| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.00.1111020735080.11087@tundra.namei.org> Date: Wed, 2 Nov 2011 07:45:53 +1100 (EST) From: James Morris <jmorris@...ei.org> To: Kees Cook <keescook@...omium.org> cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH v6 0/3] security: Yama LSM On Wed, 26 Oct 2011, Kees Cook wrote: > As discussed at the Linux Security Summit, I'm resubmitting this > code. As an LSM, it has coherent policy around expanding specific DAC > behaviors. There is no need for it to be a full-blown MAC, since it is > not intended to be one, but rather to be a simplified expansion to DAC, > with system-wide knobs. See the specific patches for details... Yes, there was a strong consensus (unanimous I believe) at the security summit on incorporating the Yama LSM as a container for generally useful miscellaneous security hardening features that don't belong elsewhere. This means that LSM is no longer 'officially' only for access control mechanisms. We probably need to flesh out criteria for inclusion in Yama and document it. - James -- James Morris <jmorris@...ei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists