Re: [RFC] lsm: namespace hooks

From: Lukasz Pawelczyk
Date: Tue Dec 02 2014 - 07:43:26 EST

Next message: Cirotti-Levine, Marie: "Humble Request"
Previous message: Andy Yan: "Re: [PATCH v15 12/12] drm: bridge/dw_hdmi: add rockchip rk3288 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On czw, 2014-11-27 at 18:38 +0100, Lukasz Pawelczyk wrote:
> Right now the major issue I see is that LSM by itself is not defined how
> it's going to behave. It's up to a specific LSM module.
>
> E.g. within the Smack namespace filling the map is a privileged
> operation. So by tying them up you cripple the ability to create a fully
> working user namespace as an unprivileged process.

Entertaining the idea that LSM namespace would be tied to user namespace
(as you suggested) how do you see the limitation I described above?

--
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Cirotti-Levine, Marie: "Humble Request"
Previous message: Andy Yan: "Re: [PATCH v15 12/12] drm: bridge/dw_hdmi: add rockchip rk3288 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]