All of lore.kernel.org
 help / color / mirror / Atom feed
From: casey@schaufler-ca.com (Casey Schaufler)
To: linux-security-module@vger.kernel.org
Subject: The secmark "one user" policy
Date: Tue, 20 Jun 2017 17:41:42 -0700	[thread overview]
Message-ID: <d256e588-fd3c-b981-6d55-6723b5615cc9@schaufler-ca.com> (raw)

I'm looking at the secmark code and am looking in
particular at the places where it explicitly says
that it is intended for one security module at a
time. For extreme stacking I can either enforce this
restriction by configuration or remove it by clever
uses of secid mappings. Either can be made "transparent"
to existing user-space. Paul has expressed distaste for
using configuration as a shortcut for dealing with this
kind of problem, and I generally agree with him. On the
other hand, the code is quite clear that it is designed
for one and only one kind of secid at a time. I don't
want to put a lot of effort into patches that are
unacceptable to the author.

Thank you.

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

             reply	other threads:[~2017-06-21  0:41 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-21  0:41 Casey Schaufler [this message]
2017-06-21  7:13 ` The secmark "one user" policy James Morris
2017-06-21 15:23   ` Casey Schaufler
2017-06-21 23:07     ` John Johansen
2017-06-21 23:45       ` Casey Schaufler
2017-06-22  0:48         ` John Johansen
2017-06-22  9:54     ` James Morris
2017-06-22 16:17       ` Casey Schaufler
2017-06-23  3:12         ` James Morris
2017-06-23 15:26           ` Casey Schaufler
2017-06-25  9:41             ` James Morris
2017-06-25 18:05               ` Casey Schaufler
2017-06-26  7:54                 ` José Bollo
2017-06-26 15:10                   ` Casey Schaufler
2017-06-27 10:51                     ` José Bollo
2017-06-27 11:58                       ` Paul Moore
2017-06-22 18:49       ` John Johansen
2017-06-23  3:02         ` James Morris
2017-06-23  4:32           ` John Johansen
2017-06-29  9:10             ` James Morris
2017-06-29 16:46               ` John Johansen
2017-06-22 22:24     ` Paul Moore
2017-06-22 23:20       ` Casey Schaufler
2017-06-23 20:47         ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d256e588-fd3c-b981-6d55-6723b5615cc9@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.