... carefully neutral regarding the static/dynamic LSM issue. I was involved ... seem to be (1) some people use the LSM interface for ... not sure why, I expect to be scorched by this. Try ... tree discussion is independent of LSM. Casey Schaufler casey@schaufler-ca ...

linux-kernel - Casey Schaufler - Oct 17 2007 - 22:03

... Andrew, when he sent it on to me, said that the SuSE > ... Quoting from commit 20510f2f (Convert LSM into a static interface): > In a nutshell, there is no safe way to unload ... API and dangerous, e.g. silently re-vectoring SELinux. This is idiotic. Just ...

linux-kernel - Andreas Gruenbacher - Oct 19 2007 - 16:26

... seem to be (1) some people use the LSM interface > for ... you issue kernel commandline options to disable security entirely). This takes ... the main performance overheads of LSM (many many function pointer calls ... it a lot easier and cleaner to do things this way ...

linux-kernel - Arjan van de Ven - Oct 17 2007 - 23:06

... : > Quoting from commit 20510f2f (Convert LSM into a static interface): > > In a nutshell, there is no safe way to unload an LSM. ... > > API and dangerous, e.g. silently re-vectoring SELinux. > > This is idiotic. Just because there ...

linux-kernel - James Morris - Oct 19 2007 - 17:07

... versions, they are incredibly vague and subject to interpretation. But they are part ... of reasons why someone either cannot re-compile a kernel, or just does ... doing something to the LSM interface. Certainly a configuration option that statically inlines ...

linux-kernel - Crispin Cowan - Oct 23 2007 - 01:14

... summed it up: irrevocably closing >>> the LSM prevents commercial customers from using security ... build their own kernels, >> with their own LSM interfaces, and get the exact same ... Pearl S. Buck - Dragon Seed - To unsubscribe from this list: send the ...

linux-kernel - Adrian Bunk - Oct 23 2007 - 12:05

... summed it up: irrevocably closing >> the LSM prevents commercial customers from using security modules ... their own kernels, > with their own LSM interfaces, and get the exact same ... " in the body of a message to majordomo@vger.kernel.org More majordomo ...

linux-kernel - Avi Kivity - Oct 22 2007 - 13:47

... this is > > >something we can easily re-visit. > > > > > > > I do have a pseudo ... for reverting the > static LSM patch. I don't want to argue for or against the actual ... arjan@linux.intel.com> Subject: revert the modular LSM patch Since there is ...

linux-kernel - Arjan van de Ven - Oct 23 2007 - 00:09

... or during runtime (sysfs params). This LSM is > basically grants extra rights unlike ... > already.) But his is against LSM design (and first agreements about LSM ... bypass standard unix permissions. ciao cate - To unsubscribe from this list: send the ...

linux-kernel - Giacomo Catenazzi - Oct 23 2007 - 01:44

... is something we can easily > > >re-visit. > > > > I do have a ... appears to be a case for reverting the > static LSM patch ... Jan the only people to write such LSMs, or how many ... fixed problem with getting the LSMs submitted and included. > - James cu ...

linux-kernel - Adrian Bunk - Oct 21 2007 - 18:59

... their own kernels, with their own LSM interfaces, and get the exact same ... other regulatory laws require these customers to use "standard > kernels", the result is ... where the > security framework is coupled to the distribution. Wait, what? Since when ...

linux-kernel - Greg KH - Oct 21 2007 - 23:59

... reason I think keeping LSM is the right thing to do. Wait, we ... issues that are present with the LSM option enabled right now. thanks, greg k-h - To unsubscribe from this list: send the ... in the body of a message to majordomo@vger.kernel.org More ...

linux-kernel - Greg KH - Oct 22 2007 - 12:56

... or during runtime (sysfs params). This LSM is >>> basically grants extra rights unlike ... >>> already.) >> But his is against LSM design (and first agreements about LSM): ... know what we do ;-) ciao cate - To unsubscribe from this list: send the ...

linux-kernel - Giacomo A. Catenazzi - Oct 23 2007 - 05:14

... It's using the LSM hooks to get interesting informations from ... on the project, as a 'LSM user', my main concern is ... for features: 1/ more hooks static struct security_operations snet_security_ops = { .socket_create = snet_socket_create ...

linux-kernel - Samir Bellabes - Oct 26 2007 - 06:40

... But as long as we're here, let me elaborate on ... remark on the patch closing LSM to modules has also not ... 1. a kernel configured with statically-linked hooks into exactly one ... for your consideration, Tommy F. - To unsubscribe from this list: send ...

linux-kernel - Thomas Fricaccia - Oct 22 2007 - 13:00

... is > > > >something we can easily re-visit. > > > > > > > > > > I do have a ... a case for reverting the > > static LSM patch. > > I don't ... the modular interface, but it's very difficult to have rational ... I can't see anyway to help out the modular case ...

linux-kernel - Chris Wright - Oct 23 2007 - 01:16

... the conversion, if there are really so many external LSM modules ... enterprise > failure if you had to re-compile the kernel from ... solved in other ways, so to simplify also the life of ... build-in" peoples. ciao cate - To unsubscribe from this list: send ...

linux-kernel - Giacomo A. Catenazzi - Oct 23 2007 - 04:17

... or during runtime (sysfs params). This LSM is >> basically grants extra rights unlike ... >> already.) > >But his is against LSM design (and first agreements about LSM): ... , because that is obviously too much. - To unsubscribe from this list: send the ...

linux-kernel - Jan Engelhardt - Oct 23 2007 - 04:55

... or during runtime (sysfs params). This LSM is > >> basically grants extra rights unlike ... >> already.) > > > >But his is against LSM design (and first agreements about LSM): ... caps (setuid and file capabilities are subject to the capbound). So there is ...

linux-kernel - Serge E. Hallyn - Oct 23 2007 - 11:20

... discussion points. Sarbox has > > nothing to say on "using vendor linux ... what kernels one is allowed to load. More > generally, this change ... developers who want to modify > their LSM to reboot, where they ... apply it if you must to bake the kernel developer's ...

linux-kernel - Alan Cox - Oct 22 2007 - 12:50