > over kdbus IPC. binder has a set of security hooks for that purpose, so > > it would be a regression wrt MAC enforcement to switch from binder to > > kdbus without equivalent checking there. > > There was a set of LSM hooks proposed for kdbus posted by Karol > Lewandowsk last October, and it also included SELinux and Smack patches. > They were going to be refreshed based on the latest code changes, but I > haven't seen them posted, or I can't seem to find them in my limited > email archive.
We have been waiting for right moment with these. :-) > Karol, what's the status of them? I have handed patchset over to Paul Osmialowski who started rework it for v4 relatively recently. I think it shouldn't be that hard to post updated version... Paul? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
