From: John Johansen <john.johansen@canonical.com>
To: Eric Paris <eparis@parisplace.org>
Cc: Serge Hallyn <serge.hallyn@canonical.com>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org,
James Morris <james.l.morris@oracle.com>,
Eric Paris <eparis@redhat.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Jiri Kosina <jkosina@suse.cz>, Al Viro <viro@zeniv.linux.org.uk>,
Dan Carpenter <dan.carpenter@oracle.com>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] security: allow Yama to be unconditionally stacked
Date: Wed, 05 Sep 2012 12:47:19 -0700 [thread overview]
Message-ID: <5047AC47.8080808@canonical.com> (raw)
In-Reply-To: <CACLa4pvcqXfArSmm3bRadJF9unafyko9T4F9OfwUYTgHdfU49g@mail.gmail.com>
On 09/05/2012 11:32 AM, Eric Paris wrote:
> On Wed, Sep 5, 2012 at 11:47 AM, Serge Hallyn
> <serge.hallyn@canonical.com> wrote:
>> Quoting Kees Cook (keescook@chromium.org):
>>> Unconditionally call Yama when CONFIG_SECURITY_YAMA_STACKED is selected,
>>> no matter what LSM module is primary.
>>>
>>> Ubuntu and Chrome OS already carry patches to do this, and Fedora
>>> has voiced interest in doing this as well. Instead of having multiple
>>> distributions (or LSM authors) carrying these patches, just allow Yama
>>> to be called unconditionally when selected by the new CONFIG.
>>
>> I don't really like having both the STACKED and non-stacked paths. But
>> I don't have a good alternative.
>>
>>> Signed-off-by: Kees Cook <keescook@chromium.org>
>>
>> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
>
> I said basically the same thing to Kees off list. But I don't have an
> answer either.
>
> Acked-by: Eric Paris <eparis@redhat.com>
>
Yeah I'm not fond of it either but until some more generic form of LSM
stacking arives, I don't see a good alternative either
so until then
Acked-by: John Johansen <john.johansen@canonical.com>
next prev parent reply other threads:[~2012-09-05 19:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-04 20:32 [PATCH] security: allow Yama to be unconditionally stacked Kees Cook
2012-09-05 15:47 ` Serge Hallyn
2012-09-05 18:32 ` Eric Paris
2012-09-05 19:47 ` John Johansen [this message]
2012-09-05 21:08 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5047AC47.8080808@canonical.com \
--to=john.johansen@canonical.com \
--cc=dan.carpenter@oracle.com \
--cc=ebiederm@xmission.com \
--cc=eparis@parisplace.org \
--cc=eparis@redhat.com \
--cc=james.l.morris@oracle.com \
--cc=jkosina@suse.cz \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge.hallyn@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.