| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <67f69600ed221_71fe2946f@dwillia2-xfh.jf.intel.com.notmuch> Date: Wed, 9 Apr 2025 08:45:05 -0700 From: Dan Williams <dan.j.williams@...el.com> To: Paul Moore <paul@...l-moore.com>, Nikolay Borisov <nik.borisov@...e.com> CC: <linux-security-module@...r.kernel.org>, <serge@...lyn.com>, <kees@...nel.org>, <linux-kernel@...r.kernel.org>, <kirill.shutemov@...ux.intel.com>, <linux-coco@...ts.linux.dev> Subject: Re: [PATCH 0/2] Allow individual features to be locked down Paul Moore wrote: > On Fri, Mar 21, 2025 at 6:24 AM Nikolay Borisov <nik.borisov@...e.com> wrote: > > > > This simple change allows usecases where someone might want to lock only specific > > feature at a finer granularity than integrity/confidentiality levels allows. > > The first likely user of this is the CoCo subsystem where certain features will be > > disabled. > > > > Nikolay Borisov (2): > > lockdown: Switch implementation to using bitmap > > lockdown/kunit: Introduce kunit tests > > Hi Nikolay, > > Thanks for the patches! With the merge window opening in a few days, > it is too late to consider this for the upcoming merge window so > realistically this patchset is two weeks out and I'm hopeful we'll > have a dedicated Lockdown maintainer by then so I'm going to defer the > ultimate decision on acceptance to them. The patches in this thread proposed to selectively disable /dev/mem independent of all the other lockdown mitigations. That goal can be achieved with more precision with this proposed patch: http://lore.kernel.org/67f5b75c37143_71fe2949b@dwillia2-xfh.jf.intel.com.notmuch
Powered by blists - more mailing lists