Re: [PATCH V34 00/29] Lockdown as an LSM

From: James Morris
Date: Tue Jun 25 2019 - 02:04:32 EST

Next message: Stephen Rothwell: "linux-next: build failure after merge of the tip tree"
Previous message: Christoph Hellwig: "Re: [PATCH v7 3/5] usb: host: ohci-sm501: init genalloc for local memory"
In reply to: Matthew Garrett: "Re: [PATCH V34 00/29] Lockdown as an LSM"
Next in thread: John Johansen: "Re: [PATCH V34 00/29] Lockdown as an LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 24 Jun 2019, Matthew Garrett wrote:

> > We are still not resolved on granularity. Stephen has said he's not sure
> > if a useful policy can be constructed with just confidentiality and
> > integrity settings. I'd be interested to know JJ and Casey's thoughts on
> > lockdown policy flexibility wrt their respective LSMs.
>
> This implementation provides arbitrary granularity at the LSM level,
> though the lockdown LSM itself only provides two levels. Other LSMs
> can choose an appropriate level of exposure.

Ahh, OK, I only looked at the patchset description and had not looked at
V33 yet.

This is looking good.

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Stephen Rothwell: "linux-next: build failure after merge of the tip tree"
Previous message: Christoph Hellwig: "Re: [PATCH v7 3/5] usb: host: ohci-sm501: init genalloc for local memory"
In reply to: Matthew Garrett: "Re: [PATCH V34 00/29] Lockdown as an LSM"
Next in thread: John Johansen: "Re: [PATCH V34 00/29] Lockdown as an LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]