From: James Morris <jmorris@namei.org>
To: Olga Kornievskaia <olga.kornievskaia@gmail.com>
Cc: trond.myklebust@hammerspace.com, anna.schumaker@netapp.com,
paul@paul-moore.com, stephen.smalley.work@gmail.com,
linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org,
selinux@vger.kernel.org
Subject: Re: [PATCH 1/2] [lsm] introduce a new hook to query LSM for functionality
Date: Sat, 7 Nov 2020 12:33:11 +1100 (AEDT) [thread overview]
Message-ID: <alpine.LRH.2.21.2011071231160.13444@namei.org> (raw)
In-Reply-To: <20201105173328.2539-1-olga.kornievskaia@gmail.com>
On Thu, 5 Nov 2020, Olga Kornievskaia wrote:
> From: Olga Kornievskaia <kolga@netapp.com>
>
> Add a new hook func_query_vfs to query an LSM module (such as
> SELinux) with the intention of finding whether or not it is enabled
> or perhaps supports some functionality.
>
> NFS stores security labels for file system objects and SElinux
> or any other LSM module can query those objects. But it's
> wasteful to do so when no security enforcement is taking place.
> Using a new API call of security_func_query_vfs() and asking if
Seems we lost something here.
--
James Morris
<jmorris@namei.org>
prev parent reply other threads:[~2020-11-07 1:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-05 17:33 [PATCH 1/2] [lsm] introduce a new hook to query LSM for functionality Olga Kornievskaia
2020-11-05 17:33 ` [PATCH 2/2] NFSv4.2: condition READDIR's mask for security label based on LSM state Olga Kornievskaia
2020-11-05 18:55 ` Ondrej Mosnacek
2020-11-05 19:51 ` Olga Kornievskaia
2020-11-05 20:24 ` Ondrej Mosnacek
2020-11-05 21:18 ` Trond Myklebust
2020-11-05 21:43 ` Olga Kornievskaia
2020-11-06 8:47 ` Ondrej Mosnacek
2020-11-05 23:06 ` kernel test robot
2020-11-05 19:39 ` [PATCH 1/2] [lsm] introduce a new hook to query LSM for functionality Casey Schaufler
2020-11-07 1:33 ` James Morris [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.21.2011071231160.13444@namei.org \
--to=jmorris@namei.org \
--cc=anna.schumaker@netapp.com \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=olga.kornievskaia@gmail.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox