From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751948AbdFMHze (ORCPT ); Tue, 13 Jun 2017 03:55:34 -0400 Received: from mail-qt0-f182.google.com ([209.85.216.182]:33320 "EHLO mail-qt0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750818AbdFMHzb (ORCPT ); Tue, 13 Jun 2017 03:55:31 -0400 MIME-Version: 1.0 In-Reply-To: <1dccd8da-c96f-3947-d90f-a3f3d4f389fd@schaufler-ca.com> References: <1497286620-15027-1-git-send-email-s.mesoraca16@gmail.com> <1497286620-15027-6-git-send-email-s.mesoraca16@gmail.com> <1dccd8da-c96f-3947-d90f-a3f3d4f389fd@schaufler-ca.com> From: Salvatore Mesoraca Date: Tue, 13 Jun 2017 09:55:30 +0200 Message-ID: Subject: Re: [PATCH 05/11] Creation of "check_vmflags" LSM hook To: Casey Schaufler Cc: kernel list , linux-security-module@vger.kernel.org, Kernel Hardening , Brad Spengler , PaX Team , Kees Cook , James Morris , "Serge E. Hallyn" , linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2017-06-12 23:31 GMT+02:00 Casey Schaufler : > Have the hook return a value and return that rather > than -EPERM. That way a security module can choose an > error that it determines is appropriate. It is possible > that a module might want to deny the access for a reason > other than lack of privilege. > [...] > > Same here > > [...] > > And here. Yes, I think you are right. I'll fix it in the next version. Thank you very much for taking the time to review my patch. From mboxrd@z Thu Jan 1 00:00:00 1970 From: s.mesoraca16@gmail.com (Salvatore Mesoraca) Date: Tue, 13 Jun 2017 09:55:30 +0200 Subject: [PATCH 05/11] Creation of "check_vmflags" LSM hook In-Reply-To: <1dccd8da-c96f-3947-d90f-a3f3d4f389fd@schaufler-ca.com> References: <1497286620-15027-1-git-send-email-s.mesoraca16@gmail.com> <1497286620-15027-6-git-send-email-s.mesoraca16@gmail.com> <1dccd8da-c96f-3947-d90f-a3f3d4f389fd@schaufler-ca.com> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org 2017-06-12 23:31 GMT+02:00 Casey Schaufler : > Have the hook return a value and return that rather > than -EPERM. That way a security module can choose an > error that it determines is appropriate. It is possible > that a module might want to deny the access for a reason > other than lack of privilege. > [...] > > Same here > > [...] > > And here. Yes, I think you are right. I'll fix it in the next version. Thank you very much for taking the time to review my patch. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt0-f200.google.com (mail-qt0-f200.google.com [209.85.216.200]) by kanga.kvack.org (Postfix) with ESMTP id D65626B0314 for ; Tue, 13 Jun 2017 03:55:31 -0400 (EDT) Received: by mail-qt0-f200.google.com with SMTP id 20so59018101qtq.2 for ; Tue, 13 Jun 2017 00:55:31 -0700 (PDT) Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com. [2607:f8b0:400d:c0d::22d]) by mx.google.com with ESMTPS id o4si10832339qkf.1.2017.06.13.00.55.31 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Jun 2017 00:55:31 -0700 (PDT) Received: by mail-qt0-x22d.google.com with SMTP id c10so159971929qtd.1 for ; Tue, 13 Jun 2017 00:55:31 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <1dccd8da-c96f-3947-d90f-a3f3d4f389fd@schaufler-ca.com> References: <1497286620-15027-1-git-send-email-s.mesoraca16@gmail.com> <1497286620-15027-6-git-send-email-s.mesoraca16@gmail.com> <1dccd8da-c96f-3947-d90f-a3f3d4f389fd@schaufler-ca.com> From: Salvatore Mesoraca Date: Tue, 13 Jun 2017 09:55:30 +0200 Message-ID: Subject: Re: [PATCH 05/11] Creation of "check_vmflags" LSM hook Content-Type: text/plain; charset="UTF-8" Sender: owner-linux-mm@kvack.org List-ID: To: Casey Schaufler Cc: kernel list , linux-security-module@vger.kernel.org, Kernel Hardening , Brad Spengler , PaX Team , Kees Cook , James Morris , "Serge E. Hallyn" , linux-mm@kvack.org 2017-06-12 23:31 GMT+02:00 Casey Schaufler : > Have the hook return a value and return that rather > than -EPERM. That way a security module can choose an > error that it determines is appropriate. It is possible > that a module might want to deny the access for a reason > other than lack of privilege. > [...] > > Same here > > [...] > > And here. Yes, I think you are right. I'll fix it in the next version. Thank you very much for taking the time to review my patch. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <1dccd8da-c96f-3947-d90f-a3f3d4f389fd@schaufler-ca.com> References: <1497286620-15027-1-git-send-email-s.mesoraca16@gmail.com> <1497286620-15027-6-git-send-email-s.mesoraca16@gmail.com> <1dccd8da-c96f-3947-d90f-a3f3d4f389fd@schaufler-ca.com> From: Salvatore Mesoraca Date: Tue, 13 Jun 2017 09:55:30 +0200 Message-ID: Content-Type: text/plain; charset="UTF-8" Subject: [kernel-hardening] Re: [PATCH 05/11] Creation of "check_vmflags" LSM hook To: Casey Schaufler Cc: kernel list , linux-security-module@vger.kernel.org, Kernel Hardening , Brad Spengler , PaX Team , Kees Cook , James Morris , "Serge E. Hallyn" , linux-mm@kvack.org List-ID: 2017-06-12 23:31 GMT+02:00 Casey Schaufler : > Have the hook return a value and return that rather > than -EPERM. That way a security module can choose an > error that it determines is appropriate. It is possible > that a module might want to deny the access for a reason > other than lack of privilege. > [...] > > Same here > > [...] > > And here. Yes, I think you are right. I'll fix it in the next version. Thank you very much for taking the time to review my patch.