lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2e1da617-c437-4ff9-93e0-e0e212aabfaa@swemel.ru>
Date: Fri, 13 Sep 2024 23:49:38 +0300
From: Konstantin Andreev <andreev@...mel.ru>
To: Casey Schaufler <casey@...aufler-ca.com>, paul@...l-moore.com
Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH v3 01/13] LSM: Add the lsm_prop data structure.

Casey Schaufler, 10 Sep 2024:
> ...
> The lsm_prop structure definition is intended to keep the LSM
> specific information private to the individual security modules.
> ...
> index 1390f1efb4f0..1027c802cc8c 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -140,6 +144,22 @@ enum lockdown_reason {
> +
> +/*
> + * Data exported by the security modules
> + */
> +struct lsm_prop {
> +	struct lsm_prop_selinux selinux;
> +	struct lsm_prop_smack smack;
> +	struct lsm_prop_apparmor apparmor;
> +	struct lsm_prop_bpf bpf;
> +	struct lsm_prop_scaffold scaffold;
> +};

This design prevents compiling and loading out-of-tree 3rd party LSM, am I right?

Out-of-tree LSM's were discussed recently at

https://lore.kernel.org/linux-security-module/efb8f264-f80e-43b2-8ea3-fcc9789520ec@I-love.SAKURA.ne.jp/T/
https://lore.kernel.org/linux-security-module/960e740f-e5d9-409b-bb2a-8bdceffaae95@I-love.SAKURA.ne.jp/T/

but it looks like a final decision to ban them is not taken yet.
--
Konstantin Andreev

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ