[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <470689f0-223e-4d26-a919-8d48f383883b@I-love.SAKURA.ne.jp>
Date: Thu, 8 May 2025 07:04:46 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: Maxime Bélair <maxime.belair@...onical.com>,
Song Liu <song@...nel.org>
Cc: linux-security-module@...r.kernel.org, john.johansen@...onical.com,
paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com,
mic@...ikod.net, kees@...nel.org, stephen.smalley.work@...il.com,
casey@...aufler-ca.com, takedakn@...data.co.jp,
linux-api@...r.kernel.org, apparmor@...ts.ubuntu.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/3] Wire up the lsm_manage_policy syscall
On 2025/05/08 0:37, Maxime Bélair wrote:
> Again, each module decides which operations to expose through this syscall. In many cases
> the operation will still require CAP_SYS_ADMIN or a similar capability, so environments
> that choose this interface remain secure while gaining its advantages.
If the interpretation of "flags" argument varies across LSMs, it sounds like ioctl()'s
"cmd" argument. Also, there is prctl() which can already carry string-ish parameters
without involving open(). Why can't we use prctl() instead of lsm_manage_policy() ?
Powered by blists - more mailing lists