lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 23 Apr 2015 21:30:13 +0200
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	Stephen Smalley <sds@...ho.nsa.gov>,
	Karol Lewandowski <lmctlx@...il.com>
Cc:	Andy Lutomirski <luto@...capital.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Arnd Bergmann <arnd@...db.de>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	Tom Gundersen <teg@...m.no>, Jiri Kosina <jkosina@...e.cz>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Daniel Mack <daniel@...que.org>,
	David Herrmann <dh.herrmann@...il.com>,
	Djalal Harouni <tixxdz@...ndz.org>
Subject: Re: [GIT PULL] kdbus for 4.1-rc1

On Thu, Apr 23, 2015 at 01:42:25PM -0400, Stephen Smalley wrote:
> On 04/23/2015 01:16 PM, Greg Kroah-Hartman wrote:
> > The binder developers at Samsung have stated that the implementation we
> > have here works for their model as well, so I guess that is some kind of
> > verification it's not entirely tied to D-Bus.  They have plans on
> > dropping the existing binder kernel code and using the kdbus code
> > instead when it is merged.
> 
> Where do things stand wrt LSM hooks for kdbus?  I don't see any security
> hook calls in the kdbus tree except for the purpose of metadata
> collection of process security labels.  But nothing for enforcing MAC
> over kdbus IPC.  binder has a set of security hooks for that purpose, so
> it would be a regression wrt MAC enforcement to switch from binder to
> kdbus without equivalent checking there.

There was a set of LSM hooks proposed for kdbus posted by Karol
Lewandowsk last October, and it also included SELinux and Smack patches.
They were going to be refreshed based on the latest code changes, but I
haven't seen them posted, or I can't seem to find them in my limited
email archive.

Karol, what's the status of them?

thanks,

greg k-h

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ