| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhRExVqdhHqs0njs7NY6bFg0BfcE-gMpS30HW9O7MSDfWQ@mail.gmail.com> Date: Wed, 26 Mar 2025 14:36:40 -0400 From: Paul Moore <paul@...l-moore.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: selinux@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [GIT PULL] selinux/selinux-pr-20250323 On Tue, Mar 25, 2025 at 7:02 PM Linus Torvalds <torvalds@...ux-foundation.org> wrote: > On Sun, 23 Mar 2025 at 12:39, Paul Moore <paul@...l-moore.com> wrote: > > > > - Add additional SELinux access controls for kernel file reads/loads > > > > The SELinux kernel file read/load access controls were never updated > > beyond the initial kernel module support, this pull request adds > > support for firmware, kexec, policies, and x.509 certificates. > > Honestly, is there a *reason* for this, or is this just some misguided > "for completeness" issue? > > Because dammit, adding more complexity to the security rules isn't a > feature, and isn't security. It's just theater ... >From my perspective this is largely a continuation of our discussion last April, and considering that you ignored my response then, I'm not sure typing out a meaningful reply here is a good use of my time. Anyone who is interested can find that thread on lore, unfortunately much of my response still applies. -- paul-moore.com
Powered by blists - more mailing lists