| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8ee41bc4-ca8e-416f-8219-12d4a83e5f8b@kernel.org> Date: Thu, 24 Oct 2024 15:13:27 -0700 From: Fan Wu <wufan@...nel.org> To: corbet@....net, jmorris@...ei.org, paul@...l-moore.com, serge@...lyn.com Cc: linux-doc@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v1] ipe: add 'anonymous_memory' property for policy decisions Since this patch is quite straightforward, I have merged it into the ipe#next branch for testing and will send it to Linus during the next merge window. -Fan On 2024/10/10 10:42, Fan Wu wrote: > Currently, all existing IPE properties evaluate to FALSE for > operations triggered by anonymous memory regions. As a result, > IPE falls back to the policy's default action for such operations. > > In policies where the default action is DENY, this behavior blocks > all anonymous memory operations, rendering binaries that rely on > anonymous memory unusable. > > This commit introduces a new IPE property, 'anonymous_memory', > which evaluates to TRUE when an operation is triggered by an > anonymous memory region. This allows administrators to explicitly > allow or deny operations involving anonymous memory. > > Signed-off-by: Fan Wu <wufan@...ux.microsoft.com> > --- > Documentation/admin-guide/LSM/ipe.rst | 11 +++++++++++ > Documentation/security/ipe.rst | 9 +++++---- > security/ipe/Kconfig | 10 ++++++++++ > security/ipe/audit.c | 2 ++ > security/ipe/eval.c | 26 ++++++++++++++++++++++++++ > security/ipe/policy.h | 2 ++ > security/ipe/policy_parser.c | 4 ++++ > 7 files changed, 60 insertions(+), 4 deletions(-)
Powered by blists - more mailing lists