On Fri, Jul 28, 2023 at 7:36 AM Ondrej Mosnacek wrote:
>
> On Fri, Jul 28, 2023 at 4:12 AM Michael Ellerman wrote:
> >
> > Ondrej Mosnacek writes:
> > > Currently, SELinux doesn't allow distinguishing between kernel threads
> > > and userspace processes that are started before the policy is
tions.
[1] http://man7.org/linux/man-pages/man7/capabilities.7.html
[2]
https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html
[3] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html
Signed-off-by: Alexey Budankov
Acked-by: Stephen Smalley
[...]
On 2/12/20 11:56 AM, Alexey Budankov wrote:
On 12.02.2020 18:45, Stephen Smalley wrote:
On 2/12/20 10:21 AM, Stephen Smalley wrote:
On 2/12/20 8:53 AM, Alexey Budankov wrote:
On 12.02.2020 16:32, Stephen Smalley wrote:
On 2/12/20 3:53 AM, Alexey Budankov wrote:
Hi Stephen,
On 22.01.2020
On 2/12/20 10:21 AM, Stephen Smalley wrote:
On 2/12/20 8:53 AM, Alexey Budankov wrote:
On 12.02.2020 16:32, Stephen Smalley wrote:
On 2/12/20 3:53 AM, Alexey Budankov wrote:
Hi Stephen,
On 22.01.2020 17:07, Stephen Smalley wrote:
On 1/22/20 5:45 AM, Alexey Budankov wrote:
On 21.01.2020 21
On 2/12/20 8:53 AM, Alexey Budankov wrote:
On 12.02.2020 16:32, Stephen Smalley wrote:
On 2/12/20 3:53 AM, Alexey Budankov wrote:
Hi Stephen,
On 22.01.2020 17:07, Stephen Smalley wrote:
On 1/22/20 5:45 AM, Alexey Budankov wrote:
On 21.01.2020 21:27, Alexey Budankov wrote:
On 21.01.2020
On 2/12/20 3:53 AM, Alexey Budankov wrote:
Hi Stephen,
On 22.01.2020 17:07, Stephen Smalley wrote:
On 1/22/20 5:45 AM, Alexey Budankov wrote:
On 21.01.2020 21:27, Alexey Budankov wrote:
On 21.01.2020 20:55, Alexei Starovoitov wrote:
On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov
wrote
On 2/6/20 1:26 PM, Alexey Budankov wrote:
On 06.02.2020 21:23, Stephen Smalley wrote:
On 2/5/20 12:30 PM, Alexey Budankov wrote:
Introduce CAP_PERFMON capability designed to secure system performance
monitoring and observability operations so that CAP_PERFMON would assist
CAP_SYS_ADMIN
all update to the selinux-testsuite to correctly
reflect the new capability requirements, but that's easy enough.
Acked-by: Stephen Smalley
---
include/linux/capability.h | 4
include/uapi/linux/capability.h | 8 +++-
security/selinux/include/classmap.h | 4 ++--
3 files c
On 1/22/20 5:45 AM, Alexey Budankov wrote:
On 21.01.2020 21:27, Alexey Budankov wrote:
On 21.01.2020 20:55, Alexei Starovoitov wrote:
On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov
wrote:
On 21.01.2020 17:43, Stephen Smalley wrote:
On 1/20/20 6:23 AM, Alexey Budankov wrote:
Introduce
On 1/20/20 6:23 AM, Alexey Budankov wrote:
Introduce CAP_PERFMON capability designed to secure system performance
monitoring and observability operations so that CAP_PERFMON would assist
CAP_SYS_ADMIN capability in its governing role for perf_events, i915_perf
and other performance monitoring
.org/linux/man-pages/man7/capabilities.7.html
Signed-off-by: Alexey Budankov
Acked-by: Stephen Smalley
Note for selinux developers: we will need to update the
selinux-testsuite tests for perf_event when/if this change lands upstream.
---
include/linux/capability.h | 4
in
l function instead of a macro would
be preferred?
Otherwise,
Acked-by: Stephen Smalley
/* audit system wants to get cap info from files as well */
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct
cpu_vfs_cap_data *cpu_caps);
diff --git a/include/uapi/linux/capability.h
Notes to kernel developers, below."
[1] http://man7.org/linux/man-pages/man7/capabilities.7.html
Signed-off-by: Alexey Budankov
Acked-by: Stephen Smalley
---
include/uapi/linux/capability.h | 8 +++-
security/selinux/include/classmap.h | 4 ++--
2 files changed, 9 insertions(+), 3
13 matches
Mail list logo
