[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201702061949.HGE43791.FFFtJVSHQOOLOM@I-love.SAKURA.ne.jp>
Date: Mon, 6 Feb 2017 19:49:49 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: tixxdz@...il.com
Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
linux-security-module@...r.kernel.org, keescook@...omium.org,
akpm@...ux-foundation.org, wluikil@...il.com, dongsu@...ocode.com,
luto@...nel.org, james.l.morris@...cle.com, serge@...lyn.com,
viro@...iv.linux.org.uk, daniel@...que.org, jann@...jh.net,
elena.reshetova@...el.com
Subject: Re: [RFC/PATCH 1/3] security: add the security_task_copy() hook
Djalal Harouni wrote:
> To achieve the above we add the security_task_copy() hook that allows us
> to clone the Timgad context of parent into child task_struct.
>
> The security hook can also be used by new LSMs after the child task has
> done some initialization, this way they won't clash with the major LSMs.
> The situation is not really well, this hook allows us to introduce a
> stackable LSM that can be easily used with all other LSMs.
We are already planning to revive security_task_alloc() hook (probably in Linux 4.12)
( news://news.gmane.org:119/201701101958.JAD43709.OtJSOQFVFOLHMF@...ove.SAKURA.ne.jp ).
Is security_task_alloc() called too early for your case?
(Well, we want to configure http archive like marc.info ?)
Powered by blists - more mailing lists