On 11/14/2018 1:04 PM, Casey Schaufler wrote:
> On 10/24/2018 1:12 PM, Kees Cook wrote:
>> On Wed, Oct 24, 2018 at 1:56 AM, Casey Schaufler
>> wrote:
>>> On 10/23/2018 12:05 PM, Casey Schaufler wrote:
On 10/23/2018 11:50 AM, Kees Cook wrote:
> Did you poke around at my combined seri
On 10/24/2018 1:12 PM, Kees Cook wrote:
> On Wed, Oct 24, 2018 at 1:56 AM, Casey Schaufler
> wrote:
>> On 10/23/2018 12:05 PM, Casey Schaufler wrote:
>>> On 10/23/2018 11:50 AM, Kees Cook wrote:
>>>
Did you poke around at my combined series?
https://git.kernel.org/pub/scm/linux/kernel/g
On Wed, Oct 24, 2018 at 1:56 AM, Casey Schaufler wrote:
> On 10/23/2018 12:05 PM, Casey Schaufler wrote:
>> On 10/23/2018 11:50 AM, Kees Cook wrote:
>>
>>> Did you poke around at my combined series?
>>> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=lsm/ordering-v6-blob-shar
On 10/23/2018 12:05 PM, Casey Schaufler wrote:
> On 10/23/2018 11:50 AM, Kees Cook wrote:
>
>> Did you poke around at my combined series?
>> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=lsm/ordering-v6-blob-sharing
> I hope to do that on the plane later today.
I had a chan
On 10/23/2018 11:50 AM, Kees Cook wrote:
> On Tue, Oct 23, 2018 at 9:48 AM, Casey Schaufler
> wrote:
>> On 10/12/2018 12:01 PM, Kees Cook wrote:
>>> On Friday, October 12, 2018 3:19 AM, John Johansen
>>> wrote:
It isn't perfect but it manages consistency across distros as best as
can b
On Tue, Oct 23, 2018 at 9:48 AM, Casey Schaufler wrote:
> On 10/12/2018 12:01 PM, Kees Cook wrote:
>> On Friday, October 12, 2018 3:19 AM, John Johansen
>> wrote:
>>> It isn't perfect but it manages consistency across distros as best as
>>> can be achieved atm.
>> Yeah, this is why I'm okay with
On 10/12/2018 12:01 PM, Kees Cook wrote:
> On Friday, October 12, 2018 3:19 AM, John Johansen
> wrote:
>> It isn't perfect but it manages consistency across distros as best as
>> can be achieved atm.
> Yeah, this is why I'm okay with the current series: it provides as
> consistent a view as possib
On Friday, October 12, 2018 3:19 AM, John Johansen
wrote:
> It isn't perfect but it manages consistency across distros as best as
> can be achieved atm.
Yeah, this is why I'm okay with the current series: it provides as
consistent a view as possible, but leaves room for future improvements
(like
On 10/12/2018 04:31 AM, Jordan Glover wrote:
> Sent with ProtonMail Secure Email.
>
> ‐‐‐ Original Message ‐‐‐
> On Friday, October 12, 2018 3:19 AM, John Johansen
> wrote:
>>
>> It isn't perfect but it manages consistency across distros as best as
>> can be achieved atm.
>>
>> Its just
On 10/12/2018 04:31 AM, Jordan Glover wrote:
> ‐‐‐ Original Message ‐‐‐
> On Friday, October 12, 2018 2:26 AM, John Johansen
> wrote:
>
>> On 10/11/2018 04:53 PM, Jordan Glover wrote:
>>
>>> ‐‐‐ Original Message ‐‐‐
>>> On Friday, October 12, 2018 1:09 AM, Kees Cook keesc...@chro
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Friday, October 12, 2018 3:19 AM, John Johansen
wrote:
>
> It isn't perfect but it manages consistency across distros as best as
> can be achieved atm.
>
> Its just a fact that some LSMs are not going to be built into some
>
‐‐‐ Original Message ‐‐‐
On Friday, October 12, 2018 2:26 AM, John Johansen
wrote:
> On 10/11/2018 04:53 PM, Jordan Glover wrote:
>
> > ‐‐‐ Original Message ‐‐‐
> > On Friday, October 12, 2018 1:09 AM, Kees Cook keesc...@chromium.org wrote:
> >
> > > We've had things sort of like
On 10/11/2018 05:11 PM, Jordan Glover wrote:
> ‐‐‐ Original Message ‐‐‐
> On Friday, October 12, 2018 1:48 AM, John Johansen
> wrote:
>
>> On 10/11/2018 04:09 PM, Kees Cook wrote:
>>
>>> On Thu, Oct 11, 2018 at 3:58 PM, Jordan Glover
>>> golden_mille...@protonmail.ch wrote:
>>>
On T
On 10/11/2018 04:53 PM, Jordan Glover wrote:
> ‐‐‐ Original Message ‐‐‐
> On Friday, October 12, 2018 1:09 AM, Kees Cook wrote:
>
>> We've had things sort of like this proposed, but if you can convince
>> James and others, I'm all for it. I think the standing objection from
>> James and J
‐‐‐ Original Message ‐‐‐
On Friday, October 12, 2018 1:48 AM, John Johansen
wrote:
> On 10/11/2018 04:09 PM, Kees Cook wrote:
>
> > On Thu, Oct 11, 2018 at 3:58 PM, Jordan Glover
> > golden_mille...@protonmail.ch wrote:
> >
> > > On Thursday, October 11, 2018 7:57 PM, Kees Cook keesc...@
‐‐‐ Original Message ‐‐‐
On Friday, October 12, 2018 1:09 AM, Kees Cook wrote:
> We've had things sort of like this proposed, but if you can convince
> James and others, I'm all for it. I think the standing objection from
> James and John about this is that the results of booting with
> "
On 10/11/2018 04:09 PM, Kees Cook wrote:
> On Thu, Oct 11, 2018 at 3:58 PM, Jordan Glover
> wrote:
>> On Thursday, October 11, 2018 7:57 PM, Kees Cook
>> wrote:
>>> To switch to SELinux at boot time with
>>> "CONFIG_LSM=yama,loadpin,integrity,apparmor", the old way continues to
>>> w
On Thu, Oct 11, 2018 at 3:58 PM, Jordan Glover
wrote:
> On Thursday, October 11, 2018 7:57 PM, Kees Cook
> wrote:
>> To switch to SELinux at boot time with
>> "CONFIG_LSM=yama,loadpin,integrity,apparmor", the old way continues to
>> work:
>>
>> selinux=1 security=selinux
>>
>>
‐‐‐ Original Message ‐‐‐
On Thursday, October 11, 2018 7:57 PM, Kees Cook wrote:
> On Wed, Oct 10, 2018 at 5:18 PM, Kees Cook keesc...@chromium.org wrote:
>
> > v5:
> >
> > - redesigned to use CONFIG_LSM= and lsm= for both ordering and enabling
> > - dropped various Reviewed-bys due t
On Wed, Oct 10, 2018 at 5:18 PM, Kees Cook wrote:
> v5:
> - redesigned to use CONFIG_LSM= and lsm= for both ordering and enabling
> - dropped various Reviewed-bys due to rather large refactoring
Here's a tl;dr of the behavioral changes...
Right now, we have:
- hard-coded special LSM: capability
On Thu, 11 Oct 2018, Kees Cook wrote:
> On Wed, Oct 10, 2018 at 8:45 PM, James Morris wrote:
> > On Wed, 10 Oct 2018, Kees Cook wrote:
> >
> >> v5:
> >> - redesigned to use CONFIG_LSM= and lsm= for both ordering and enabling
> >> - dropped various Reviewed-bys due to rather large refactoring
> >
On Wed, Oct 10, 2018 at 8:45 PM, James Morris wrote:
> On Wed, 10 Oct 2018, Kees Cook wrote:
>
>> v5:
>> - redesigned to use CONFIG_LSM= and lsm= for both ordering and enabling
>> - dropped various Reviewed-bys due to rather large refactoring
>
> Patches 1-10 applied to
> git://git.kernel.org/pub/
On Wed, 10 Oct 2018, Kees Cook wrote:
> v5:
> - redesigned to use CONFIG_LSM= and lsm= for both ordering and enabling
> - dropped various Reviewed-bys due to rather large refactoring
Patches 1-10 applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-general
and
v5:
- redesigned to use CONFIG_LSM= and lsm= for both ordering and enabling
- dropped various Reviewed-bys due to rather large refactoring
v4:
- add Reviewed-bys.
- cosmetic tweaks.
- New patches to fully centralize LSM "enable" decisions:
LSM: Finalize centralized LSM enabling logic
appar
24 matches
Mail list logo
