| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Dec 2008 12:04:07 +1100 (EST) From: James Morris <jmorris@...ei.org> To: linux-security-module@...r.kernel.org cc: Alexey Dobriyan <adobriyan@...il.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, David Miller <davem@...emloft.net>, auke-jan.h.kok@...el.com, Andrew Morton <akpm@...ux-foundation.org>, e1000-devel@...ts.sourceforge.net, netdev@...r.kernel.org, Eric Paris <eparis@...isplace.org>, Stephen Smalley <sds@...ho.nsa.gov>, Al Viro <viro@....linux.org.uk>, Chris Wright <chrisw@...s-sol.org> Subject: [PATCH 0/3][RFC] Fix security and SELinux handling of proc/* filesystems These patches address the issues encountered in the recent discussion: "[E1000-devel] networking probs in next-20081203" <https://kerneltrap.org/mailarchive/linux-netdev/2008/12/4/4315684/thread> where making proc/net into its own filesystem to be mounted on a per-namespace basis caused SELinux labeling to stop working. The solution is to first ensure that the filesystem is correctly labeled, and then to also allow filesystems being mounted by the kernel to bypass SELinux permission checks (these operations should always be allowed). The mount flags are now passed to security_sb_kern_mount(), so that the security module can check whether MS_KERNMOUNT is set. Please review and ack if ok. These patches are against git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/proc.git#proc-wip -- James Morris <jmorris@...ei.org> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists