From: Vasily Averin <vvs@virtuozzo.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, Kees Cook <keescook@chromium.org>,
Josh Boyer <jwboyer@redhat.com>, Eric Paris <eparis@redhat.com>
Subject: Re: [PATCH v2] security_syslog() should be called once only
Date: Sat, 30 May 2015 16:51:34 +0300 [thread overview]
Message-ID: <5569C066.1010300@virtuozzo.com> (raw)
In-Reply-To: <20150527164312.a22ad8bb748acaddbea3bf70@linux-foundation.org>
On 28.05.2015 02:43, Andrew Morton wrote:
> So we run security_syslog() for actions other than open() (of kmsg).
> Why?
Could you please clarify this question?
Linux kernel have reasonable default security policy and it's great.
And at the same time kernel allows to override default behaviour
and set custom security policy.
For example, to prohibit work on Saturday.
QA can use it for random failures generation.
Why not?
> Also, that from_file handling makes me cry.
...
> One possible fix would be something like this, plus various
> fixups/audit:
I've prepared such patch and send it in separate letter.
> And `type' should be renamed to `action' for heavens sake.
IMHO 'type' and SYSLOG_ACTION_* was inherited from sys_syslog definition.
next prev parent reply other threads:[~2015-05-30 13:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-10 6:35 [PATCH] kernel/printk/printk.c: check_syslog_permissions() cleanup Vasily Averin
2015-05-14 22:01 ` Andrew Morton
2015-05-15 7:41 ` Vasily Averin
2015-05-15 9:22 ` Vasily Averin
2015-05-24 16:09 ` Vasily Averin
2015-05-24 16:18 ` [PATCH v2] security_syslog() should be called once only Vasily Averin
2015-05-27 23:43 ` Andrew Morton
2015-05-30 13:51 ` Vasily Averin [this message]
2015-06-01 21:23 ` Andrew Morton
2015-06-02 7:57 ` Vasily Averin
2015-05-30 13:51 ` [PATCH] check_syslog_permissions() cleanup Vasily Averin
2015-06-04 17:00 ` [PATCH v2] security_syslog() should be called once only Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5569C066.1010300@virtuozzo.com \
--to=vvs@virtuozzo.com \
--cc=akpm@linux-foundation.org \
--cc=eparis@redhat.com \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox