Re: [PATCH v6 0/3] security: Yama LSM

From: James Morris
Date: Tue Nov 01 2011 - 16:45:59 EST

Next message: Dan Magenheimer: "RE: [GIT PULL] mm: frontswap (for 3.2 window)"
Previous message: Mark Salter: "[PULL] Add support for Texas Instruments C6X architecture"
Next in thread: Kees Cook: "Re: [PATCH v6 0/3] security: Yama LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 26 Oct 2011, Kees Cook wrote:

> As discussed at the Linux Security Summit, I'm resubmitting this
> code. As an LSM, it has coherent policy around expanding specific DAC
> behaviors. There is no need for it to be a full-blown MAC, since it is
> not intended to be one, but rather to be a simplified expansion to DAC,
> with system-wide knobs. See the specific patches for details...

Yes, there was a strong consensus (unanimous I believe) at the security
summit on incorporating the Yama LSM as a container for generally useful
miscellaneous security hardening features that don't belong elsewhere.

This means that LSM is no longer 'officially' only for access control
mechanisms.

We probably need to flesh out criteria for inclusion in Yama and document
it.

- James
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dan Magenheimer: "RE: [GIT PULL] mm: frontswap (for 3.2 window)"
Previous message: Mark Salter: "[PULL] Add support for Texas Instruments C6X architecture"
Next in thread: Kees Cook: "Re: [PATCH v6 0/3] security: Yama LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]