Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

2017-06-12 23:31 GMT+02:00 Casey Schaufler : > Return the error reported by the hook rather than -EPERM. Agreed, anyway this part will be, probably, dropped in the next version (read Greg and Krzysztof answers). I'm sorry :( Thank you very much for the time you spent on

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

2017-06-12 21:38 GMT+02:00 Greg Kroah-Hartman : > No, like Krzysztof said, you can already do this today, just fine, from > userspace. I think that support has been there for over a decade now, > why are you not taking advantage of this already? > No need to add extra

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

2017-06-12 19:35 GMT+02:00 Krzysztof Opasiak : > Could you please explain me why we need LSM for this? > > There are tools like usbguard[1] and as far as I can tell it looks like they > can do everything for you... I have to admit that this is the first time I read about

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

Hi Salvatore, [auto build test ERROR on security/next] [also build test ERROR on v4.12-rc5] [cannot apply to next-20170609] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url:

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

Hi Salvatore, [auto build test WARNING on security/next] [also build test WARNING on v4.12-rc5] [cannot apply to next-20170609] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url:

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

On 6/12/2017 9:56 AM, Salvatore Mesoraca wrote: > Creation of a new LSM hook that can be used to authorize or deauthorize > new USB devices via the usb authorization interface. > The same hook can also prevent the authorization of a USB device via > "/sys/bus/usb/devices/DEVICE/authorized". >

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

On Mon, Jun 12, 2017 at 06:56:52PM +0200, Salvatore Mesoraca wrote: > Creation of a new LSM hook that can be used to authorize or deauthorize > new USB devices via the usb authorization interface. > The same hook can also prevent the authorization of a USB device via >

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

Hi, On 06/12/2017 06:56 PM, Salvatore Mesoraca wrote: Creation of a new LSM hook that can be used to authorize or deauthorize new USB devices via the usb authorization interface. The same hook can also prevent the authorization of a USB device via "/sys/bus/usb/devices/DEVICE/authorized". Using

[PATCH 03/11] Creation of "usb_device_auth" LSM hook

Creation of a new LSM hook that can be used to authorize or deauthorize new USB devices via the usb authorization interface. The same hook can also prevent the authorization of a USB device via "/sys/bus/usb/devices/DEVICE/authorized". Using this hook an LSM could provide an higher level of