lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250728111517.134116-1-nik.borisov@suse.com>
Date: Mon, 28 Jul 2025 14:15:14 +0300
From: Nikolay Borisov <nik.borisov@...e.com>
To: linux-security-module@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
	paul@...l-moore.com,
	serge@...lyn.com,
	jmorris@...ei.org,
	dan.j.williams@...el.com,
	Nikolay Borisov <nik.borisov@...e.com>
Subject: [PATCH v2 0/3] Allow individual features to be locked down

This simple change allows usecases where someone might want to  lock only specific
feature at a finer granularity than integrity/confidentiality levels allows.
The first likely user of this is the CoCo subsystem where certain features will be
disabled.

Changes since v1:
 * Added Patch 3 to incoroporate Serge's hardening suggestion

Nikolay Borisov (3):
  lockdown: Switch implementation to using bitmap
  lockdown/kunit: Introduce kunit tests
  lockdown: Use snprintf in lockdown_read

 security/lockdown/Kconfig         |  5 +++
 security/lockdown/Makefile        |  1 +
 security/lockdown/lockdown.c      | 36 +++++++++++++++------
 security/lockdown/lockdown_test.c | 54 +++++++++++++++++++++++++++++++
 4 files changed, 86 insertions(+), 10 deletions(-)
 create mode 100644 security/lockdown/lockdown_test.c

--
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ