| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 May 2017 13:14:19 -0700
From: John Johansen <john.johansen@...onical.com>
To: Kees Cook <keescook@...gle.com>
Cc: linux-security-module <linux-security-module@...r.kernel.org>,
James Morris <jmorris@...ei.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 3/3] apparmor: virtualize the policy/ directory
On 05/24/2017 12:38 PM, Kees Cook wrote:
> On Wed, May 10, 2017 at 7:46 PM, John Johansen
> <john.johansen@...onical.com> wrote:
>> virtualize the apparmor policy/ directory so that the current namespace
>> affects what part of policy is seen. This is done by
>>
>> * creating a new apparmorfs filesystem
>> * creating a magic symlink from securityfs to the correct apparmorfs
>> file in the tree (similar to nsfs use).
>>
>> apparmor fs data and fns also get renamed some to help indicate where
>> they are used
>>
>> aafs - special magic apparmorfs
>> aa_sfs - for fns/data that go into securityfs
>> aa_fs - for fns/data that may be used in the either of aafs or securityfs
>>
>> Signed-off-by: John Johansen <john.johansen@...onical.com>
>> Reviewed-by: Seth Arnold <seth.arnold@...onical.com>
>
> This all looks fine to me. If you do a v2 of these patches, it might
> make sense to split up some of the logical changes here. For example,
> have one patch that does the renamings but no code changes. Then add
> the new fs, and finally integrate the new fs. That might make it
> easier to review. Regardless:
>
> Reviewed-by: Kees Cook <keescook@...omium.org>
>
Okay, thanks will do.
Powered by blists - more mailing lists