Re: [PATCH v4] security: Yama LSM

From: James Morris
Date: Tue Jun 29 2010 - 19:18:52 EST

Next message: Chris Li: "Re: BUG in drivers/dma/ioat/dma_v2.c:314"
Previous message: James Bottomley: "Re: [dm-devel] [PATCH 1/2] block: fix leaks associated withdiscard request payload"
In reply to: Kees Cook: "[PATCH v4] security: Yama LSM"
Next in thread: Kees Cook: "Re: [PATCH v4] security: Yama LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 28 Jun 2010, Kees Cook wrote:

> This adds the Yama Linux Security Module to collect several security
> features (symlink, hardlink, and PTRACE restrictions) that have existed
> in various forms over the years and have been carried outside the mainline
> kernel by other Linux distributions like Openwall and grsecurity.
>
> Signed-off-by: Kees Cook <kees.cook@xxxxxxxxxxxxx>

There were no further complaints, and we seem to have reached a workable
consensus on the topic.

It's not clear yet whether existing LSMs will modify their base policies
to incorporate these protections, utilize the Yama code more directly, or
implement some combination of both.

If you're a user of an existing LSM and want these protections, bug the
developers for a solution :-)

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Li: "Re: BUG in drivers/dma/ioat/dma_v2.c:314"
Previous message: James Bottomley: "Re: [dm-devel] [PATCH 1/2] block: fix leaks associated withdiscard request payload"
In reply to: Kees Cook: "[PATCH v4] security: Yama LSM"
Next in thread: Kees Cook: "Re: [PATCH v4] security: Yama LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]