| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhQEPxYP_KU56gAGNHKQaxucY8gSsHiUB42PVgADBAccRQ@mail.gmail.com>
Date: Tue, 8 Feb 2022 11:26:25 -0500
From: Paul Moore <paul@...l-moore.com>
To: William Roberts <bill.c.roberts@...il.com>
Cc: Demi Marie Obenour <demiobenour@...il.com>,
Jeff Vander Stoep <jeffv@...gle.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Eric Paris <eparis@...isplace.org>,
SElinux list <selinux@...r.kernel.org>,
Linux kernel mailing list <linux-kernel@...r.kernel.org>,
selinux-refpolicy@...r.kernel.org
Subject: Re: [PATCH] SELinux: Always allow FIOCLEX and FIONCLEX
On Tue, Feb 8, 2022 at 9:05 AM William Roberts <bill.c.roberts@...il.com> wrote:
> On Mon, Feb 7, 2022 at 6:02 PM Paul Moore <paul@...l-moore.com> wrote:
> > On Mon, Feb 7, 2022 at 4:51 PM William Roberts <bill.c.roberts@...il.com> wrote:
> > > On Mon, Feb 7, 2022 at 3:42 PM William Roberts <bill.c.roberts@...il.com> wrote:
> > > >
> > > > + NNK and Dan
> > > - nnk and Dan.
> > > + Jeff
> > > Let me try again, looks like Nick left, not sure about Dan.
> > > Jeff, can you look this over?
> >
> > FWIW, I'm still not convinced merging this kernel patch is something
> > we want to do, so please don't assume that it's a done deal on the
> > kernel side.
>
> I agree and I don't think we can hit the merge button until it gets buy-in from
> in-use policy holders.
One thing I should have mentioned yesterday, my current thinking is
that if we do make the kernel change it needs to be wrapped with a
policy capability just as we do with other kernel changes which have a
potential impact on policy.
--
paul-moore.com
Powered by blists - more mailing lists