On Sat, May 15, 2021 at 2:57 AM Casey Schaufler wrote:
> On 5/14/2021 8:12 AM, Ondrej Mosnacek wrote:
> > On Wed, May 12, 2021 at 7:12 PM Casey Schaufler
> > wrote:
> >> On 5/12/2021 9:44 AM, Ondrej Mosnacek wrote:
> >>> On Wed, May 12, 2021 at 6:18 PM Casey Schaufler
> >>> wrote:
> On 5/
On 5/14/2021 8:12 AM, Ondrej Mosnacek wrote:
> On Wed, May 12, 2021 at 7:12 PM Casey Schaufler
> wrote:
>> On 5/12/2021 9:44 AM, Ondrej Mosnacek wrote:
>>> On Wed, May 12, 2021 at 6:18 PM Casey Schaufler
>>> wrote:
On 5/12/2021 6:21 AM, Ondrej Mosnacek wrote:
> On Sat, May 8, 2021 at 1
On Wed, May 12, 2021 at 7:12 PM Casey Schaufler wrote:
>
> On 5/12/2021 9:44 AM, Ondrej Mosnacek wrote:
> > On Wed, May 12, 2021 at 6:18 PM Casey Schaufler
> > wrote:
> >> On 5/12/2021 6:21 AM, Ondrej Mosnacek wrote:
> >>> On Sat, May 8, 2021 at 12:17 AM Casey Schaufler
> >>> wrote:
> On
On 5/12/2021 9:44 AM, Ondrej Mosnacek wrote:
> On Wed, May 12, 2021 at 6:18 PM Casey Schaufler
> wrote:
>> On 5/12/2021 6:21 AM, Ondrej Mosnacek wrote:
>>> On Sat, May 8, 2021 at 12:17 AM Casey Schaufler
>>> wrote:
On 5/7/2021 4:40 AM, Ondrej Mosnacek wrote:
> Commit 59438b46471a ("sec
On Wed, May 12, 2021 at 6:18 PM Casey Schaufler wrote:
> On 5/12/2021 6:21 AM, Ondrej Mosnacek wrote:
> > On Sat, May 8, 2021 at 12:17 AM Casey Schaufler
> > wrote:
> >> On 5/7/2021 4:40 AM, Ondrej Mosnacek wrote:
> >>> Commit 59438b46471a ("security,lockdown,selinux: implement SELinux
> >>> loc
On 5/12/2021 6:21 AM, Ondrej Mosnacek wrote:
> On Sat, May 8, 2021 at 12:17 AM Casey Schaufler
> wrote:
>> On 5/7/2021 4:40 AM, Ondrej Mosnacek wrote:
>>> Commit 59438b46471a ("security,lockdown,selinux: implement SELinux
>>> lockdown") added an implementation of the locked_down LSM hook to
>>> S
On Sat, May 8, 2021 at 12:17 AM Casey Schaufler wrote:
> On 5/7/2021 4:40 AM, Ondrej Mosnacek wrote:
> > Commit 59438b46471a ("security,lockdown,selinux: implement SELinux
> > lockdown") added an implementation of the locked_down LSM hook to
> > SELinux, with the aim to restrict which domains are
On 5/7/2021 4:40 AM, Ondrej Mosnacek wrote:
> Commit 59438b46471a ("security,lockdown,selinux: implement SELinux
> lockdown") added an implementation of the locked_down LSM hook to
> SELinux, with the aim to restrict which domains are allowed to perform
> operations that would breach lockdown.
>
>
Commit 59438b46471a ("security,lockdown,selinux: implement SELinux
lockdown") added an implementation of the locked_down LSM hook to
SELinux, with the aim to restrict which domains are allowed to perform
operations that would breach lockdown.
However, in several places the security_locked_down() h
