Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 14 Feb 2017 09:21:23 -0800
From: Kees Cook <keescook@...omium.org>
To: James Morris <jmorris@...ei.org>
Cc: linux-security-module <linux-security-module@...r.kernel.org>, SE Linux <selinux@...ho.nsa.gov>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [RFC v2 PATCH 0/2] security: mark LSM hooks
 with __ro_after_init

On Tue, Feb 14, 2017 at 5:15 AM, James Morris <jmorris@...ei.org> wrote:
> Updated and simplified down to two patches.
>
> Following feedback from the list, I've added a new config option to handle
> the case where SELinux still needs to disable its hooks at runtime (and
> thus the hooks must be writable in that case).
>
> I've dropped the Netfilter hooks patch as I realized that the hook ops
> list structures could be modified after init by the core NF code.
>
> The SELinux Netlink message patch has been merged, and Mimi is reviewing
> the IMA default policy patch (it's not affected by LSM hook requirements
> and can be merged separately).
>
> ---
>
> James Morris (2):
>   security: introduce CONFIG_SECURITY_WRITABLE_HOOKS
>   security: mark LSM hooks as __ro_after_init

Please consider these both:

Acked-by: Kees Cook <keescook@...omium.org>

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.