Re: [RFC PATCH 5/5] selinux: Add SCTP support

On Tue, 2017-10-31 at 15:16 -0200, Marcelo Ricardo Leitner wrote: > On Tue, Oct 17, 2017 at 02:59:53PM +0100, Richard Haines wrote: > > The SELinux SCTP implementation is explained in: > > Documentation/security/SELinux-sctp.txt > > > > Signed-off-by: Richard Haines

Re: [RFC PATCH] xfrm: fix regression introduced by xdst pcpu cache

On Tue, Oct 31, 2017 at 7:08 PM, Florian Westphal wrote: > Paul Moore wrote: >> On Mon, Oct 30, 2017 at 10:58 AM, Stephen Smalley wrote: >> > matching before (as in this patch) or after calling xfrm_bundle_ok()? >> >> I would probably

Re: [RFC v0.1][PATCH] selinuxns: extend namespace support to security.selinux xattrs

On Wed, 2017-11-01 at 17:40 +1100, James Morris wrote: > On Tue, 31 Oct 2017, Stephen Smalley wrote: > > > This btw would be a bit cleaner if we dropped the .ns. portion of > > the > > name, such that we would have: > > security.selinux # xattr name in the init namespace > > security.selinux.vmN

Re: [RFC PATCH] xfrm: fix regression introduced by xdst pcpu cache

On Wed, 2017-11-01 at 00:08 +0100, Florian Westphal wrote: > Paul Moore wrote: > > On Mon, Oct 30, 2017 at 10:58 AM, Stephen Smalley > v> wrote: > > > matching before (as in this patch) or after calling > > > xfrm_bundle_ok()? > > > > I would probably

Re: [RFC PATCH] xfrm: fix regression introduced by xdst pcpu cache

Paul Moore wrote: > On Mon, Oct 30, 2017 at 10:58 AM, Stephen Smalley wrote: > > matching before (as in this patch) or after calling xfrm_bundle_ok()? > > I would probably make the LSM call the last check, as you've done; but > I have to say that is just

Re: [RFC v0.1][PATCH] selinuxns: extend namespace support to security.selinux xattrs

On Tue, 31 Oct 2017, Stephen Smalley wrote: > This btw would be a bit cleaner if we dropped the .ns. portion of the > name, such that we would have: > security.selinux # xattr name in the init namespace > security.selinux.vmN # xattr name in the vmN namespace > security.selinux.vmN.vmM # xattr