Re: [PATCH] LSM: LoadPin for module and firmware loading restrictions

From: Kees Cook
Date: Mon Jul 27 2015 - 22:42:21 EST

Next message: Stephen Rothwell: "linux-next: build failure after merge of the tip tree"
Previous message: Shawn Guo: "Re: [PATCH v2] ARM: dts: ls1021a: audio: Add dts nodes for audio on LS1021A"
In reply to: James Morris: "Re: [PATCH] LSM: LoadPin for module and firmware loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 27, 2015 at 7:36 PM, James Morris <jmorris@xxxxxxxxx> wrote:
> On Mon, 27 Jul 2015, Kees Cook wrote:
>
>> On Sun, Jul 26, 2015 at 9:26 PM, James Morris <jmorris@xxxxxxxxx> wrote:
>> > On Thu, 23 Jul 2015, Kees Cook wrote:
>> >
>> >> +
>> >> +/*
>> >> + * Return an allocated string that has been escaped of special characters
>> >> + * and double quotes, making it safe to log in quotes.
>> >> + */
>> >> +static char *kstrdup_quotable(char *src)
>> >> +{
>> >
>> > Do you think these should go into a library?
>>
>> Possibly. There are some other areas of code that almost do the same
>> thing, but not exactly. Perhaps I'll first change Yama around to use
>> it, then send these again.
>
> Ok. Is this the same code being used in ChromeOS?

Essentially, yes. As the kernels used by Chrome OS don't have LSM
stacking, we merged a bunch of functionality into a single LSM.
LoadPin is a logical subset of that LSM.

-Kees

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Rothwell: "linux-next: build failure after merge of the tip tree"
Previous message: Shawn Guo: "Re: [PATCH v2] ARM: dts: ls1021a: audio: Add dts nodes for audio on LS1021A"
In reply to: James Morris: "Re: [PATCH] LSM: LoadPin for module and firmware loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]