Re: [PATCH v6 0/3] security: Yama LSM

[Kees Cook]

On Tue, Nov 1, 2011 at 1:45 PM, James Morris <jmorris@xxxxxxxxx> wrote:
> On Wed, 26 Oct 2011, Kees Cook wrote:
>
> > As discussed at the Linux Security Summit, I'm resubmitting this
> > code. As an LSM, it has coherent policy around expanding specific DAC
> > behaviors. There is no need for it to be a full-blown MAC, since it is
> > not intended to be one, but rather to be a simplified expansion to DAC,
> > with system-wide knobs. See the specific patches for details...
>
> Yes, there was a strong consensus (unanimous I believe) at the security
> summit on incorporating the Yama LSM as a container for generally useful
> miscellaneous security hardening features that don't belong elsewhere.
>
> This means that LSM is no longer 'officially' only for access control
> mechanisms.

That would be very welcome.

> We probably need to flesh out criteria for inclusion in Yama and document
> it.

What's the best way for me to help with that documentation?

Thanks,

-Kees

--
Kees Cook
ChromeOS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/