lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Mar 2008 08:59:06 +0800 From: "Paul Menage" <menage@...gle.com> To: "Serge E. Hallyn" <serue@...ibm.com> Cc: "Pavel Emelyanov" <xemul@...nvz.org>, "James Morris" <jmorris@...ei.org>, lkml <linux-kernel@...r.kernel.org>, linux-security-module@...r.kernel.org, "Greg KH" <greg@...ah.com>, "Stephen Smalley" <sds@...ch.ncsc.mil>, "Casey Schaufler" <casey@...aufler-ca.com> Subject: Re: [RFC] cgroups: implement device whitelist lsm (v2) On Fri, Mar 14, 2008 at 10:42 PM, Serge E. Hallyn <serue@...ibm.com> wrote: > > cgroup hooks next to the lsm hooks. So in fs/namei.c where there are > security_inode_permission() hooks, there would also be > cgroup_inode_permission() hooks to let the devices cgroup mediate the > access. Well, in permission(), probably not in exec_permission_lite() > since that's probalby not a device access :) This would just be a device cgroup-specific thing, right? Nothing to do with the generic framework? If so, then that sounds fine (to me, at least). Paul -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists