Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mm code

From: Chris Wright
Date: Thu Jun 22 2006 - 15:21:33 EST

Next message: Pekka J Enberg: "Re: [RFC 2/4] Remove empty destructor from drivers/usb/mon/mon_text.c"
Previous message: keith mannthey: "Re: [RFC] patch [1/1] convert i386 summit subarch to useSRAT data for apicid_to_node"
In reply to: James Morris: "Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mmcode"
Next in thread: Chris Wright: "Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mm code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Serge E. Hallyn (serue@xxxxxxxxxx) wrote:
> sorry if I'm being dense - what is actually being protected against
> here? The only thing I can think of is one process causing performance
> degradation to another by moving it's memory further from it's cpu on a
> NUMA machine.

There's been a short series of patches (plus a short doc from James) to
deal with code that's already doing uid/euid capable() checks w/out a
corresponding LSM hook. IOW, it's already been recognized as security
sensitive and has DAC check w/out corresponding MAC check. It's a small
issue with relatively minor security impacts, but is completing
mediation.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pekka J Enberg: "Re: [RFC 2/4] Remove empty destructor from drivers/usb/mon/mon_text.c"
Previous message: keith mannthey: "Re: [RFC] patch [1/1] convert i386 summit subarch to useSRAT data for apicid_to_node"
In reply to: James Morris: "Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mmcode"
Next in thread: Chris Wright: "Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mm code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]