Preferred subj= with multiple LSMs
James Morris
jmorris at namei.org
Tue Jul 23 21:46:58 UTC 2019
On Tue, 23 Jul 2019, Simon McVittie wrote:
> On Mon, 22 Jul 2019 at 18:30:35 -0400, Paul Moore wrote:
> > On Mon, Jul 22, 2019 at 6:01 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> > > I suggest that if supporting dbus well is assisted by
> > > making reasonable restrictions on what constitutes a valid LSM
> > > "context" that we have a good reason.
> >
> > I continue to believe that restrictions on the label format are a bad
> > idea
>
> Does this include the restriction "the label does not include \0",
> which is an assumption that dbus is already relying on since I checked
> it in the thread around
> <https://marc.info/?l=linux-security-module&m=142323508321029&w=2>?
> Or is that restriction so fundamental that it's considered OK?
Security labels are strings, so this is implied.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list