On Mon, May 29, 2017 at 01:32:38PM -0400, Mimi Zohar wrote:
> Hi Guilherme,
>
> (Wow, you should did Cc a lot of people.)
Indeed.
We have namespaced a significant amount of the IMA code so we will
continue the broadcast, under the assumption that this is of general
interest to the community.
On Mon, May 29, 2017 at 01:32:38PM -0400, Mimi Zohar wrote:
> Hi Guilherme,
>
> (Wow, you should did Cc a lot of people.)
Indeed.
We have namespaced a significant amount of the IMA code so we will
continue the broadcast, under the assumption that this is of general
interest to the community.
Hi Guilherme,
(Wow, you should did Cc a lot of people.)
On Thu, 2017-05-25 at 19:04 +, Magalhaes, Guilherme (Brazil R
CL) wrote:
> Mimi,
> With the securityfs symlink we would address the case of setting
> policy inside containers, but we still would need a way to set the
> IMA policy per
Hi Guilherme,
(Wow, you should did Cc a lot of people.)
On Thu, 2017-05-25 at 19:04 +, Magalhaes, Guilherme (Brazil R
CL) wrote:
> Mimi,
> With the securityfs symlink we would address the case of setting
> policy inside containers, but we still would need a way to set the
> IMA policy per
linux-ima-de...@lists.sourceforge.net; linux-ima-u...@lists.sourceforge.net;
linux-security-mod...@vger.kernel.org; ty...@docker.com; Souza, Joaquim (Brazil
R) <joaqu...@hpe.com>; Edwards, Nigel <nigel.edwa...@hpe.com>
Subject: Re: [RFC 04/11] ima: add support to namespace securityfs file
H
;
linux-security-mod...@vger.kernel.org; ty...@docker.com; Souza, Joaquim (Brazil
R) ; Edwards, Nigel
Subject: Re: [RFC 04/11] ima: add support to namespace securityfs file
Hi John,
On Thu, 2017-05-25 at 00:36 -0700, John Johansen wrote:
> On 05/24/2017 01:12 PM, Mimi Zohar wrote:
> &g
Hi John,
On Thu, 2017-05-25 at 00:36 -0700, John Johansen wrote:
> On 05/24/2017 01:12 PM, Mimi Zohar wrote:
> > On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote:
> >> Creating the namespace securityfs file under ima folder. When a mount
> >> namespace id is written to the namespace
Hi John,
On Thu, 2017-05-25 at 00:36 -0700, John Johansen wrote:
> On 05/24/2017 01:12 PM, Mimi Zohar wrote:
> > On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote:
> >> Creating the namespace securityfs file under ima folder. When a mount
> >> namespace id is written to the namespace
On 05/24/2017 01:12 PM, Mimi Zohar wrote:
> On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote:
>> Creating the namespace securityfs file under ima folder. When a mount
>> namespace id is written to the namespace file, a new folder is created and
>> with a policy file for that specified
On 05/24/2017 01:12 PM, Mimi Zohar wrote:
> On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote:
>> Creating the namespace securityfs file under ima folder. When a mount
>> namespace id is written to the namespace file, a new folder is created and
>> with a policy file for that specified
On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote:
> Creating the namespace securityfs file under ima folder. When a mount
> namespace id is written to the namespace file, a new folder is created and
> with a policy file for that specified namespace. Then, user defined policy
> for
On Thu, 2017-05-11 at 10:59 -0300, Guilherme Magalhaes wrote:
> Creating the namespace securityfs file under ima folder. When a mount
> namespace id is written to the namespace file, a new folder is created and
> with a policy file for that specified namespace. Then, user defined policy
> for
Hi Guilherme,
On Thu, May 11, 2017 at 10:59:56AM -0300, Guilherme Magalhaes wrote:
> +static int ima_open_namespaces(struct inode *inode, struct file *filp)
> +{
> + if (!(filp->f_flags & O_WRONLY))
> + return -EACCES;
> +
> + if (!capable(CAP_SYS_ADMIN))
> +
Hi Guilherme,
On Thu, May 11, 2017 at 10:59:56AM -0300, Guilherme Magalhaes wrote:
> +static int ima_open_namespaces(struct inode *inode, struct file *filp)
> +{
> + if (!(filp->f_flags & O_WRONLY))
> + return -EACCES;
> +
> + if (!capable(CAP_SYS_ADMIN))
> +
Creating the namespace securityfs file under ima folder. When a mount
namespace id is written to the namespace file, a new folder is created and
with a policy file for that specified namespace. Then, user defined policy
for namespaces may be set by writing rules to this namespace policy file.
With
Creating the namespace securityfs file under ima folder. When a mount
namespace id is written to the namespace file, a new folder is created and
with a policy file for that specified namespace. Then, user defined policy
for namespaces may be set by writing rules to this namespace policy file.
With
16 matches
Mail list logo
