hook recursion (not sure if in practice).
Thanks,
Amir.
Good point, back to Stephen Smalley?
There are four __vfs_getxattr calls inside security, not sure I see any
natural way to determine the recursion in security/selinux I can
beg/borrow/steal from; but I get the strange feeling that it is
On 10/03/2018 01:26 PM, Kees Cook wrote:
On Wed, Oct 3, 2018 at 6:39 AM, Stephen Smalley wrote:
On 10/02/2018 07:54 PM, Kees Cook wrote:
On Tue, Oct 2, 2018 at 4:46 PM, John Johansen
wrote:
On 10/02/2018 04:06 PM, Kees Cook wrote:
I think the current proposal (in the other thread) is
On 10/02/2018 07:54 PM, Kees Cook wrote:
On Tue, Oct 2, 2018 at 4:46 PM, John Johansen
wrote:
On 10/02/2018 04:06 PM, Kees Cook wrote:
I think the current proposal (in the other thread) is likely the
sanest approach:
- Drop CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE
- Drop CONFIG_SECURITY_APPARM
On 10/02/2018 12:54 PM, Kees Cook wrote:
On Tue, Oct 2, 2018 at 9:33 AM, Jordan Glover
wrote:
It's always documented as: "selinux=1 security=selinux" so security= should
still do the job and selinux=1 become no-op, no?
The v3 patch set worked this way, yes. (The per-LSM enable defaults
were s
On 10/02/2018 10:44 AM, Kees Cook wrote:
On Tue, Oct 2, 2018 at 6:42 AM, Stephen Smalley wrote:
On 10/02/2018 08:12 AM, Paul Moore wrote:
On Mon, Oct 1, 2018 at 9:04 PM Kees Cook wrote:
Since LSM enabling is now centralized with CONFIG_LSM_ENABLE and
"lsm.enable=...", this remov
On 10/02/2018 08:12 AM, Paul Moore wrote:
On Mon, Oct 1, 2018 at 9:04 PM Kees Cook wrote:
Since LSM enabling is now centralized with CONFIG_LSM_ENABLE and
"lsm.enable=...", this removes the LSM-specific enabling logic from
SELinux.
Signed-off-by: Kees Cook
---
.../admin-guide/kernel-paramet
On 09/28/2018 04:25 PM, Stephen Smalley wrote:
On 09/28/2018 04:01 PM, Kees Cook wrote:
On Fri, Sep 28, 2018 at 8:55 AM, Casey Schaufler
wrote:
On 9/24/2018 5:18 PM, Kees Cook wrote:
v3:
- add CONFIG_LSM_ENABLE and refactor resulting logic
Kees, you can add my
Reviewed-by:Casey
On 09/28/2018 04:01 PM, Kees Cook wrote:
On Fri, Sep 28, 2018 at 8:55 AM, Casey Schaufler wrote:
On 9/24/2018 5:18 PM, Kees Cook wrote:
v3:
- add CONFIG_LSM_ENABLE and refactor resulting logic
Kees, you can add my
Reviewed-by:Casey Schaufler
for this entire patch set. Thank you f
On 03/10/2018 10:08 PM, Victor Kamensky wrote:
>
>
> On Tue, 20 Feb 2018, Stephen Smalley wrote:
>
>> On Fri, 2018-02-16 at 20:33 +, Taras Kondratiuk wrote:
>>> From: Victor Kamensky
>>>
>>> With initramfs cpio format that supports extended att
On 03/10/2018 10:07 PM, Victor Kamensky wrote:
>
>
> On Tue, 20 Feb 2018, Stephen Smalley wrote:
>
>> On Fri, 2018-02-16 at 20:33 +, Taras Kondratiuk wrote:
>>> From: Victor Kamensky
>>>
>>> initramfs code supporting extended cpio format have
On Fri, 2018-02-16 at 20:33 +, Taras Kondratiuk wrote:
> From: Victor Kamensky
>
> initramfs code supporting extended cpio format have ability to
> fill extended attributes from cpio archive, but if SELinux enabled
> and security server is not initialized yet, selinux callback would
> refuse
On Fri, 2018-02-16 at 20:33 +, Taras Kondratiuk wrote:
> From: Victor Kamensky
>
> With initramfs cpio format that supports extended attributes
> we need to skip sid population on sys_lsetxattr call from
> initramfs for rootfs if security server is not initialized yet.
>
> Otherwise callback
12 matches
Mail list logo
