[PATCH V34 00/29] Lockdown as an LSM
James Morris
jmorris at namei.org
Tue Jun 25 06:04:15 UTC 2019
On Mon, 24 Jun 2019, Matthew Garrett wrote:
> > We are still not resolved on granularity. Stephen has said he's not sure
> > if a useful policy can be constructed with just confidentiality and
> > integrity settings. I'd be interested to know JJ and Casey's thoughts on
> > lockdown policy flexibility wrt their respective LSMs.
>
> This implementation provides arbitrary granularity at the LSM level,
> though the lockdown LSM itself only provides two levels. Other LSMs
> can choose an appropriate level of exposure.
Ahh, OK, I only looked at the patchset description and had not looked at
V33 yet.
This is looking good.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list