lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240821130755.25031-1-cgoettsche@seltendoof.de>
Date: Wed, 21 Aug 2024 15:07:52 +0200
From: Christian Göttsche <cgoettsche@...tendoof.de>
To: selinux@...r.kernel.org
Cc: cgzones@...glemail.com,
	jsatterfield.linux@...il.com,
	linux-kernel@...r.kernel.org,
	omosnace@...hat.com,
	paul@...l-moore.com,
	stephen.smalley.work@...il.com,
	xiujianfeng@...weicloud.com,
	tweek@...gle.com,
	brambonne@...gle.com
Subject: Re: [PATCH 2/2] selinux: add support for xperms in conditional policies

> From: Christian Göttsche <cgzones@...glemail.com>
>
> Add support for extended permission rules in conditional policies.
> Currently the kernel accepts such rules already, but evaluating a
> security decision will hit a BUG() in
> services_compute_xperms_decision().  Thus reject extended permission
> rules in conditional policies for current policy versions.
>
> Add a new policy version for this feature.
>
> Signed-off-by: Christian Göttsche <cgzones@...glemail.com>
> ---
> Userspace patches are available at:
> https://github.com/SELinuxProject/selinux/pull/432
>
> Maybe the policy version 34 can be reused for the prefix/suffix filetrans
> feature to avoid two new versions?

Kindly ping.

Any comments?

This affects (improves?) also the netlink xperm proposal.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ