Re: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor
From: Madhavan T. Venkataraman <hidden>
Date: 2020-07-28 17:08:54
Also in:
linux-arm-kernel, linux-fsdevel, linux-integrity, linux-security-module, lkml
Possibly related (same subject, not in this thread)
- 2020-08-04 · Re: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor · Madhavan T. Venkataraman <hidden>
- 2020-08-04 · Re: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor · Madhavan T. Venkataraman <hidden>
- 2020-08-04 · RE: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor · David Laight <hidden>
- 2020-08-04 · RE: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor · David Laight <hidden>
- 2020-08-04 · Re: [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor · Mark Rutland <mark.rutland@arm.com>
On 7/28/20 12:05 PM, James Morris wrote:
On Tue, 28 Jul 2020, Casey Schaufler wrote:quoted
You could make a separate LSM to do these checks instead of limiting it to SELinux. Your use case, your call, of course.It's not limited to SELinux. This is hooked via the LSM API and implementable by any LSM (similar to execmem, execstack etc.)
Yes. I have an implementation that I am testing right now that defines the hook for exectramp and implements it for SELinux. That is why I mentioned SELinux. Madhavan