From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from namei.org ([65.99.196.166]:33474 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725972AbeI1EeO (ORCPT ); Fri, 28 Sep 2018 00:34:14 -0400 Date: Fri, 28 Sep 2018 08:13:32 +1000 (AEST) From: James Morris To: Casey Schaufler cc: LSM , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= , Salvatore Mesoraca Subject: Re: [PATCH v4 04/19] SELinux: Remove cred security blob poisoning In-Reply-To: <5360cd42-5827-58af-515c-6e1ded1d9154@schaufler-ca.com> Message-ID: References: <5360cd42-5827-58af-515c-6e1ded1d9154@schaufler-ca.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Fri, 21 Sep 2018, Casey Schaufler wrote: > The SELinux specific credential poisioning only makes sense > if SELinux is managing the credentials. As the intent of this > patch set is to move the blob management out of the modules > and into the infrastructure, the SELinux specific code has > to go. The poisioning could be introduced into the infrastructure > at some later date. If it's useful, it should be incorporated into core LSM, otherwise that's a regression for SELinux. -- James Morris