Re: [RFC PATCH v2] security,lockdown,selinux: implement SELinux lockdown

From: James Morris <jmorris@namei.org>
Date: 2019-11-27 17:22:26
Also in: selinux

On Wed, 27 Nov 2019, Stephen Smalley wrote:

avc:  denied  { confidentiality } for pid=4628 comm="cp"
 lockdown_reason="/proc/kcore access"
 scontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023
 tcontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023
 tclass=lockdown permissive=0

Signed-off-by: Stephen Smalley <redacted>
---
 include/linux/lsm_audit.h           |  2 ++
 include/linux/security.h            |  2 ++
 security/lockdown/lockdown.c        | 24 -----------------------
 security/lsm_audit.c                |  5 +++++
 security/security.c                 | 30 +++++++++++++++++++++++++++++
 security/selinux/hooks.c            | 30 +++++++++++++++++++++++++++++
 security/selinux/include/classmap.h |  2 ++
 7 files changed, 71 insertions(+), 24 deletions(-)

LGTM.

Reviewed-by: James Morris <redacted>


-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help