On Thu, Jun 17, 2010 at 02:06:30PM -0700, Randy Dunlap wrote: > On Thu, 17 Jun 2010 21:53:49 +0100 Alan Cox wrote: > > > > > SELinux users would not need the other LSM, and stacking is thus not > > > > required. > > > > > > But if a user wants to disable ptrace using the SELinux LSM and then > > > also disable sticky-symlinks via the ItsHideous LSM, they're out of luck. > > > > Thats a nonsensical configuration so we don't care. If you are using > > SELinux you just do it via SELinux. If you are doing it via > > UbuntuHasToBeDifferent then you do it via that. > > > Well, surely there are people who use something other than Ubuntu > and also care about not using SELinux... eh? And for them, it certainly seems like a good idea to be able to turn off PTRACE without having to fiddle with an LSM. -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
