On Tue, Jan 25, 2022 at 12:09 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 1/25/2022 7:56 AM, Vivek Goyal wrote: > > On Tue, Jan 25, 2022 at 07:32:19AM -0500, Jeff Layton wrote: > >> On Tue, 2022-01-25 at 13:12 +0100, Christian Brauner wrote: > >>> On Tue, Jan 25, 2022 at 06:25:39AM -0500, Jeff Layton wrote: > >>>> On Tue, 2022-01-25 at 12:13 +0100, Christian Brauner wrote: > >>>>> On Tue, Jan 25, 2022 at 05:54:57AM -0500, Jeff Layton wrote: > >>>>>> On Mon, 2022-01-24 at 21:45 -0500, Paul Moore wrote: > >>>>>>> On Mon, Jan 24, 2022 at 8:51 PM Stephen Muth <smuth4@xxxxxxxxx> wrote: ... > Joining the conversation late. Wish someone had brought me > in sooner. For some reason I thought the LSM list was on the To/CC line, my mistake (fixed now). Thanks to everyone for all of the further discussion, review on this; I plucked the original post out of my spam folder as I was shutting down for the night yesterday and only gave it a quick look. > > Looks like dentry_init_security() can't handle multiple LSMs. We probably > > should disallow all other LSMs to register a hook for this and only > > allow SELinux to register a hook. > > Not acceptable. The fix to dentry_init_security() is easy. Sounds good to me, Vivek did you want to put together a patch for this? If not, let me know and I'll put one together. -- paul-moore.com
