Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 14 Feb 2017 09:21:23 -0800
From: Kees Cook <>
To: James Morris <>
Cc: linux-security-module <>, SE Linux <>, 
	"" <>
Subject: Re: [RFC v2 PATCH 0/2] security: mark LSM hooks
 with __ro_after_init

On Tue, Feb 14, 2017 at 5:15 AM, James Morris <> wrote:
> Updated and simplified down to two patches.
> Following feedback from the list, I've added a new config option to handle
> the case where SELinux still needs to disable its hooks at runtime (and
> thus the hooks must be writable in that case).
> I've dropped the Netfilter hooks patch as I realized that the hook ops
> list structures could be modified after init by the core NF code.
> The SELinux Netlink message patch has been merged, and Mimi is reviewing
> the IMA default policy patch (it's not affected by LSM hook requirements
> and can be merged separately).
> ---
> James Morris (2):
>   security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
>   security: mark LSM hooks as __ro_after_init

Please consider these both:

Acked-by: Kees Cook <>


Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.