[RFC PATCH v2] security,lockdown,selinux: implement SELinux lockdown
James Morris
jmorris at namei.org
Wed Nov 27 17:22:10 UTC 2019
On Wed, 27 Nov 2019, Stephen Smalley wrote:
> avc: denied { confidentiality } for pid=4628 comm="cp"
> lockdown_reason="/proc/kcore access"
> scontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023
> tclass=lockdown permissive=0
>
> Signed-off-by: Stephen Smalley <sds at tycho.nsa.gov>
> ---
> include/linux/lsm_audit.h | 2 ++
> include/linux/security.h | 2 ++
> security/lockdown/lockdown.c | 24 -----------------------
> security/lsm_audit.c | 5 +++++
> security/security.c | 30 +++++++++++++++++++++++++++++
> security/selinux/hooks.c | 30 +++++++++++++++++++++++++++++
> security/selinux/include/classmap.h | 2 ++
> 7 files changed, 71 insertions(+), 24 deletions(-)
LGTM.
Reviewed-by: James Morris <jamorris at linux.microsoft.com>
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list