Re: [PATCH v6 0/3] LSM: security module information improvements

From: James Morris
Date: Thu Oct 27 2016 - 18:32:49 EST

Next message: Cyrill Gorcunov: "Re: [REVIEW][PATCH v2] mm: Add a user_ns owner to mm_struct and fix ptrace permission checks"
Previous message: Ray Jui: "Re: [PATCH 4/5] net: ethernet: bgmac: add NS2 support"
In reply to: Kees Cook: "Re: [PATCH v6 0/3] LSM: security module information improvements"
Next in thread: John Johansen: "Re: [PATCH v6 0/3] LSM: security module information improvements"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 26 Oct 2016, Casey Schaufler wrote:

> Create interfaces that make it possible to deal with process
> attributes in the face of multiple "major" security modules.

We don't have support for multiple major modules currently (perhaps ever),
so I'm not merging infrastructure which is only useful for them.

>
> Patch 1/3 adds /sys/kernel/security/lsm, which provides
> a list of the active security modules on the system.
>
> $ cat /sys/kernel/security/lsm
> capability,yama,loadpin,smack

This may make sense on its own. Has anyone requested this, or is likely
to adopt it into a distro?

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Cyrill Gorcunov: "Re: [REVIEW][PATCH v2] mm: Add a user_ns owner to mm_struct and fix ptrace permission checks"
Previous message: Ray Jui: "Re: [PATCH 4/5] net: ethernet: bgmac: add NS2 support"
In reply to: Kees Cook: "Re: [PATCH v6 0/3] LSM: security module information improvements"
Next in thread: John Johansen: "Re: [PATCH v6 0/3] LSM: security module information improvements"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]