[PATCH v14 0/3] Add trusted_for(2) (was O_MAYEXEC)
Andrew Morton
akpm at linux-foundation.org
Sun Oct 10 21:48:14 UTC 2021
On Fri, 8 Oct 2021 12:48:37 +0200 Mickaël Salaün <mic at digikod.net> wrote:
> The final goal of this patch series is to enable the kernel to be a
> global policy manager by entrusting processes with access control at
> their level. To reach this goal, two complementary parts are required:
> * user space needs to be able to know if it can trust some file
> descriptor content for a specific usage;
> * and the kernel needs to make available some part of the policy
> configured by the system administrator.
Apologies if I missed this...
It would be nice to see a description of the proposed syscall interface
in these changelogs! Then a few questions I have will be answered...
long trusted_for(const int fd,
const enum trusted_for_usage usage,
const u32 flags)
- `usage' must be equal to TRUSTED_FOR_EXECUTION, so why does it
exist? Some future modes are planned? Please expand on this.
- `flags' is unused (must be zero). So why does it exist? What are
the plans here?
- what values does the syscall return and what do they mean?
More information about the Linux-security-module-archive
mailing list