| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7cccbd87d3ca12f377fca6cbc564eb69@paul-moore.com> Date: Tue, 14 Oct 2025 19:12:48 -0400 From: Paul Moore <paul@...l-moore.com> To: Casey Schaufler <casey@...aufler-ca.com>, casey@...aufler-ca.com, eparis@...hat.com, linux-security-module@...r.kernel.org, audit@...r.kernel.org Cc: jmorris@...ei.org, serge@...lyn.com, keescook@...omium.org, john.johansen@...onical.com, penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com, linux-kernel@...r.kernel.org, selinux@...r.kernel.org Subject: Re: [PATCH RFC 6/15] LSM: Exclusive secmark usage On Jun 21, 2025 Casey Schaufler <casey@...aufler-ca.com> wrote: > > The network secmark can only be used by one security module > at a time. Establish mechanism to identify to security modules > whether they have access to the secmark. SELinux already > incorparates mechanism, but it has to be added to Smack and > AppArmor. > > Signed-off-by: Casey Schaufler <casey@...aufler-ca.com> > --- > include/linux/lsm_hooks.h | 1 + > security/apparmor/include/net.h | 5 +++++ > security/apparmor/lsm.c | 7 ++++--- > security/lsm_init.c | 6 ++++++ > security/selinux/hooks.c | 4 +++- > security/smack/smack.h | 5 +++++ > security/smack/smack_lsm.c | 3 ++- > security/smack/smack_netfilter.c | 10 ++++++++-- > 8 files changed, 34 insertions(+), 7 deletions(-) We discussed this patch in a separate patchset, lore link below. https://lore.kernel.org/linux-security-module/20251001215643.31465-1-casey@schaufler-ca.com/ -- paul-moore.com
Powered by blists - more mailing lists