On Wed, Jul 18, 2007 at 10:42:09PM -0400, James Morris wrote:
On Wed, 18 Jul 2007, Andrew Morton wrote:
aww man, you passed over an opportunity to fix vast amounts of coding style
cruftiness.
GregKH-esque :-)
Yeah, sorry, that was when I was young and foolish and liked to bang on
the
On Wed, Jul 18, 2007 at 06:35:03PM -0700, Andrew Morton wrote:
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
James Morris [EMAIL PROTECTED] wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
Quoting Christian Ehrhardt ([EMAIL PROTECTED]):
On Wed, Jul 18, 2007 at 06:35:03PM -0700, Andrew Morton wrote:
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
James Morris [EMAIL PROTECTED] wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
If we could get a few (non-afilliated :) people who work with
customers in the security field to tell us whether this is being
used, that would be very helpful. Not sure how to get that.
The mainline kernel does not cater to out of tree code.
Or
Quoting James Morris ([EMAIL PROTECTED]):
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
If we could get a few (non-afilliated :) people who work with
customers in the security field to tell us whether this is being
used, that would be very helpful. Not sure how to get that.
The mainline
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
It's already pretty clear.
I doubt anyone not on lkml or linux-security-module has heard of this.
So we'll see.
(I was, obviously, talking about end-users)
If distributions are shipping binary modules and other out of tree code to
their
On Thu, 19 Jul 2007, Jim Kovaric wrote:
IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
loadable module,
which is an out of tree module, and registers itself as a security
module during the TAMOS startup
process. It also requires that SElinux be disabled
Please
On Thu, Jul 19, 2007 at 07:56:53AM -0500, Scott Preece wrote:
On 7/19/07, James Morris [EMAIL PROTECTED] wrote:
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
If we could get a few (non-afilliated :) people who work with
customers in the security field to tell us whether this is being
used,
On Thu, 19 Jul 2007, James Morris wrote:
On Thu, 19 Jul 2007, Jim Kovaric wrote:
IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
loadable module,
which is an out of tree module, and registers itself as a security
module during the TAMOS startup
process. It
Quoting James Morris ([EMAIL PROTECTED]):
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
It's already pretty clear.
I doubt anyone not on lkml or linux-security-module has heard of this.
So we'll see.
(I was, obviously, talking about end-users)
If distributions are shipping
On Wed, 2007-07-18 at 18:15 -0700, Casey Schaufler wrote:
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
...
I do have a hackish newsmack command, which I should probably include.
All it does is write the new label to /proc/self/attr/current and
exec
On Thu, 19 Jul 2007, Joshua Brindle wrote:
I also see an effort that's SELinux specific. Should be fun.
The SELinux part is going to be a profile on top of the generic part so there
shouldn't be any conflicts in the implementation.
I wonder if it'd be worth setting up a mailing list
On Wed, 2007-07-18 at 20:46 -0700, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Tue, 2007-07-17 at 19:59 -0700, Casey Schaufler wrote:
- Speaking of which, are you ok with your MAC model being overridden
by
all uid 0 processes? Or do you plan to
On Thursday, July 19 2007 10:15:53 am James Morris wrote:
On Thu, 19 Jul 2007, Joshua Brindle wrote:
I also see an effort that's SELinux specific. Should be fun.
The SELinux part is going to be a profile on top of the generic part so
there shouldn't be any conflicts in the
Quoting Stephen Smalley ([EMAIL PROTECTED]):
On Wed, 2007-07-18 at 20:46 -0700, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Tue, 2007-07-17 at 19:59 -0700, Casey Schaufler wrote:
- Speaking of which, are you ok with your MAC model being
overridden
--- James Morris [EMAIL PROTECTED] wrote:
On Thu, 19 Jul 2007, Joshua Brindle wrote:
I also see an effort that's SELinux specific. Should be fun.
The SELinux part is going to be a profile on top of the generic part so
there
shouldn't be any conflicts in the implementation.
On Thu, 2007-07-19 at 08:26 -0700, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Wed, 2007-07-18 at 18:15 -0700, Casey Schaufler wrote:
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Casey Schaufler wrote:
...
I do have a hackish newsmack
On Thu, Jul 19, 2007 at 09:19:56AM -0400, James Morris wrote:
On Thu, 19 Jul 2007, James Morris wrote:
On Thu, 19 Jul 2007, Jim Kovaric wrote:
IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
loadable module,
which is an out of tree module, and registers
On Thu, Jul 19, 2007 at 08:37:27AM -0500, Serge E. Hallyn wrote:
Quoting James Morris ([EMAIL PROTECTED]):
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
It's already pretty clear.
I doubt anyone not on lkml or linux-security-module has heard of this.
So we'll see.
(I
Right, the ability to boot with security.capability=disabpled (or
whatever) and then load a custom module without having to use a whole
new kernel is something I'm sure end-users want.
Especially since compiling a kernel which works with, say, a default
fedora install, with lvm etc, is not
Quoting Arjan van de Ven ([EMAIL PROTECTED]):
Right, the ability to boot with security.capability=disabpled (or
whatever) and then load a custom module without having to use a whole
new kernel is something I'm sure end-users want.
Especially since compiling a kernel which works with,
On Thu, Jul 19, 2007 at 09:54:30AM -0700, Arjan van de Ven wrote:
the next step after this patch is to have an option to get rid of all
the function pointer chasing (which is expensive) for the case where you
know you only want one security module (which you then can turn on or
off)... that
* Serge E. Hallyn ([EMAIL PROTECTED]) wrote:
Actually, given that when lsm was being introduced, lsm seemed to
improve performance overall, have you taken any measurements to show
that this is actually the case? Of course it makes sense that it would,
but witjout measurements we do not know.
:)
Actually, given that when lsm was being introduced, lsm seemed to
improve performance overall, have you taken any measurements to show
that this is actually the case? Of course it makes sense that it would,
but witjout measurements we do not know.
SuSE did a bunch of measurement I
Quoting Arjan van de Ven ([EMAIL PROTECTED]):
:)
Actually, given that when lsm was being introduced, lsm seemed to
improve performance overall, have you taken any measurements to show
that this is actually the case? Of course it makes sense that it would,
but witjout
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Wed, 2007-07-18 at 20:46 -0700, Casey Schaufler wrote:
--- Stephen Smalley [EMAIL PROTECTED] wrote:
On Tue, 2007-07-17 at 19:59 -0700, Casey Schaufler wrote:
- Speaking of which, are you ok with your MAC model being
overridden by
On Thu, Jul 19, 2007 at 10:15:53AM -0400, James Morris wrote:
On Thu, 19 Jul 2007, Joshua Brindle wrote:
I also see an effort that's SELinux specific. Should be fun.
The SELinux part is going to be a profile on top of the generic part so
there
shouldn't be any conflicts in
27 matches
Mail list logo