| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Feb 2017 14:23:13 -0500
From: Paul Moore <paul@...l-moore.com>
To: Antonio Murdaca <amurdaca@...hat.com>
Cc: Vivek Goyal <vgoyal@...hat.com>,
Antonio Murdaca <runcom@...hat.com>, selinux@...ho.nsa.gov,
linux-kernel@...r.kernel.org, cgroups@...r.kernel.org
Subject: Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs
On Thu, Feb 9, 2017 at 12:39 PM, Antonio Murdaca <amurdaca@...hat.com> wrote:
> On Feb 9, 2017 17:14, "Paul Moore" <paul@...l-moore.com> wrote:
> On Thu, Feb 9, 2017 at 11:02 AM, Antonio Murdaca <amurdaca@...hat.com>
> wrote:
>> From: Antonio Murdaca <runcom@...hat.com>
>>
>> This patch allows genfscon per-file labeling for cgroupfs. For instance,
>> this allows to label the "release_agent" file within each
>> cgroup mount and limit writes to it.
>>
>> Signed-off-by: Antonio Murdaca <amurdaca@...hat.com>
>> ---
>> security/selinux/hooks.c | 2 ++
>> 1 file changed, 2 insertions(+)
>
> This was already merged ... ?
>
>
> This is adding cgroup and cgroup2 to the other whitelist (afaict).
Yes, my apologies, I read this patch too quickly and confused it with
the previous cgroups patch.
Just to set expectations, this patch is too late for the upcoming
merge window, we can consider it in a few weeks once the merge window
has closed. This should give you some time to do some further testing
(hint, hint).
--
paul moore
www.paul-moore.com
Powered by blists - more mailing lists