[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150423193013.GA14365@kroah.com>
Date: Thu, 23 Apr 2015 21:30:13 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Stephen Smalley <sds@...ho.nsa.gov>,
Karol Lewandowski <lmctlx@...il.com>
Cc: Andy Lutomirski <luto@...capital.net>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Arnd Bergmann <arnd@...db.de>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
Tom Gundersen <teg@...m.no>, Jiri Kosina <jkosina@...e.cz>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Daniel Mack <daniel@...que.org>,
David Herrmann <dh.herrmann@...il.com>,
Djalal Harouni <tixxdz@...ndz.org>
Subject: Re: [GIT PULL] kdbus for 4.1-rc1
On Thu, Apr 23, 2015 at 01:42:25PM -0400, Stephen Smalley wrote:
> On 04/23/2015 01:16 PM, Greg Kroah-Hartman wrote:
> > The binder developers at Samsung have stated that the implementation we
> > have here works for their model as well, so I guess that is some kind of
> > verification it's not entirely tied to D-Bus. They have plans on
> > dropping the existing binder kernel code and using the kdbus code
> > instead when it is merged.
>
> Where do things stand wrt LSM hooks for kdbus? I don't see any security
> hook calls in the kdbus tree except for the purpose of metadata
> collection of process security labels. But nothing for enforcing MAC
> over kdbus IPC. binder has a set of security hooks for that purpose, so
> it would be a regression wrt MAC enforcement to switch from binder to
> kdbus without equivalent checking there.
There was a set of LSM hooks proposed for kdbus posted by Karol
Lewandowsk last October, and it also included SELinux and Smack patches.
They were going to be refreshed based on the latest code changes, but I
haven't seen them posted, or I can't seem to find them in my limited
email archive.
Karol, what's the status of them?
thanks,
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists