All of lore.kernel.org
 help / color / mirror / Atom feed
From: Casey Schaufler <casey@schaufler-ca.com>
To: "Jeff Xu" <jeffxu@chromium.org>, "Mickaël Salaün" <mic@digikod.net>
Cc: Paul Moore <paul@paul-moore.com>,
	Shervin Oloumi <enlightened@chromium.org>,
	linux-security-module@vger.kernel.org, jorgelo@chromium.org,
	keescook@chromium.org, groeck@chromium.org,
	allenwebb@chromium.org, gnoack3000@gmail.com, areber@redhat.com,
	criu@openvz.org, linux-api@vger.kernel.org, jannh@google.com,
	brauner@kernel.org, Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH v2] lsm: adds process attribute getter for Landlock
Date: Thu, 1 Jun 2023 14:30:25 -0700	[thread overview]
Message-ID: <70845d67-9862-47f4-b7d8-e9e78e1fea17@schaufler-ca.com> (raw)
In-Reply-To: <CABi2SkWQz3gvaQVWL30CBM-SDLHrWaGOwQS0rfKi==D9TP8L0Q@mail.gmail.com>

On 6/1/2023 1:45 PM, Jeff Xu wrote:
> On Wed, May 31, 2023 at 6:01 AM Mickaël Salaün <mic@digikod.net> wrote:
>>
>> On 30/05/2023 20:02, Jeff Xu wrote:
>>>>>> As I believe we are in the latter stages of review for the syscall
>>>>>> API, perhaps you could take a look and ensure that the current
>>>>>> proposed API works for what you are envisioning with Landlock?
>>>>>>
>>>>> Which review/patch to look for the proposed API ?
>>>> https://lore.kernel.org/lkml/20230428203417.159874-3-casey@schaufler-ca.com/T/
>>>>
>>>>
>>> How easy is it to add a customized LSM with new APIs?
>>> I'm asking because there are some hard-coded constant/macro, i.e.
>> I guess this question is related to the Chromium OS LSM right? I think
>> this would be a good opportunity to think about mainlining this LSM to
>> avoid the hassle of dealing with LSM IDs.
>>
> Yes :-)
> I agree it is good to think about upstream, there are things chromeOS
> did that can be beneficial to the main. At the same time, part of it
> might never be accepted by upstream because it is chromeOS specific,
> so those need to be cleaned up.

Perhaps, but look at what's been done with SELinux in support of Android.
You don't believe that the binder LSM hooks are for any other purpose, do
you? You'll never know what turns out to be acceptable unless you give it
a try.


  reply	other threads:[~2023-06-01 21:30 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-02 18:52 [PATCH 0/1] process attribute support for Landlock enlightened
2023-03-02 18:52 ` [PATCH 1/1] lsm: adds process attribute getter " enlightened
2023-03-02 20:24   ` Casey Schaufler
2023-03-03 16:39   ` Günther Noack
2023-03-02 20:22 ` [PATCH 0/1] process attribute support " Casey Schaufler
2023-03-06 22:40   ` Shervin Oloumi
2023-03-07 17:51     ` Casey Schaufler
2023-03-06 19:18 ` Mickaël Salaün
2023-03-07 14:16   ` Mickaël Salaün
2023-03-08 22:25   ` Shervin Oloumi
2023-03-15  9:56     ` Mickaël Salaün
2023-03-16  6:19       ` Günther Noack
2023-03-17  8:38         ` Mickaël Salaün
2023-05-18 20:44       ` Shervin Oloumi
2023-05-24 16:09         ` Mickaël Salaün
2023-05-24 16:21         ` Mickaël Salaün
2023-05-18 20:45       ` [PATCH v2] lsm: adds process attribute getter " Shervin Oloumi
2023-05-18 21:26         ` Casey Schaufler
2023-05-22 19:56           ` Paul Moore
2023-05-23  6:13             ` Jeff Xu
2023-05-23 15:32               ` Casey Schaufler
2023-05-30 18:02                 ` Jeff Xu
2023-05-30 19:05                   ` Casey Schaufler
2023-05-31 13:01                   ` Mickaël Salaün
2023-06-01 20:45                     ` Jeff Xu
2023-06-01 21:30                       ` Casey Schaufler [this message]
2023-05-23 21:12               ` Paul Moore
2023-05-24 15:38                 ` Mickaël Salaün
2023-05-24 16:02                   ` Mickaël Salaün
2023-05-25 16:28                     ` Casey Schaufler
2023-05-30 18:05                       ` Jeff Xu
2023-05-30 19:19                         ` Casey Schaufler
2023-05-31 13:26                           ` Mickaël Salaün
2023-06-01 20:48                             ` Jeff Xu
2023-06-01 21:34                               ` Casey Schaufler
2023-06-01 22:08                                 ` Mickaël Salaün
2023-05-24 16:05           ` Mickaël Salaün
2023-05-19  0:11         ` kernel test robot
2023-05-19  5:22         ` kernel test robot
2023-05-24 16:48         ` Mickaël Salaün

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=70845d67-9862-47f4-b7d8-e9e78e1fea17@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=allenwebb@chromium.org \
    --cc=areber@redhat.com \
    --cc=brauner@kernel.org \
    --cc=criu@openvz.org \
    --cc=enlightened@chromium.org \
    --cc=gnoack3000@gmail.com \
    --cc=groeck@chromium.org \
    --cc=jannh@google.com \
    --cc=jeffxu@chromium.org \
    --cc=jorgelo@chromium.org \
    --cc=keescook@chromium.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mic@digikod.net \
    --cc=paul@paul-moore.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.