Re: [PATCH 4/7] Teach SELinux about a new userfaultfd class

On Sat, Oct 12, 2019 at 5:12 PM Daniel Colascione wrote: > > On Sat, Oct 12, 2019 at 4:09 PM Andy Lutomirski wrote: > > > > On Sat, Oct 12, 2019 at 12:16 PM Daniel Colascione > > wrote: > > > > > > Use the secure anonymous inode LSM hook we just added to let SELinux > > > policy place restricti

Re: [PATCH 4/7] Teach SELinux about a new userfaultfd class

On Sat, Oct 12, 2019 at 4:09 PM Andy Lutomirski wrote: > > On Sat, Oct 12, 2019 at 12:16 PM Daniel Colascione wrote: > > > > Use the secure anonymous inode LSM hook we just added to let SELinux > > policy place restrictions on userfaultfd use. The create operation > > applies to processes creatin

Re: [PATCH 4/7] Teach SELinux about a new userfaultfd class

On Sat, Oct 12, 2019 at 12:16 PM Daniel Colascione wrote: > > Use the secure anonymous inode LSM hook we just added to let SELinux > policy place restrictions on userfaultfd use. The create operation > applies to processes creating new instances of these file objects; > transfer between processes

[PATCH 4/7] Teach SELinux about a new userfaultfd class

Use the secure anonymous inode LSM hook we just added to let SELinux policy place restrictions on userfaultfd use. The create operation applies to processes creating new instances of these file objects; transfer between processes is covered by restrictions on read, write, and ioctl access already c