LSM stacking in next for 6.1?
Casey Schaufler
casey at schaufler-ca.com
Wed Sep 7 00:39:44 UTC 2022
On 9/6/2022 5:10 PM, John Johansen wrote:
> sorry I am wayyyy behind on this, so starting from here
>
> On 9/6/22 16:24, Paul Moore wrote:
>> I can't currently in good conscience defend the kernel/userspace
>> combined label interfaces as "good", especially when we have a very
>> rare opportunity to do better.
>>
>
> so I am going to grab and hold onto
>>>> Further, I think we can add the new syscall API separately from the
>>>> LSM stacking changes as they do have standalone value.
>>>
>
> what I think Paul is saying is we can move the LSM stacking patches
> forward by removing the combined label interface.
Do you mean /proc/self/attr/interface_lsm? /proc/.../attr/context?
> They won't be as
> useful but it would be a huge step forward, and the next step could
> be the syscall API.
More information about the Linux-security-module-archive
mailing list