[kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per... | linux-security-module

[PATCH RFC v2 0/3] security: Add ModAutoRestrict LSM · Djalal Harouni <hidden> · 2017-04-09
[PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module · Djalal Harouni <hidden> · 2017-04-09
Re: [PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module · Casey Schaufler <casey@schaufler-ca.com> · 2017-04-10
Re: [PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module · Djalal Harouni <hidden> · 2017-04-10
Re: [PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module · Casey Schaufler <casey@schaufler-ca.com> · 2017-04-10
Re: [PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module · Djalal Harouni <hidden> · 2017-04-10
[PATCH RFC v2 3/3] Documentation: add ModAutoRestrict LSM documentation · Djalal Harouni <hidden> · 2017-04-09
[PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Djalal Harouni <hidden> · 2017-04-09
Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Casey Schaufler <casey@schaufler-ca.com> · 2017-04-10
Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Djalal Harouni <hidden> · 2017-04-10
Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Casey Schaufler <casey@schaufler-ca.com> · 2017-04-10
Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Djalal Harouni <hidden> · 2017-04-10
Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Kees Cook <hidden> · 2017-04-11
Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Casey Schaufler <casey@schaufler-ca.com> · 2017-04-11
Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Kees Cook <hidden> · 2017-04-11
Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Djalal Harouni <hidden> · 2017-04-12
Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Djalal Harouni <hidden> · 2017-04-12
Re: [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob. · Casey Schaufler <casey@schaufler-ca.com> · 2017-04-12
Re: [PATCH RFC v2 0/3] security: Add ModAutoRestrict LSM · Kees Cook <hidden> · 2017-04-11
Re: [PATCH RFC v2 0/3] security: Add ModAutoRestrict LSM · Djalal Harouni <hidden> · 2017-04-12

[kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.

From: Kees Cook <hidden>
Date: 2017-04-11 04:43:48
Also in: linux-api, lkml

On Mon, Apr 10, 2017 at 1:00 PM, Djalal Harouni [off-list ref] wrote:

On Mon, Apr 10, 2017 at 9:26 PM, Casey Schaufler [off-list ref] wrote:

quoted

I think that would be the prudent approach. There is still
the possibility that blob sharing (or full stacking, if you
prefer) won't be accepted any time soon.

Ok Casey! I will wait for more feedback, and if other maintainers do
not object, I will convert it back to rhashtables in next iterations
making sure that it should be simple to convert later to a blob
sharing mechanism.

Would it be possible just to add a single field to task_struct if this
LSM is built in? I feel like rhashtables is a huge overhead when a
single field is all that's needed.

-Kees

-- 
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help