Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock

From: Kees Cook
Date: Thu Sep 13 2018 - 20:03:19 EST

Next message: Casey Schaufler: "Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock"
Previous message: Miguel Ojeda: "[PATCH 2/2] Compiler Attributes: naked can be shared"
In reply to: John Johansen: "Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock"
Next in thread: Paul Moore: "Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 13, 2018 at 4:51 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 9/13/2018 4:06 PM, Kees Cook wrote:
>> If security= is
>> specified, all other major LSMs are disabled (i.e. it is not possible
>> to switch between SELinux/AppArmor/SMACK without also disabling
>> TOMOYO).
>
> Correct.

If we assume patch 10 is the way forward, how could we go about fixing
this specific problem?

-Kees

--
Kees Cook
Pixel Security

Next message: Casey Schaufler: "Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock"
Previous message: Miguel Ojeda: "[PATCH 2/2] Compiler Attributes: naked can be shared"
In reply to: John Johansen: "Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock"
Next in thread: Paul Moore: "Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]