From: James Morris <jmorris@namei.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: linux-kernel@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>,
Daniel Borkmann <daniel@iogearbox.net>,
David Drysdale <drysdale@google.com>,
"David S . Miller" <davem@davemloft.net>,
"Eric W . Biederman" <ebiederm@xmission.com>,
James Morris <james.l.morris@oracle.com>,
Jann Horn <jann@thejh.net>, Jonathan Corbet <corbet@lwn.net>,
Matthew Garrett <mjg59@srcf.ucam.org>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Kees Cook <keescook@chromium.org>,
Paul Moore <paul@paul-moore.com>,
Sargun Dhillon <sargun@sargun.me>,
"Serge E . Hallyn" <serge@hallyn.com>,
Shuah Khan <shuah@kernel.org>, Tejun Heo <tj@kernel.org>,
Thomas Graf <tgraf@suug.ch>, Will Drewry <wad@chromium.org>,
kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
linux-security-module@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [kernel-hardening] [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing
Date: Mon, 28 Aug 2017 13:38:26 +1000 (AEST) [thread overview]
Message-ID: <alpine.LRH.2.20.1708281335290.8842@namei.org> (raw)
In-Reply-To: <20170821000933.13024-1-mic@digikod.net>
[-- Attachment #1: Type: text/plain, Size: 575 bytes --]
On Mon, 21 Aug 2017, Mickaël Salaün wrote:
> ## Why a new LSM? Are SELinux, AppArmor, Smack and Tomoyo not good enough?
>
> The current access control LSMs are fine for their purpose which is to give the
> *root* the ability to enforce a security policy for the *system*. What is
> missing is a way to enforce a security policy for any application by its
> developer and *unprivileged user* as seccomp can do for raw syscall filtering.
>
You could mention here that the first case is Mandatory Access Control,
in general terms.
--
James Morris
<jmorris@namei.org>
WARNING: multiple messages have this Message-ID (diff)
From: James Morris <jmorris@namei.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: linux-kernel@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>,
Daniel Borkmann <daniel@iogearbox.net>,
David Drysdale <drysdale@google.com>,
"David S . Miller" <davem@davemloft.net>,
"Eric W . Biederman" <ebiederm@xmission.com>,
James Morris <james.l.morris@oracle.com>,
Jann Horn <jann@thejh.net>, Jonathan Corbet <corbet@lwn.net>,
Matthew Garrett <mjg59@srcf.ucam.org>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Kees Cook <keescook@chromium.org>,
Paul Moore <paul@paul-moore.com>,
Sargun Dhillon <sargun@sargun.me>,
"Serge E . Hallyn" <serge@hallyn.com>,
Shuah Khan <shuah@kernel.org>, Tejun Heo <tj@kernel.org>,
Thomas Graf <tgraf@suug.ch>,
Subject: Re: [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing
Date: Mon, 28 Aug 2017 13:38:26 +1000 (AEST) [thread overview]
Message-ID: <alpine.LRH.2.20.1708281335290.8842@namei.org> (raw)
In-Reply-To: <20170821000933.13024-1-mic@digikod.net>
[-- Attachment #1: Type: text/plain, Size: 575 bytes --]
On Mon, 21 Aug 2017, Mickaël Salaün wrote:
> ## Why a new LSM? Are SELinux, AppArmor, Smack and Tomoyo not good enough?
>
> The current access control LSMs are fine for their purpose which is to give the
> *root* the ability to enforce a security policy for the *system*. What is
> missing is a way to enforce a security policy for any application by its
> developer and *unprivileged user* as seccomp can do for raw syscall filtering.
>
You could mention here that the first case is Mandatory Access Control,
in general terms.
--
James Morris
<jmorris@namei.org>
WARNING: multiple messages have this Message-ID (diff)
From: James Morris <jmorris@namei.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: linux-kernel@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>,
Daniel Borkmann <daniel@iogearbox.net>,
David Drysdale <drysdale@google.com>,
"David S . Miller" <davem@davemloft.net>,
"Eric W . Biederman" <ebiederm@xmission.com>,
James Morris <james.l.morris@oracle.com>,
Jann Horn <jann@thejh.net>, Jonathan Corbet <corbet@lwn.net>,
Matthew Garrett <mjg59@srcf.ucam.org>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Kees Cook <keescook@chromium.org>,
Paul Moore <paul@paul-moore.com>,
Sargun Dhillon <sargun@sargun.me>,
"Serge E . Hallyn" <serge@hallyn.com>,
Shuah Khan <shuah@kernel.org>, Tejun Heo <tj@kernel.org>,
Thomas Graf <tgraf@suug.ch>
Subject: Re: [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing
Date: Mon, 28 Aug 2017 13:38:26 +1000 (AEST) [thread overview]
Message-ID: <alpine.LRH.2.20.1708281335290.8842@namei.org> (raw)
In-Reply-To: <20170821000933.13024-1-mic@digikod.net>
[-- Attachment #1: Type: text/plain, Size: 575 bytes --]
On Mon, 21 Aug 2017, Mickaël Salaün wrote:
> ## Why a new LSM? Are SELinux, AppArmor, Smack and Tomoyo not good enough?
>
> The current access control LSMs are fine for their purpose which is to give the
> *root* the ability to enforce a security policy for the *system*. What is
> missing is a way to enforce a security policy for any application by its
> developer and *unprivileged user* as seccomp can do for raw syscall filtering.
>
You could mention here that the first case is Mandatory Access Control,
in general terms.
--
James Morris
<jmorris@namei.org>
WARNING: multiple messages have this Message-ID (diff)
From: jmorris@namei.org (James Morris)
To: linux-security-module@vger.kernel.org
Subject: [kernel-hardening] [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing
Date: Mon, 28 Aug 2017 13:38:26 +1000 (AEST) [thread overview]
Message-ID: <alpine.LRH.2.20.1708281335290.8842@namei.org> (raw)
In-Reply-To: <20170821000933.13024-1-mic@digikod.net>
On Mon, 21 Aug 2017, Micka?l Sala?n wrote:
> ## Why a new LSM? Are SELinux, AppArmor, Smack and Tomoyo not good enough?
>
> The current access control LSMs are fine for their purpose which is to give the
> *root* the ability to enforce a security policy for the *system*. What is
> missing is a way to enforce a security policy for any application by its
> developer and *unprivileged user* as seccomp can do for raw syscall filtering.
>
You could mention here that the first case is Mandatory Access Control,
in general terms.
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2017-08-28 3:39 UTC|newest]
Thread overview: 146+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-21 0:09 [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 01/10] selftest: Enhance kselftest_harness.h with a step mechanism Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-24 2:31 ` Alexei Starovoitov
2017-08-24 2:31 ` [kernel-hardening] " Alexei Starovoitov
2017-08-24 2:31 ` Alexei Starovoitov
2017-08-24 2:31 ` Alexei Starovoitov
2017-08-25 7:58 ` Mickaël Salaün
2017-08-25 7:58 ` [kernel-hardening] " Mickaël Salaün
2017-08-25 7:58 ` Mickaël Salaün
2017-08-25 7:58 ` Mickaël Salaün
2017-08-26 1:07 ` Alexei Starovoitov
2017-08-26 1:07 ` [kernel-hardening] " Alexei Starovoitov
2017-08-26 1:07 ` Alexei Starovoitov
2017-08-26 1:07 ` Alexei Starovoitov
2017-08-26 1:07 ` Alexei Starovoitov
2017-08-28 18:01 ` Shuah Khan
2017-08-28 18:01 ` [kernel-hardening] " Shuah Khan
2017-08-28 18:01 ` Shuah Khan
2017-08-28 18:01 ` Shuah Khan
2017-08-28 18:01 ` Shuah Khan
2017-08-21 0:09 ` [PATCH net-next v7 02/10] bpf: Add eBPF program subtype and is_valid_subtype() verifier Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-23 2:44 ` Alexei Starovoitov
2017-08-23 2:44 ` [kernel-hardening] " Alexei Starovoitov
2017-08-23 2:44 ` Alexei Starovoitov
2017-08-23 2:44 ` Alexei Starovoitov
2017-08-23 2:44 ` Alexei Starovoitov
2017-08-23 7:45 ` Mickaël Salaün
2017-08-23 7:45 ` [kernel-hardening] " Mickaël Salaün
2017-08-23 7:45 ` Mickaël Salaün
2017-08-23 7:45 ` Mickaël Salaün
2017-08-24 1:22 ` Alexei Starovoitov
2017-08-24 1:22 ` [kernel-hardening] " Alexei Starovoitov
2017-08-24 1:22 ` Alexei Starovoitov
2017-08-24 1:22 ` Alexei Starovoitov
2017-08-24 1:22 ` Alexei Starovoitov
2017-08-28 3:48 ` [kernel-hardening] " James Morris
2017-08-28 3:48 ` James Morris
2017-08-28 3:48 ` James Morris
2017-08-28 3:48 ` James Morris
2017-08-28 3:46 ` James Morris
2017-08-28 3:46 ` [kernel-hardening] " James Morris
2017-08-28 3:46 ` James Morris
2017-08-28 3:46 ` James Morris
2017-08-21 0:09 ` [PATCH net-next v7 03/10] bpf,landlock: Define an eBPF program type for a Landlock rule Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 03/10] bpf, landlock: " Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 03/10] bpf,landlock: " Mickaël Salaün
2017-08-24 2:28 ` Alexei Starovoitov
2017-08-24 2:28 ` [kernel-hardening] " Alexei Starovoitov
2017-08-24 2:28 ` Alexei Starovoitov
2017-08-24 2:28 ` Alexei Starovoitov
2017-08-25 8:02 ` Mickaël Salaün
2017-08-25 8:02 ` [kernel-hardening] " Mickaël Salaün
2017-08-25 8:02 ` Mickaël Salaün
2017-08-25 8:02 ` Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 04/10] bpf: Define handle_fs and add a new helper bpf_handle_fs_get_mode() Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-28 4:09 ` James Morris
2017-08-28 4:09 ` [kernel-hardening] " James Morris
2017-08-28 4:09 ` James Morris
2017-08-28 4:09 ` James Morris
2017-08-28 4:09 ` James Morris
2017-08-21 0:09 ` [PATCH net-next v7 05/10] landlock: Add LSM hooks related to filesystem Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-22 21:59 ` Mickaël Salaün
2017-08-22 21:59 ` [kernel-hardening] " Mickaël Salaün
2017-08-22 21:59 ` Mickaël Salaün
2017-08-22 21:59 ` Mickaël Salaün
2017-08-24 2:50 ` Alexei Starovoitov
2017-08-24 2:50 ` [kernel-hardening] " Alexei Starovoitov
2017-08-24 2:50 ` Alexei Starovoitov
2017-08-24 2:50 ` Alexei Starovoitov
2017-08-24 2:50 ` Alexei Starovoitov
2017-08-25 8:16 ` Mickaël Salaün
2017-08-25 8:16 ` [kernel-hardening] " Mickaël Salaün
2017-08-25 8:16 ` Mickaël Salaün
2017-08-25 8:16 ` Mickaël Salaün
2017-08-26 1:16 ` Alexei Starovoitov
2017-08-26 1:16 ` [kernel-hardening] " Alexei Starovoitov
2017-08-26 1:16 ` Alexei Starovoitov
2017-08-26 1:16 ` Alexei Starovoitov
2017-08-26 1:16 ` Alexei Starovoitov
2017-08-27 13:31 ` Mickaël Salaün
2017-08-27 13:31 ` [kernel-hardening] " Mickaël Salaün
2017-08-27 13:31 ` Mickaël Salaün
2017-08-27 13:31 ` Mickaël Salaün
2017-08-28 5:26 ` Alexei Starovoitov
2017-08-28 5:26 ` [kernel-hardening] " Alexei Starovoitov
2017-08-28 5:26 ` Alexei Starovoitov
2017-08-28 5:26 ` Alexei Starovoitov
2017-08-28 5:26 ` Alexei Starovoitov
2017-08-21 0:09 ` [PATCH net-next v7 06/10] seccomp,landlock: Handle Landlock events per process hierarchy Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 06/10] seccomp, landlock: " Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 06/10] seccomp,landlock: " Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 07/10] landlock: Add ptrace restrictions Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-24 2:59 ` Alexei Starovoitov
2017-08-24 2:59 ` [kernel-hardening] " Alexei Starovoitov
2017-08-24 2:59 ` Alexei Starovoitov
2017-08-24 2:59 ` Alexei Starovoitov
2017-08-24 2:59 ` Alexei Starovoitov
2017-08-25 8:17 ` Mickaël Salaün
2017-08-25 8:17 ` [kernel-hardening] " Mickaël Salaün
2017-08-25 8:17 ` Mickaël Salaün
2017-08-25 8:17 ` Mickaël Salaün
2017-09-01 10:25 ` Alban Crequy
2017-09-01 10:25 ` [kernel-hardening] " Alban Crequy
2017-09-01 10:25 ` Alban Crequy
2017-09-01 10:25 ` Alban Crequy
2017-09-01 10:25 ` Alban Crequy
2017-09-02 13:19 ` Mickaël Salaün
2017-09-02 13:19 ` [kernel-hardening] " Mickaël Salaün
2017-09-02 13:19 ` Mickaël Salaün
2017-09-02 13:19 ` Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 09/10] bpf,landlock: Add tests for Landlock Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` [PATCH net-next v7 10/10] landlock: Add user and kernel documentation " Mickaël Salaün
2017-08-21 0:09 ` [kernel-hardening] " Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-21 0:09 ` Mickaël Salaün
2017-08-28 3:38 ` James Morris [this message]
2017-08-28 3:38 ` [kernel-hardening] [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing James Morris
2017-08-28 3:38 ` James Morris
2017-08-28 3:38 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.20.1708281335290.8842@namei.org \
--to=jmorris@namei.org \
--cc=acme@kernel.org \
--cc=ast@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=drysdale@google.com \
--cc=ebiederm@xmission.com \
--cc=james.l.morris@oracle.com \
--cc=jann@thejh.net \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mic@digikod.net \
--cc=mjg59@srcf.ucam.org \
--cc=mtk.manpages@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sargun@sargun.me \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=tgraf@suug.ch \
--cc=tj@kernel.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.