On Thu, Mar 2, 2023 at 12:46 PM Luis Chamberlain wrote:
>
> register_sysctl_table() is a deprecated compatibility wrapper.
> register_sysctl() can do the directory creation for you so just use
> that.
>
> Signed-off-by: Luis Chamberlain
Acked-by: Song Liu
Thanks!
; drivers/infiniband/core/ucma.c| 2 +-
> drivers/macintosh/mac_hid.c | 2 +-
> drivers/md/md.c | 2 +-
For md bits:
Reviewed-by: Song Liu
Thanks,
Song
[...]
On Wed, May 7, 2025 at 8:37 AM Maxime Bélair
wrote:
[...]
> >
> > These two do not feel like real benefits:
> > - One syscall cannot fit all use cases well...
>
> This syscall is not intended to cover every case, nor to replace existing
> kernel
> interfaces.
>
> Each LSM can decide which operati
On Tue, May 6, 2025 at 7:40 AM Maxime Bélair
wrote:
>
> Add support for the new lsm_manage_policy syscall, providing a unified
> API for loading and modifying LSM policies without requiring the LSM’s
> pseudo-filesystem.
>
> Benefits:
> - Works even if the LSM pseudo-filesystem isn’t mounted or
On Tue, May 6, 2025 at 7:40 AM Maxime Bélair
wrote:
>
> Define a new LSM hook security_lsm_manage_policy and wire it into the
> lsm_manage_policy() syscall so that LSMs can register a unified interface
> for policy management. This initial, minimal implementation only supports
> the LSM_POLICY_LOA
> On Jul 14, 2025, at 1:45 AM, Christian Brauner wrote:
>
> On Fri, Jul 11, 2025 at 04:22:52PM +0000, Song Liu wrote:
>>
>>
>>> On Jul 11, 2025, at 2:36 AM, Christian Brauner wrote:
>>
>> [...]
>>
>>>>>
>>>> To ma
: Song Liu
---
The primary motivation of this change is to monitor bind mount and move
mount in BPF LSM. There are a few options for this to work:
1. Introduce bpf_kern_path kfunc.
2. Add new hook(s), such as [1].
3. Something like this patch.
At this moment, I think this patch is the best solution
Hi Al and Paul,
Thanks for your comments!
> On Jul 9, 2025, at 8:19 AM, Paul Moore wrote:
>
> On Wed, Jul 9, 2025 at 6:24 AM Al Viro wrote:
>> On Tue, Jul 08, 2025 at 04:05:04PM -0700, Song Liu wrote:
>>> security_sb_mount handles multiple types of mounts: new mo
> On Jul 10, 2025, at 4:46 AM, Christian Brauner wrote:
[...]
>> Right now, we have security_sb_mount and security_move_mount, for
>> syscall “mount” and “move_mount” respectively. This is confusing
>> because we can also do move mount with syscall “mount”. How about
>> we create 5 differen
> On Jul 11, 2025, at 2:36 AM, Christian Brauner wrote:
[...]
>>>
>> To make sure I understand the comment. By “new mount api”, do you mean
>> the code path under do_new_mount()?
>
> fsopen()
> fsconfig()
> fsmount()
> open_tree()
> open_tree_attr()
> move_mount()
> statmount()
> listmount(
> On Jul 11, 2025, at 2:36 AM, Christian Brauner wrote:
>
> On Thu, Jul 10, 2025 at 05:00:18PM +0000, Song Liu wrote:
>>
>>
>>> On Jul 10, 2025, at 4:46 AM, Christian Brauner wrote:
>>
>> [...]
>>
>>>> Right now, we have securit
> On Jul 16, 2025, at 1:31 AM, Christian Brauner wrote:
>
> On Tue, Jul 15, 2025 at 10:31:39PM +0000, Song Liu wrote:
>>
>>> On Jul 15, 2025, at 3:18 AM, Christian Brauner wrote:
>>> On Mon, Jul 14, 2025 at 03:10:57PM +, Song Liu wrote:
>>
&g
> On Jul 15, 2025, at 3:18 AM, Christian Brauner wrote:
> On Mon, Jul 14, 2025 at 03:10:57PM +, Song Liu wrote:
[...]
>>> If you place a new security hook into __do_loopback() the only thing
>>> that I'm not excited about is that we're holding the glob
13 matches
Mail list logo
