On Tue, Feb 14, 2017 at 5:15 AM, James Morris <jmorris@xxxxxxxxx> wrote: > Updated and simplified down to two patches. > > Following feedback from the list, I've added a new config option to handle > the case where SELinux still needs to disable its hooks at runtime (and > thus the hooks must be writable in that case). > > I've dropped the Netfilter hooks patch as I realized that the hook ops > list structures could be modified after init by the core NF code. > > The SELinux Netlink message patch has been merged, and Mimi is reviewing > the IMA default policy patch (it's not affected by LSM hook requirements > and can be merged separately). > > --- > > James Morris (2): > security: introduce CONFIG_SECURITY_WRITABLE_HOOKS > security: mark LSM hooks as __ro_after_init Please consider these both: Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees -- Kees Cook Pixel Security _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
