Re: [PATCH v3 15/16] LSM: Infrastructure management of the ipc security blob

From: Kees Cook
Date: Thu Sep 20 2018 - 13:44:43 EST

Next message: Kees Cook: "Re: [PATCH v3 14/16] LSM: Infrastructure management of the task security blob"
Previous message: Sean Christopherson: "Re: [PATCH RESEND] kvm/x86: propagate fetch fault into guest"
In reply to: Casey Schaufler: "[PATCH v3 15/16] LSM: Infrastructure management of the ipc security blob"
Next in thread: Casey Schaufler: "[PATCH v3 16/16] LSM: Blob sharing support for S.A.R.A and LandLock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 19, 2018 at 5:21 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> LSM: Infrastructure management of the ipc security blob
>
> Move management of the kern_ipc_perm->security and
> msg_msg->security blobs out of the individual security
> modules and into the security infrastructure. Instead
> of allocating the blobs from within the modules the modules
> tell the infrastructure how much space is required, and
> the space is allocated there.

Maybe split this up too? (SELinux and Smack need tweaks?)

-Kees

--
Kees Cook
Pixel Security

Next message: Kees Cook: "Re: [PATCH v3 14/16] LSM: Infrastructure management of the task security blob"
Previous message: Sean Christopherson: "Re: [PATCH RESEND] kvm/x86: propagate fetch fault into guest"
In reply to: Casey Schaufler: "[PATCH v3 15/16] LSM: Infrastructure management of the ipc security blob"
Next in thread: Casey Schaufler: "[PATCH v3 16/16] LSM: Blob sharing support for S.A.R.A and LandLock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]