Re: [GIT PULL] selinux/selinux-pr-20250323
From: Paul Moore
Date: Wed Mar 26 2025 - 14:37:04 EST
On Tue, Mar 25, 2025 at 7:02 PM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Sun, 23 Mar 2025 at 12:39, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> >
> > - Add additional SELinux access controls for kernel file reads/loads
> >
> > The SELinux kernel file read/load access controls were never updated
> > beyond the initial kernel module support, this pull request adds
> > support for firmware, kexec, policies, and x.509 certificates.
>
> Honestly, is there a *reason* for this, or is this just some misguided
> "for completeness" issue?
>
> Because dammit, adding more complexity to the security rules isn't a
> feature, and isn't security. It's just theater ...
>From my perspective this is largely a continuation of our discussion
last April, and considering that you ignored my response then, I'm not
sure typing out a meaningful reply here is a good use of my time.
Anyone who is interested can find that thread on lore, unfortunately
much of my response still applies.
--
paul-moore.com