On Tue, 31 Jul 2018, Micah Morton wrote:
> The ChromiumOS LSM used by ChromeOS will provide a hook for this, in
> order to enforce ChromeOS-specific policies regarding which UIDs/GIDs a
> process with CAP_SET{UID/GID} can transition to
Will you be submitting this LSM to mainline? It's a policy g
On 07/31/2018 02:47 PM, Micah Morton wrote:
> The ChromiumOS LSM used by ChromeOS will provide a hook for this, in
> order to enforce ChromeOS-specific policies regarding which UIDs/GIDs a
> process with CAP_SET{UID/GID} can transition to. The
> security_task_fix_setuid LSM hook is very helpful in
The ChromiumOS LSM used by ChromeOS will provide a hook for this, in
order to enforce ChromeOS-specific policies regarding which UIDs/GIDs a
process with CAP_SET{UID/GID} can transition to. The
security_task_fix_setuid LSM hook is very helpful in enabling such a feature
for ChromeOS that governs UI
On Tue, 31 Jul 2018, Micah Morton wrote:
> +static inline int security_task_fix_setgid(struct cred *new,
> +const struct cred *old,
> +int flags)
> +{
> + return 0;
> +}
> +
This looks whitespace-damaged. Please send patches as plain text.
--
James Morris
On 7/31/2018 10:34 AM, Micah Morton wrote:
> The set*uid system calls all call an LSM fixup hook called
> security_task_fix_setuid, which allows for altering the behavior of those
> calls by a security module. Comments explaining the LSM_SETID_* constants
> in /include/linux/security.h imply that t
The set*uid system calls all call an LSM fixup hook called
security_task_fix_setuid, which allows for altering the behavior of those
calls by a security module. Comments explaining the LSM_SETID_* constants
in /include/linux/security.h imply that the constants are to be used for
both the set*uid an
6 matches
Mail list logo
