From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751438AbdE3KYD (ORCPT <rfc822;w@1wt.eu>);
        Tue, 30 May 2017 06:24:03 -0400
Received: from namei.org ([65.99.196.166]:52972 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751033AbdE3KYA (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 May 2017 06:24:00 -0400
Date: Tue, 30 May 2017 20:22:57 +1000 (AEST)
From: James Morris <jmorris@namei.org>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
cc: keescook@chromium.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com,
        casey@schaufler-ca.com, hch@infradead.org, igor.stoppa@huawei.com,
        james.l.morris@oracle.com, paul@paul-moore.com, sds@tycho.nsa.gov
Subject: Re: [PATCH] LSM: Convert security_hook_heads into explicit array of
 struct list_head
In-Reply-To: <201705281026.EHD04622.HJFOLQFMSOtFOV@I-love.SAKURA.ne.jp>
Message-ID: <alpine.LRH.2.20.1705302021090.31018@namei.org>
References: <1495883858-3336-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp>        <CAGXu5jJ045iaDfoW+2dXU+U-KhfnNH1WX5ngUW9dHyS5Yn3EGg@mail.gmail.com> <201705281026.EHD04622.HJFOLQFMSOtFOV@I-love.SAKURA.ne.jp>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, 28 May 2017, Tetsuo Handa wrote:

> can afford enabling". And we know that we cannot merge all security modules
> into mainline. Thus, allowing LKM-based LSM modules is inevitable.

Nope, it's not inevitable.  The LSM API only caters to in-tree users.

I'm not sure why you persist against this.


-- 
James Morris
<jmorris@namei.org>

From mboxrd@z Thu Jan  1 00:00:00 1970
From: jmorris@namei.org (James Morris)
Date: Tue, 30 May 2017 20:22:57 +1000 (AEST)
Subject: [PATCH] LSM: Convert security_hook_heads into explicit array of
	struct list_head
In-Reply-To: <201705281026.EHD04622.HJFOLQFMSOtFOV@I-love.SAKURA.ne.jp>
References: <1495883858-3336-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp>
	<CAGXu5jJ045iaDfoW+2dXU+U-KhfnNH1WX5ngUW9dHyS5Yn3EGg@mail.gmail.com>
	<201705281026.EHD04622.HJFOLQFMSOtFOV@I-love.SAKURA.ne.jp>
Message-ID: <alpine.LRH.2.20.1705302021090.31018@namei.org>
To: linux-security-module@vger.kernel.org
List-Id: linux-security-module.vger.kernel.org

On Sun, 28 May 2017, Tetsuo Handa wrote:

> can afford enabling". And we know that we cannot merge all security modules
> into mainline. Thus, allowing LKM-based LSM modules is inevitable.

Nope, it's not inevitable.  The LSM API only caters to in-tree users.

I'm not sure why you persist against this.


-- 
James Morris
<jmorris@namei.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Tue, 30 May 2017 20:22:57 +1000 (AEST)
From: James Morris <jmorris@namei.org>
In-Reply-To: <201705281026.EHD04622.HJFOLQFMSOtFOV@I-love.SAKURA.ne.jp>
Message-ID: <alpine.LRH.2.20.1705302021090.31018@namei.org>
References: <1495883858-3336-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp>        <CAGXu5jJ045iaDfoW+2dXU+U-KhfnNH1WX5ngUW9dHyS5Yn3EGg@mail.gmail.com> <201705281026.EHD04622.HJFOLQFMSOtFOV@I-love.SAKURA.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Subject: [kernel-hardening] Re: [PATCH] LSM: Convert security_hook_heads into explicit array of
 struct list_head
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: keescook@chromium.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, casey@schaufler-ca.com, hch@infradead.org, igor.stoppa@huawei.com, james.l.morris@oracle.com, paul@paul-moore.com, sds@tycho.nsa.gov
List-ID: <kernel-hardening.lists.openwall.com>

On Sun, 28 May 2017, Tetsuo Handa wrote:

> can afford enabling". And we know that we cannot merge all security modules
> into mainline. Thus, allowing LKM-based LSM modules is inevitable.

Nope, it's not inevitable.  The LSM API only caters to in-tree users.

I'm not sure why you persist against this.


-- 
James Morris
<jmorris@namei.org>