James Morris wrote: > On Wed, 30 Oct 2013, Tetsuo Handa wrote: > > > Hello James. > > > > Is there any remaining issues/questions regarding this patchset? > > I think this patchset is ready to go to linux-security.git#next . > > > > Tetsuo Handa wrote: > > > This patchset is a repost of https://lkml.org/lkml/2013/6/11/258 for fixing > > > two of TOMOYO's long-standing bugs which exists since Linux 2.6.30, and also > > > protects TOMOYO from subjective != objective problem described above. > > > > Not enough discussion on the need to add these LSM hooks back. These LSM hooks are needed for doing per a task_struct tracking. As I said at https://lkml.org/lkml/2013/11/1/206 in the switch_creds() thread, the "calling commit_creds() is prohibited between override_creds() and revert_creds()" is unacceptable barrier for doing per a task_struct tracking. TOMOYO's security context is by nature per a task_struct variable. Therefore, I don't want TOMOYO's security context be disturbed by override_creds(). Although I can emulate security_bprm_aborting_creds() and security_task_alloc() hooks using currently available hooks, reviving security_bprm_aborting_creds() and security_task_alloc() hooks will be the cleanest way for doing per a task_struct tracking. Above will be enough explanation, won't it? > Also, nobody seems to be using Tomoyo. What is your criterion for determining that "somebody seems to be using it"? Depending on your answer, I would say "Nobody seems to be using SELinux". -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
