Re: [PATCH v4 3/5] LSM: Security module checking for side-channel dangers

From: Jann Horn
Date: Fri Aug 24 2018 - 19:18:07 EST

Next message: Steven Rostedt: "Re: [PATCH v2 22/32] selftests/ftrace: Add ringbuffer size changing testcase"
Previous message: Eduardo Valentin: "Re: [PATCH V2] of: thermal: Allow multiple devices to share cooling map"
In reply to: Casey Schaufler: "[PATCH v4 3/5] LSM: Security module checking for side-channel dangers"
Next in thread: Casey Schaufler: "[PATCH v4 1/5] LSM: Introduce a hook for side-channel danger"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Aug 25, 2018 at 12:42 AM Casey Schaufler
<casey.schaufler@xxxxxxxxx> wrote:
> +config SECURITY_SIDECHANNEL_CAPABILITIES
> + bool "Sidechannel check on capability sets"
> + depends on SECURITY_SIDECHANNEL
> + depends on !SECURITY_SIDECHANNEL_ALWAYS
> + default n
> + select SECURITY_SIDECHANNEL_NAMESPACES if USER_NS
> + help
> + Assume that tasks with different sets of privilege may be
> + subject to side-channel attacks. Potential interactions
> + where the attacker lacks capabilities the attacked has
> + are blocked. Selecting this when user namespaces (USER_NS)
> + are enabled will enable SECURITY_SIDECHANNEL_NAMESPACES.

Thanks!

Next message: Steven Rostedt: "Re: [PATCH v2 22/32] selftests/ftrace: Add ringbuffer size changing testcase"
Previous message: Eduardo Valentin: "Re: [PATCH V2] of: thermal: Allow multiple devices to share cooling map"
In reply to: Casey Schaufler: "[PATCH v4 3/5] LSM: Security module checking for side-channel dangers"
Next in thread: Casey Schaufler: "[PATCH v4 1/5] LSM: Introduce a hook for side-channel danger"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]