Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Feb 2018 17:36:34 +0000
From: Andy Lutomirski <>
To: Casey Schaufler <>
Cc: Andy Lutomirski <>, Alexei Starovoitov <>, 
	Mickaël Salaün <>, 
	LKML <>, Alexei Starovoitov <>, 
	Arnaldo Carvalho de Melo <>, Daniel Borkmann <>, 
	David Drysdale <>, "David S . Miller" <>, 
	"Eric W . Biederman" <>, Jann Horn <>, Jonathan Corbet <>, 
	Michael Kerrisk <>, Kees Cook <>, 
	Paul Moore <>, Sargun Dhillon <>, 
	"Serge E . Hallyn" <>, Shuah Khan <>, Tejun Heo <>, 
	Thomas Graf <>, Tycho Andersen <>, Will Drewry <>, 
	Kernel Hardening <>, Linux API <>, 
	LSM List <>, 
	Network Development <>, Andrew Morton <>
Subject: Re: [PATCH bpf-next v8 05/11] seccomp,landlock: Enforce Landlock
 programs per process hierarchy

On Tue, Feb 27, 2018 at 5:30 PM, Casey Schaufler <> wrote:
> On 2/27/2018 8:39 AM, Andy Lutomirski wrote:
>> On Tue, Feb 27, 2018 at 5:32 AM, Alexei Starovoitov
>> <> wrote:
>>> [ Snip ]
>> An earlier version of the patch set used the seccomp filter chain.
>> Mickaël, what exactly was wrong with that approach other than that the
>> seccomp() syscall was awkward for you to use?  You could add a
>> seccomp_add_landlock_rule() syscall if you needed to.
>> As a side comment, why is this an LSM at all, let alone a non-stacking
>> LSM?  It would make a lot more sense to me to make Landlock depend on
>> having LSMs configured in but to call the landlock hooks directly from
>> the security_xyz() hooks.
> Please, no. It is my serious intention to have at least the
> infrastructure blob management in within a release or two, and
> I think that's all Landlock needs. The security_xyz() hooks are
> sufficiently hackish as it is without unnecessarily adding more
> special cases.

What do you mean by "infrastructure blob management"?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.