Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 11 Jul 2017 20:12:14 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: igor.stoppa@...wei.com, jglisse@...hat.com, keescook@...omium.org,
        mhocko@...nel.org, jmorris@...ei.org, labbott@...hat.com,
        hch@...radead.org
Cc: paul@...l-moore.com, sds@...ho.nsa.gov, casey@...aufler-ca.com,
        linux-security-module@...r.kernel.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH v10 0/3] mm: security: ro protection for dynamic data

Igor Stoppa wrote:
> - I had to rebase Tetsuo Handa's patch because it didn't apply cleanly
>   anymore, I would appreciate an ACK to that or a revised patch, whatever 
>   comes easier.

Since we are getting several proposals of changing LSM hooks and both your proposal
and Casey's "LSM: Security module blob management" proposal touch same files, I think
we can break these changes into small pieces so that both you and Casey can make
future versions smaller.

If nobody has objections about direction of Igor's proposal and Casey's proposal,
I think merging only "[PATCH 2/3] LSM: Convert security_hook_heads into explicit
array of struct list_head" from Igor's proposal and ->security accessor wrappers (e.g.

  #define selinux_security(obj) (obj->security)
  #define smack_security(obj) (obj->security)
  #define tomoyo_security(obj) (obj->security)
  #define apparmor_security(obj) (obj->security)

) from Casey's proposal now helps solving deadlocked situation.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.