Re: [PATCH 4/5] Make LSM Writable Hooks a command line option

From: Tetsuo Handa
Date: Tue Jun 06 2017 - 07:42:37 EST

Next message: Igor Stoppa: "Re: [PATCH 2/5] Protectable Memory Allocator"
Previous message: Adrian Hunter: "[PATCH V4 2/2] scsi: ufshcd-pci: Add Intel CNL support"
In reply to: Igor Stoppa: "Re: [PATCH 4/5] Make LSM Writable Hooks a command line option"
Next in thread: Igor Stoppa: "Re: [PATCH 4/5] Make LSM Writable Hooks a command line option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Igor Stoppa wrote:
> Who decides when enough is enough, meaning that all the needed modules
> are loaded?
> Should I provide an interface to user-space? A sysfs entry?

No such interface is needed. Just an API for applying set_memory_rw()
and set_memory_ro() on LSM hooks is enough.

security_add_hooks() can call set_memory_rw() before adding hooks and
call set_memory_ro() after adding hooks. Ditto for security_delete_hooks()
for SELinux's unregistration.

Next message: Igor Stoppa: "Re: [PATCH 2/5] Protectable Memory Allocator"
Previous message: Adrian Hunter: "[PATCH V4 2/2] scsi: ufshcd-pci: Add Intel CNL support"
In reply to: Igor Stoppa: "Re: [PATCH 4/5] Make LSM Writable Hooks a command line option"
Next in thread: Igor Stoppa: "Re: [PATCH 4/5] Make LSM Writable Hooks a command line option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]