Date: Fri, 17 Aug 2018 15:16:19 -0700 From: Casey Schaufler <casey.schaufler@...el.com> To: kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov, casey.schaufler@...el.com, dave.hansen@...el.com, deneen.t.dock@...el.com, kristen@...ux.intel.com, arjan@...ux.intel.com Subject: [PATCH RFC v2 0/5] LSM: Add and use a hook for side-channel safety checks v2: SELinux access policy corrected. Use real_cred instead of cred. This patchset provide a mechanism by which a security module can advise the system about potential side-channel vulnerabilities. If security_safe_sidechannel() returns 0 the security modules do not know of any data that would be subject to a side-channel attack. If the security module maintains data that it believes may be susceptible to a side-channel attack it will return -EACCES. Simple hooks are provided for SELinux and Smack. A new security module is provided to make determinations regarding traditional task attributes, including user IDs, capability sets and namespaces. Signed-off-by: Casey Schaufler <casey.schaufler@...el.com> --- MAINTAINERS | 6 ++ arch/x86/mm/tlb.c | 12 ++- include/linux/lsm_hooks.h | 12 +++ include/linux/security.h | 1 + security/Kconfig | 1 + security/Makefile | 2 + security/security.c | 6 ++ security/selinux/hooks.c | 9 +++ security/sidechannel/Kconfig | 60 ++++++++++++++ security/sidechannel/Makefile | 1 + security/sidechannel/sidechannel.c | 156 +++++++++++++++++++++++++++++++++++++ security/smack/smack_lsm.c | 18 +++++ 12 files changed, 280 insertions(+), 4 deletions(-)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.