Re: [tpmdd-devel] [PATCH 4/4] keys, trusted: seal/unseal with TPM 2.0 chips

On Tue, Oct 06, 2015 at 01:16:02PM +, Fuchs, Andreas wrote: > > > I was just trying to point out that the concept is not too difficult, > > > since > > > kernel-space (minimal) resource-manager makes a lot of people go "oh god, > > > never ever, way too big, way too complicated", which IMHO

Re: [PATCH] Introduces generic __list_splice_init_rcu();

On Sun, Sep 27, 2015 at 06:10:28PM +0300, Petko Manolov wrote: > __list_splice_init_rcu() can be used to splice lists forming both stack and > queue structures, depending on its arguments. It is based on the initial > list_splice_init_rcu() with a few minor modifications to help abstracting it. >

Re: [RFC PATCH v2 5/5] selinux: introduce kdbus access controls

On 10/05/2015 10:41 PM, Paul Moore wrote: > Add the SELinux access control implementation for the new kdbus LSM > hooks using the new kdbus object class and the following permissions: > [[SNIP]] > diff --git a/security/selinux/include/classmap.h > b/security/selinux/include/classmap.h > index

RE: [tpmdd-devel] [PATCH 4/4] keys, trusted: seal/unseal with TPM 2.0 chips

> > OK, I guess we got stuck in the follow-up discussions and missed the points. > > Yup, don't get me wrong here. I like this discussion and am willing to > listen to reasonable arguments. We could not agree more. I'm always up for a good discussion... ;-) > > My 1st point is: > > > > TPM1.2's

[PATCH] af_unix: introduce unix_sk_const helper

Commit 124613012db1 ("af_unix: Convert the unix_sk macro to an inline function for type safety") was recently added to catch incorrect uses of the unix_sk helper using compiler warnings. It has now caught one such case in lsm_audit.c. The code is technically correct, but as it converts a const

Re: [RFC PATCH v2 5/5] selinux: introduce kdbus access controls

On Tuesday, October 06, 2015 08:55:33 PM Nicolas Iooss wrote: > On 10/05/2015 10:41 PM, Paul Moore wrote: > > Add the SELinux access control implementation for the new kdbus LSM > > > hooks using the new kdbus object class and the following permissions: > [[SNIP]] > > > diff --git

Re: [PATCH 1/4] firmware: generalize "firmware" as "system data" helpers

Just responding to one thing at the moment: On Mon, Oct 05, 2015 at 11:22:22PM +0200, Luis R. Rodriguez wrote: > * we should phase out the usermode helper from firmware_class long term You can "phase out", but you can not delete it as it's a user/kernel api that we have to support for forever,

Re: Will you be updating security#next for 4.4?

On Mon, 5 Oct 2015, Casey Schaufler wrote: > Hi James. I'm starting my patch processing for 4.4 and wondered > if you're planning to update security#next any time soon. > Now merged to -rc4. -- James Morris -- To unsubscribe from this list: send the line "unsubscribe

Re: [PATCH 1/4] firmware: generalize "firmware" as "system data" helpers]

On Tue, Oct 06, 2015 at 10:08:21AM +0100, Greg KH wrote: > Just responding to one thing at the moment: > > On Mon, Oct 05, 2015 at 11:22:22PM +0200, Luis R. Rodriguez wrote: > > * we should phase out the usermode helper from firmware_class long term > > You can "phase out", but you can not