Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mm code
From: Chris Wright
Date: Thu Jun 22 2006 - 15:21:33 EST
* Serge E. Hallyn (serue@xxxxxxxxxx) wrote:
> sorry if I'm being dense - what is actually being protected against
> here? The only thing I can think of is one process causing performance
> degradation to another by moving it's memory further from it's cpu on a
> NUMA machine.
There's been a short series of patches (plus a short doc from James) to
deal with code that's already doing uid/euid capable() checks w/out a
corresponding LSM hook. IOW, it's already been recognized as security
sensitive and has DAC check w/out corresponding MAC check. It's a small
issue with relatively minor security impacts, but is completing
mediation.
thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/