Re: [GIT PULL] SELinux patches for v5.8

From: James Morris
Date: Wed Jun 03 2020 - 22:13:21 EST

Next message: Masahiro Yamada: "[PATCH v2 1/2] efi/libstub/arm64: link stub lib.a conditionally"
Previous message: Anson Huang: "[PATCH V2 2/3] dt-bindings: spi: Convert imx cspi to json-schema"
In reply to: Casey Schaufler: "Re: [GIT PULL] SELinux patches for v5.8"
Next in thread: Stephen Smalley: "Re: [GIT PULL] SELinux patches for v5.8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 3 Jun 2020, Casey Schaufler wrote:

> On 6/3/2020 3:12 PM, James Morris wrote:
> > On Wed, 3 Jun 2020, Casey Schaufler wrote:
> >
> >> The use of security modules was expected to be rare.
> > This is not correct. Capabilities were ported to LSM and stacked from the
> > beginning, and several major distros worked on LSM so they could ship
> > their own security modules.
>
> Capabilities has always been a special case.
> Until Android adopted SELinux the actual use of LSMs was rare.

Nope, it was enabled by default in several distros and very widely
deployed in the govt space (at least).

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Masahiro Yamada: "[PATCH v2 1/2] efi/libstub/arm64: link stub lib.a conditionally"
Previous message: Anson Huang: "[PATCH V2 2/3] dt-bindings: spi: Convert imx cspi to json-schema"
In reply to: Casey Schaufler: "Re: [GIT PULL] SELinux patches for v5.8"
Next in thread: Stephen Smalley: "Re: [GIT PULL] SELinux patches for v5.8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]