Re: [PATCH v4 04/19] SELinux: Remove cred security blob poisoning

From: James Morris
Date: Thu Sep 27 2018 - 18:13:49 EST

Next message: Tycho Andersen: "Re: [PATCH v7 5/6] seccomp: add a way to pass FDs via a notification fd"
Previous message: Tycho Andersen: "Re: [PATCH v7 5/6] seccomp: add a way to pass FDs via a notification fd"
Next in thread: Casey Schaufler: "Re: [PATCH v4 04/19] SELinux: Remove cred security blob poisoning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 21 Sep 2018, Casey Schaufler wrote:

> The SELinux specific credential poisioning only makes sense
> if SELinux is managing the credentials. As the intent of this
> patch set is to move the blob management out of the modules
> and into the infrastructure, the SELinux specific code has
> to go. The poisioning could be introduced into the infrastructure
> at some later date.

If it's useful, it should be incorporated into core LSM, otherwise that's
a regression for SELinux.

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Tycho Andersen: "Re: [PATCH v7 5/6] seccomp: add a way to pass FDs via a notification fd"
Previous message: Tycho Andersen: "Re: [PATCH v7 5/6] seccomp: add a way to pass FDs via a notification fd"
Next in thread: Casey Schaufler: "Re: [PATCH v4 04/19] SELinux: Remove cred security blob poisoning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]