From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751169AbdEaJul (ORCPT ); Wed, 31 May 2017 05:50:41 -0400 Received: from erza.lautre.net ([80.67.160.89]:40488 "EHLO erza.lautre.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751014AbdEaJuj (ORCPT ); Wed, 31 May 2017 05:50:39 -0400 X-Greylist: delayed 372 seconds by postgrey-1.27 at vger.kernel.org; Wed, 31 May 2017 05:50:39 EDT Date: Wed, 31 May 2017 11:44:17 +0200 From: =?UTF-8?B?Sm9zw6k=?= Bollo To: Tetsuo Handa Cc: jmorris@namei.org, keescook@chromium.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, casey@schaufler-ca.com, hch@infradead.org, igor.stoppa@huawei.com, james.l.morris@oracle.com, paul@paul-moore.com, sds@tycho.nsa.gov Subject: Re: [PATCH] LSM: Convert security_hook_heads into explicit array of struct list_head Message-ID: <20170531114417.5a7d8bcb@d-jobol.iot.bzh> In-Reply-To: <201705302329.IEB05735.FLJOFHSQVtOOFM@I-love.SAKURA.ne.jp> References: <1495883858-3336-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> <201705281026.EHD04622.HJFOLQFMSOtFOV@I-love.SAKURA.ne.jp> <201705302329.IEB05735.FLJOFHSQVtOOFM@I-love.SAKURA.ne.jp> X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id v4V9okEk020135 On Tue, 30 May 2017 23:29:10 +0900 Tetsuo Handa wrote: > James Morris wrote: > > On Sun, 28 May 2017, Tetsuo Handa wrote: > > > > > can afford enabling". And we know that we cannot merge all > > > security modules into mainline. Thus, allowing LKM-based LSM > > > modules is inevitable. > > > > Nope, it's not inevitable. The LSM API only caters to in-tree > > users. > > > > I'm not sure why you persist against this. > > Then, we are willing to accept LSM modules with users less than 10, > aren't we? Forcing users to patch and recompile is as heartless as > forcing CONFIG_MODULES=n. These are good reasons. I'm in favor of Tetsuo. Regards José From mboxrd@z Thu Jan 1 00:00:00 1970 From: jobol@nonadev.net (=?UTF-8?B?Sm9zw6k=?= Bollo) Date: Wed, 31 May 2017 11:44:17 +0200 Subject: [PATCH] LSM: Convert security_hook_heads into explicit array of struct list_head In-Reply-To: <201705302329.IEB05735.FLJOFHSQVtOOFM@I-love.SAKURA.ne.jp> References: <1495883858-3336-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> <201705281026.EHD04622.HJFOLQFMSOtFOV@I-love.SAKURA.ne.jp> <201705302329.IEB05735.FLJOFHSQVtOOFM@I-love.SAKURA.ne.jp> Message-ID: <20170531114417.5a7d8bcb@d-jobol.iot.bzh> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Tue, 30 May 2017 23:29:10 +0900 Tetsuo Handa wrote: > James Morris wrote: > > On Sun, 28 May 2017, Tetsuo Handa wrote: > > > > > can afford enabling". And we know that we cannot merge all > > > security modules into mainline. Thus, allowing LKM-based LSM > > > modules is inevitable. > > > > Nope, it's not inevitable. The LSM API only caters to in-tree > > users. > > > > I'm not sure why you persist against this. > > Then, we are willing to accept LSM modules with users less than 10, > aren't we? Forcing users to patch and recompile is as heartless as > forcing CONFIG_MODULES=n. These are good reasons. I'm in favor of Tetsuo. Regards Jos? -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Wed, 31 May 2017 11:44:17 +0200 From: =?UTF-8?B?Sm9zw6k=?= Bollo Message-ID: <20170531114417.5a7d8bcb@d-jobol.iot.bzh> In-Reply-To: <201705302329.IEB05735.FLJOFHSQVtOOFM@I-love.SAKURA.ne.jp> References: <1495883858-3336-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> <201705281026.EHD04622.HJFOLQFMSOtFOV@I-love.SAKURA.ne.jp> <201705302329.IEB05735.FLJOFHSQVtOOFM@I-love.SAKURA.ne.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [kernel-hardening] Re: [PATCH] LSM: Convert security_hook_heads into explicit array of struct list_head To: Tetsuo Handa Cc: jmorris@namei.org, keescook@chromium.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, casey@schaufler-ca.com, hch@infradead.org, igor.stoppa@huawei.com, james.l.morris@oracle.com, paul@paul-moore.com, sds@tycho.nsa.gov List-ID: On Tue, 30 May 2017 23:29:10 +0900 Tetsuo Handa wrote: > James Morris wrote: > > On Sun, 28 May 2017, Tetsuo Handa wrote: > > =20 > > > can afford enabling". And we know that we cannot merge all > > > security modules into mainline. Thus, allowing LKM-based LSM > > > modules is inevitable. =20 > >=20 > > Nope, it's not inevitable. The LSM API only caters to in-tree > > users. > >=20 > > I'm not sure why you persist against this. =20 >=20 > Then, we are willing to accept LSM modules with users less than 10, > aren't we? Forcing users to patch and recompile is as heartless as > forcing CONFIG_MODULES=3Dn. These are good reasons. I'm in favor of Tetsuo. Regards Jos=C3=A9