On Thu, Jan 14, 2021 at 2:47 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Tue, Jan 12, 2021 at 12:15 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > > > On Fri, Jan 8, 2021 at 5:22 PM Lokesh Gidra <lokeshgidra@xxxxxxxxxx> wrote: > > > > > > Userfaultfd in unprivileged contexts could be potentially very > > > useful. We'd like to harden userfaultfd to make such unprivileged use > > > less risky. This patch series allows SELinux to manage userfaultfd > > > file descriptors and in the future, other kinds of > > > anonymous-inode-based file descriptor. > > > > ... > > > > > Daniel Colascione (3): > > > fs: add LSM-supporting anon-inode interface > > > selinux: teach SELinux about anonymous inodes > > > userfaultfd: use secure anon inodes for userfaultfd > > > > > > Lokesh Gidra (1): > > > security: add inode_init_security_anon() LSM hook > > > > > > fs/anon_inodes.c | 150 ++++++++++++++++++++-------- > > > fs/libfs.c | 5 - > > > fs/userfaultfd.c | 19 ++-- > > > include/linux/anon_inodes.h | 5 + > > > include/linux/lsm_hook_defs.h | 2 + > > > include/linux/lsm_hooks.h | 9 ++ > > > include/linux/security.h | 10 ++ > > > security/security.c | 8 ++ > > > security/selinux/hooks.c | 57 +++++++++++ > > > security/selinux/include/classmap.h | 2 + > > > 10 files changed, 213 insertions(+), 54 deletions(-) > > > > With several rounds of reviews done and the corresponding SELinux test > > suite looking close to being ready I think it makes sense to merge > > this via the SELinux tree. VFS folks, if you have any comments or > > objections please let me know soon. If I don't hear anything within > > the next day or two I'll go ahead and merge this for linux-next. > > With no comments over the last two days I merged the patchset into > selinux/next. Thanks for all your work and patience on this Lokesh. > Thanks so much. > Also, it looks like you are very close to getting the associated > SELinux test suite additions merged, please continue to work with > Ondrej to get those merged soon. > Certainly! I'm waiting for his reviews for the latest patch. > -- > paul moore > www.paul-moore.com
