Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 May 2016 08:19:34 +1000 (AEST)
From: James Morris <>
To: Kees Cook <>
cc: Mickaël Salaün <>,
        linux-security-module <>,
        Andreas Gruenbacher <>,
        Andy Lutomirski <>,
        Andy Lutomirski <>, Arnd Bergmann <>,
        Casey Schaufler <>,
        Daniel Borkmann <>,
        David Drysdale <>, Eric Paris <>,
        James Morris <>,
        Jeff Dike <>, Julien Tinnes <>,
        Michael Kerrisk <>, Paul Moore <>,
        Richard Weinberger <>,
        "Serge E . Hallyn" <>,
        Stephen Smalley <>,
        Tetsuo Handa <>,
        Will Drewry <>, Linux API <>,
        "" <>
Subject: Re: [RFC v1 00/17] seccomp-object: From attack surface reduction to

On Wed, 27 Apr 2016, Kees Cook wrote:

> Doing "b" means writing a policy engine. I would expect it to look a
> lot like either AppArmor or TOMOYO. TOMOYO has network structure
> processing, so probably it would look more like TOMOYO if you wanted
> more than just file paths. Maybe a seccomp LSM could share logic from
> one of the existing path-based LSMs.

Right, and that LSM should probably be AppArmor, which is actually being 
used and maintained.

James Morris

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.