From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christian Stroetmann Subject: Re: [PATCH] security: Yama LSM Date: Wed, 23 Jun 2010 08:43:19 +0200 Message-ID: <4C21AD07.5050201@ontolinux.com> References: <20100621213424.GG24749@outflux.net> <201006220028.o5M0Sbx7062650@www262.sakura.ne.jp> <20100622011452.GN24749@outflux.net> <4C20ABC0.5050908@nokia.com> <20100622160613.GC5876@outflux.net> <4C21A39C.6040406@ontolinux.com> <20100623062242.GG5876@outflux.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: linux-kernel , linux-fsdevel , linux-security-module To: Kees Cook Return-path: In-Reply-To: <20100623062242.GG5876@outflux.net> Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On 23.06.2010 08:22, Kees Cook wrote: > On Wed, Jun 23, 2010 at 08:03:08AM +0200, Christian Stroetmann wrote: > >> "You've already had those suggestions some days ago. Use a security >> module, either by using something like SELinux (where you can do >> this just fine as far as I can see including exceptions by label for >> problem apps)", [Alan Cox, 2010-06-08], or integrate it into an >> already existing solution eg. grsecurity (www.grsecurity.net). >> > You appear to be quoting[1], but you left off a bit. To edit it a bit: > > "Use a security module, either by using something like SELinux (...), > or write your own little security module that does it." > > I have done the latter. > > I don't need to integrate this into grsecurity because grsecurity already > has these protections. It is Openwall and grsecurity that I'm using as the > starting point for this attempt at upstreaming the protections. > So, this sounds as if you are porting functionalities from grsecurtiy into LSM. But [1]. > -Kees > > [1] http://lkml.org/lkml/2010/6/8/56 > > [1] http://www.grsecurity.net/lsm.php Chrisitan Stroetmann