| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Nov 2011 12:15:36 -0800 From: Kees Cook <keescook@...omium.org> To: Vasiliy Kulikov <segoon@...nwall.com> Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, kernel-hardening@...ts.openwall.com, "Serge E. Hallyn" <serge@...lyn.com> Subject: Re: [RFC -resend] Make Yama pid_ns aware On Mon, Nov 28, 2011 at 11:35 AM, Kees Cook <keescook@...omium.org> wrote: > On Mon, Nov 28, 2011 at 11:16 AM, Vasiliy Kulikov <segoon@...nwall.com> wrote: >> As Yama's sysctls are about defining a security policy for the system, >> it is reasonable to define it per container in case of LXC containers >> (or out-of-tree alternatives like OpenVZ). In my opinion they belong >> to pid namespace. With per-pid_ns sysctls it is possible to create >> multiple containers with different ptrace, /tmp, etc. policies. >> [...] >> Signed-off-by: Vasiliy Kulikov <segoon@...nwall.com> > > Thanks! I'll include this in the next Yama patch set. > > Acked-by: Kees Cook <keescook@...omium.org> I should mention, this lives here now: http://git.kernel.org/?p=linux/kernel/git/kees/linux.git;a=shortlog;h=refs/heads/yama -Kees -- Kees Cook ChromeOS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists