From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: gnomes@lxorguk.ukuu.org.uk
Cc: jmorris@namei.org, keescook@chromium.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com, casey@schaufler-ca.com,
hch@infradead.org, igor.stoppa@huawei.com,
james.l.morris@oracle.com, paul@paul-moore.com,
sds@tycho.nsa.gov
Subject: Re: [PATCH] LSM: Convert security_hook_heads into explicit array of struct list_head
Date: Thu, 1 Jun 2017 00:10:07 +0900 [thread overview]
Message-ID: <201706010010.EHB81211.LFMOFSQJtFVOOH@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <20170531154317.4f487300@alans-desktop>
Alan Cox wrote:
> > I saw several companies who ship their embedded devices with
> > single-function LSM modules (e.g. restrict only mount operation and
> > ptrace operation). What is unfortunate is that their LSM modules had
> > never been proposed for upstream, and thus bugs remained unnoticed.
>
> So which of them cannot be done with seccomp ? We have a small tight
> interface for simple things like restricting a few calls.
They restricted based on hard-coded rules. seccomp is too much for their cases.
>
> > via lack of ability to use LKM-based LSM modules). My customers cannot afford
> > enabling SELinux, but my customers cannot rebuild their kernels because
> > rebuilding makes it even more difficult to get help from support centers.
>
> And "I've loaded this third party module" doesn't ?
Situation is far much better than "I've recompiled this vmlinux". ;-)
WARNING: multiple messages have this Message-ID (diff)
From: penguin-kernel@I-love.SAKURA.ne.jp (Tetsuo Handa)
To: linux-security-module@vger.kernel.org
Subject: [PATCH] LSM: Convert security_hook_heads into explicit array of struct list_head
Date: Thu, 1 Jun 2017 00:10:07 +0900 [thread overview]
Message-ID: <201706010010.EHB81211.LFMOFSQJtFVOOH@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <20170531154317.4f487300@alans-desktop>
Alan Cox wrote:
> > I saw several companies who ship their embedded devices with
> > single-function LSM modules (e.g. restrict only mount operation and
> > ptrace operation). What is unfortunate is that their LSM modules had
> > never been proposed for upstream, and thus bugs remained unnoticed.
>
> So which of them cannot be done with seccomp ? We have a small tight
> interface for simple things like restricting a few calls.
They restricted based on hard-coded rules. seccomp is too much for their cases.
>
> > via lack of ability to use LKM-based LSM modules). My customers cannot afford
> > enabling SELinux, but my customers cannot rebuild their kernels because
> > rebuilding makes it even more difficult to get help from support centers.
>
> And "I've loaded this third party module" doesn't ?
Situation is far much better than "I've recompiled this vmlinux". ;-)
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: gnomes@lxorguk.ukuu.org.uk
Cc: jmorris@namei.org, keescook@chromium.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com, casey@schaufler-ca.com,
hch@infradead.org, igor.stoppa@huawei.com,
james.l.morris@oracle.com, paul@paul-moore.com,
sds@tycho.nsa.gov
Subject: [kernel-hardening] Re: [PATCH] LSM: Convert security_hook_heads into explicit array of struct list_head
Date: Thu, 1 Jun 2017 00:10:07 +0900 [thread overview]
Message-ID: <201706010010.EHB81211.LFMOFSQJtFVOOH@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <20170531154317.4f487300@alans-desktop>
Alan Cox wrote:
> > I saw several companies who ship their embedded devices with
> > single-function LSM modules (e.g. restrict only mount operation and
> > ptrace operation). What is unfortunate is that their LSM modules had
> > never been proposed for upstream, and thus bugs remained unnoticed.
>
> So which of them cannot be done with seccomp ? We have a small tight
> interface for simple things like restricting a few calls.
They restricted based on hard-coded rules. seccomp is too much for their cases.
>
> > via lack of ability to use LKM-based LSM modules). My customers cannot afford
> > enabling SELinux, but my customers cannot rebuild their kernels because
> > rebuilding makes it even more difficult to get help from support centers.
>
> And "I've loaded this third party module" doesn't ?
Situation is far much better than "I've recompiled this vmlinux". ;-)
next prev parent reply other threads:[~2017-05-31 15:11 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-27 11:17 [PATCH] LSM: Convert security_hook_heads into explicit array of struct list_head Tetsuo Handa
2017-05-27 11:17 ` [kernel-hardening] " Tetsuo Handa
2017-05-27 11:17 ` Tetsuo Handa
2017-05-27 22:30 ` Casey Schaufler
2017-05-27 22:30 ` [kernel-hardening] " Casey Schaufler
2017-05-27 22:30 ` Casey Schaufler
2017-05-28 0:38 ` Tetsuo Handa
2017-05-28 0:38 ` [kernel-hardening] " Tetsuo Handa
2017-05-28 0:38 ` Tetsuo Handa
2017-05-28 1:04 ` Kees Cook
2017-05-28 1:04 ` [kernel-hardening] " Kees Cook
2017-05-28 1:04 ` Kees Cook
2017-05-28 1:26 ` Tetsuo Handa
2017-05-28 1:26 ` [kernel-hardening] " Tetsuo Handa
2017-05-28 1:26 ` Tetsuo Handa
2017-05-28 17:57 ` Casey Schaufler
2017-05-28 17:57 ` [kernel-hardening] " Casey Schaufler
2017-05-28 17:57 ` Casey Schaufler
2017-05-30 10:22 ` James Morris
2017-05-30 10:22 ` [kernel-hardening] " James Morris
2017-05-30 10:22 ` James Morris
2017-05-30 14:29 ` Tetsuo Handa
2017-05-30 14:29 ` [kernel-hardening] " Tetsuo Handa
2017-05-30 14:29 ` Tetsuo Handa
2017-05-30 15:25 ` Alan Cox
2017-05-30 15:25 ` [kernel-hardening] " Alan Cox
2017-05-30 15:25 ` Alan Cox
2017-05-30 23:06 ` James Morris
2017-05-30 23:06 ` [kernel-hardening] " James Morris
2017-05-30 23:06 ` James Morris
2017-05-31 10:41 ` Tetsuo Handa
2017-05-31 10:41 ` [kernel-hardening] " Tetsuo Handa
2017-05-31 10:41 ` Tetsuo Handa
2017-05-31 11:04 ` James Morris
2017-05-31 11:04 ` [kernel-hardening] " James Morris
2017-05-31 11:04 ` James Morris
2017-05-31 11:31 ` Tetsuo Handa
2017-05-31 11:31 ` [kernel-hardening] " Tetsuo Handa
2017-05-31 11:31 ` Tetsuo Handa
2017-05-31 14:43 ` Alan Cox
2017-05-31 14:43 ` [kernel-hardening] " Alan Cox
2017-05-31 14:43 ` Alan Cox
2017-05-31 15:10 ` Tetsuo Handa [this message]
2017-05-31 15:10 ` [kernel-hardening] " Tetsuo Handa
2017-05-31 15:10 ` Tetsuo Handa
2017-05-31 15:14 ` Alan Cox
2017-05-31 15:14 ` [kernel-hardening] " Alan Cox
2017-05-31 15:14 ` Alan Cox
2017-05-31 9:44 ` José Bollo
2017-05-31 9:44 ` [kernel-hardening] " José Bollo
2017-05-31 9:44 ` José Bollo
2017-05-28 20:29 ` [PATCH v2] " Tetsuo Handa
2017-05-28 20:29 ` [kernel-hardening] " Tetsuo Handa
2017-05-28 20:29 ` Tetsuo Handa
2017-05-28 21:19 ` Kees Cook
2017-05-28 21:19 ` [kernel-hardening] " Kees Cook
2017-05-28 21:19 ` Kees Cook
2017-05-29 17:32 ` Casey Schaufler
2017-05-29 17:32 ` [kernel-hardening] " Casey Schaufler
2017-05-29 17:32 ` Casey Schaufler
2017-05-30 10:32 ` James Morris
2017-05-30 10:32 ` [kernel-hardening] " James Morris
2017-05-30 10:32 ` James Morris
2017-05-31 20:49 ` Igor Stoppa
2017-05-31 20:49 ` [kernel-hardening] " Igor Stoppa
2017-05-31 20:49 ` Igor Stoppa
2017-05-31 22:56 ` James Morris
2017-05-31 22:56 ` [kernel-hardening] " James Morris
2017-05-31 22:56 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201706010010.EHB81211.LFMOFSQJtFVOOH@I-love.SAKURA.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=casey@schaufler-ca.com \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=hch@infradead.org \
--cc=igor.stoppa@huawei.com \
--cc=james.l.morris@oracle.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.