| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Apr 2018 16:35:11 +0100
From: David Howells <dhowells@...hat.com>
To: Paul Moore <paul@...l-moore.com>
Cc: dhowells@...hat.com, viro@...iv.linux.org.uk,
linux-nfs@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-afs@...ts.infradead.org,
selinux@...ho.nsa.gov
Subject: Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7]
Paul Moore <paul@...l-moore.com> wrote:
> Adding the SELinux mailing list to the CC line; in the future please
> include the SELinux mailing list on patches like this. It would also
> be very helpful to include "selinux" somewhere in the subject line
> when the patch is predominately SELinux related (much like you did for
> the other LSMs in this patchset).
I should probably evict the SELinux bits into their own patch since the point
of this patch is the LSM hooks, not specifically SELinux's implementation
thereof.
> I can't say I've digested all of this yet, but what SELinux testing
> have you done with this patchset?
Using the fsopen()/fsmount() syscalls, these hooks will be made use of, say
for NFS (which I haven't included in this list). Even sys_mount() will make
use of them a bit, so just booting the system does that.
Note that for SELinux these hooks don't change very much except how the
parameters are handled. It doesn't actually change the checks that are made -
at least, not yet. There are some additional syscalls under consideration
(such as the ability to pick a live mounted filesystem into a context) that
might require additional permits.
David
Powered by blists - more mailing lists