Re: [GIT PULL] selinux/selinux-pr-20250323

From: Paul Moore
Date: Wed Mar 26 2025 - 14:37:04 EST

Next message: Andrew Lunn: "Re: [PATCH] net: dsa: felix: check felix_cpu_port_for_conduit() for failure"
Previous message: Vitaliy Shevtsov: "[PATCH v2] net: dsa: felix: check felix_cpu_port_for_conduit() for failure"
In reply to: Linus Torvalds: "Re: [GIT PULL] selinux/selinux-pr-20250323"
Next in thread: Linus Torvalds: "Re: [GIT PULL] selinux/selinux-pr-20250323"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 25, 2025 at 7:02 PM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Sun, 23 Mar 2025 at 12:39, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> >
> > - Add additional SELinux access controls for kernel file reads/loads
> >
> > The SELinux kernel file read/load access controls were never updated
> > beyond the initial kernel module support, this pull request adds
> > support for firmware, kexec, policies, and x.509 certificates.
>
> Honestly, is there a *reason* for this, or is this just some misguided
> "for completeness" issue?
>
> Because dammit, adding more complexity to the security rules isn't a
> feature, and isn't security. It's just theater ...

>From my perspective this is largely a continuation of our discussion
last April, and considering that you ignored my response then, I'm not
sure typing out a meaningful reply here is a good use of my time.
Anyone who is interested can find that thread on lore, unfortunately
much of my response still applies.

--
paul-moore.com

Next message: Andrew Lunn: "Re: [PATCH] net: dsa: felix: check felix_cpu_port_for_conduit() for failure"
Previous message: Vitaliy Shevtsov: "[PATCH v2] net: dsa: felix: check felix_cpu_port_for_conduit() for failure"
In reply to: Linus Torvalds: "Re: [GIT PULL] selinux/selinux-pr-20250323"
Next in thread: Linus Torvalds: "Re: [GIT PULL] selinux/selinux-pr-20250323"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]