From: casey@schaufler-ca.com (Casey Schaufler)
To: linux-security-module@vger.kernel.org
Subject: The secmark "one user" policy
Date: Tue, 20 Jun 2017 17:41:42 -0700 [thread overview]
Message-ID: <d256e588-fd3c-b981-6d55-6723b5615cc9@schaufler-ca.com> (raw)
I'm looking at the secmark code and am looking in
particular at the places where it explicitly says
that it is intended for one security module at a
time. For extreme stacking I can either enforce this
restriction by configuration or remove it by clever
uses of secid mappings. Either can be made "transparent"
to existing user-space. Paul has expressed distaste for
using configuration as a shortcut for dealing with this
kind of problem, and I generally agree with him. On the
other hand, the code is quite clear that it is designed
for one and only one kind of secid at a time. I don't
want to put a lot of effort into patches that are
unacceptable to the author.
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next reply other threads:[~2017-06-21 0:41 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-21 0:41 Casey Schaufler [this message]
2017-06-21 7:13 ` The secmark "one user" policy James Morris
2017-06-21 15:23 ` Casey Schaufler
2017-06-21 23:07 ` John Johansen
2017-06-21 23:45 ` Casey Schaufler
2017-06-22 0:48 ` John Johansen
2017-06-22 9:54 ` James Morris
2017-06-22 16:17 ` Casey Schaufler
2017-06-23 3:12 ` James Morris
2017-06-23 15:26 ` Casey Schaufler
2017-06-25 9:41 ` James Morris
2017-06-25 18:05 ` Casey Schaufler
2017-06-26 7:54 ` José Bollo
2017-06-26 15:10 ` Casey Schaufler
2017-06-27 10:51 ` José Bollo
2017-06-27 11:58 ` Paul Moore
2017-06-22 18:49 ` John Johansen
2017-06-23 3:02 ` James Morris
2017-06-23 4:32 ` John Johansen
2017-06-29 9:10 ` James Morris
2017-06-29 16:46 ` John Johansen
2017-06-22 22:24 ` Paul Moore
2017-06-22 23:20 ` Casey Schaufler
2017-06-23 20:47 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d256e588-fd3c-b981-6d55-6723b5615cc9@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.