Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management

From: Stephen Smalley
Date: Fri Oct 07 2005 - 08:06:59 EST

Next message: Michael Tokarev: "kernel freeze (not even an OOPS) on remount-ro+umount when usingquotas"
Previous message: Pekka J Enberg: "Re: [PATCH] vm - swap_prefetch-15"
In reply to: David Howells: "Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management"
Next in thread: Chris Wright: "Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2005-10-07 at 10:10 +0100, David Howells wrote:
> I don't know. As far as I know, setxattr and co can be used to set and
> retrieve security data on files. I thought it would be desirable to have
> similar for keys. If not, I can remove both calls/hooks for the time being.

I agree that enabling security-aware applications to separately label
specific keys is desirable, so I'd suggest retaining that support, not
dropping it. We ultimately need the same support for all kernel objects
(we lost it for sockets and System V IPC when the old SELinux API had to
be dropped).

--
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Tokarev: "kernel freeze (not even an OOPS) on remount-ro+umount when usingquotas"
Previous message: Pekka J Enberg: "Re: [PATCH] vm - swap_prefetch-15"
In reply to: David Howells: "Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management"
Next in thread: Chris Wright: "Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]