Hi, On Wed, Jun 30, 2010 at 09:18:32AM +1000, James Morris wrote: > On Mon, 28 Jun 2010, Kees Cook wrote: > > > This adds the Yama Linux Security Module to collect several security > > features (symlink, hardlink, and PTRACE restrictions) that have existed > > in various forms over the years and have been carried outside the mainline > > kernel by other Linux distributions like Openwall and grsecurity. > > > > Signed-off-by: Kees Cook <kees.cook@xxxxxxxxxxxxx> > > There were no further complaints, and we seem to have reached a workable > consensus on the topic. > > It's not clear yet whether existing LSMs will modify their base policies > to incorporate these protections, utilize the Yama code more directly, or > implement some combination of both. I'm hoping we can implement really simple chaining -- nothing fancy. Trying to chain comprehensive LSMs seems like it will always fail, but putting little LSMs in front of big LSMs seems like an easy win. > If you're a user of an existing LSM and want these protections, bug the > developers for a solution :-) > > Applied to > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next Thanks! -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html