On Fri, 2017-10-20 at 07:16 -0400, Neil Horman wrote:
> On Wed, Oct 18, 2017 at 11:05:09PM +0800, Xin Long wrote:
> > On Tue, Oct 17, 2017 at 9:58 PM, Richard Haines
> > wrote:
> > > Add security hooks to allow security modules to exercise access
> > > control
> >
The existing BPRM_CHECK functionality in IMA validates against the
credentials of the existing process, not any new credentials that the
child process may transition to. Add an additional CREDS_CHECK target
and refactor IMA to pass the appropriate creds structure. In
ima_bprm_check(), check with
Performs exact match if a property key of property contexts ends with '$'
instead of prefix match.
This will enable to define an exact rule which can avoid unexpected
context assignment.
Signed-off-by: Jaekyun Seok
---
libselinux/src/label_backends_android.c | 9 +++--
On Wed, 18 Oct 2017, Chenbo Feng wrote:
> From: Chenbo Feng
>
> Introduce several LSM hooks for the syscalls that will allow the
> userspace to access to eBPF object such as eBPF programs and eBPF maps.
> The security check is aimed to enforce a per object security protection
On 10/19/2017 4:14 PM, Matthew Garrett wrote:
> For IMA purposes, we want to be able to obtain the prepared secid in the
> bprm structure before the credentials are committed. Add a cred_getsecid
> hook that makes this possible.
>
> Signed-off-by: Matthew Garrett
> Cc: Paul
On Wed, 18 Oct 2017, Chenbo Feng wrote:
> From: Chenbo Feng
>
> Implement the actual checks introduced to eBPF related syscalls. This
> implementation use the security field inside bpf object to store a sid that
> identify the bpf object. And when processes try to access the
On Wed, Oct 18, 2017 at 11:05:09PM +0800, Xin Long wrote:
> On Tue, Oct 17, 2017 at 9:58 PM, Richard Haines
> wrote:
> > Add security hooks to allow security modules to exercise access control
> > over SCTP.
> >
> > Signed-off-by: Richard Haines
On Tue, 17 Oct 2017, Richard Haines wrote:
> The SCTP security hooks are explained in:
> Documentation/security/LSM-sctp.txt
>
> Signed-off-by: Richard Haines
> ---
> Documentation/security/LSM-sctp.txt | 212
>
>
Series applied.
On Fri, Oct 20, 2017 at 8:04 PM, Richard Haines
wrote:
> On Fri, 2017-10-20 at 07:16 -0400, Neil Horman wrote:
>> On Wed, Oct 18, 2017 at 11:05:09PM +0800, Xin Long wrote:
>> > On Tue, Oct 17, 2017 at 9:58 PM, Richard Haines
>> >
Please hold off on submission. We're discussing if this is really necessary.
On Thu, Oct 19, 2017 at 4:49 PM, Jaekyun Seok via Selinux
wrote:
> Performs exact match if a property key of property contexts ends with '$'
> instead of prefix match.
>
> This will enable to
On Fri, Oct 20, 2017 at 7:54 AM, Jeffrey Vander Stoep via Selinux
wrote:
> Please hold off on submission. We're discussing if this is really necessary.
Yeah I'd like to hear about what issues the current longest match
logic was causing
in the commit message.
>
> On Thu,
On Thu, Oct 19, 2017 at 3:12 PM, Nicolas Iooss wrote:
> On Thu, Oct 19, 2017 at 9:46 PM, Stephen Smalley wrote:
>> On Thu, 2017-10-19 at 14:27 -0400, Stephen Smalley wrote:
>>> On Thu, 2017-10-19 at 09:25 -0700, William Roberts wrote:
>>> > On Thu, Oct
On Tue, 2017-10-17 at 14:59 +0100, Richard Haines wrote:
> The SELinux SCTP implementation is explained in:
> Documentation/security/SELinux-sctp.txt
>
> Signed-off-by: Richard Haines
> ---
> Documentation/security/SELinux-sctp.txt | 108 +
>
14 matches
Mail list logo