On Tue, Aug 14, 2018 at 4:50 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 8/14/2018 4:22 PM, Jordan Glover wrote: >> On August 14, 2018 8:28 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >> >>> >>>>> The blob management part (through "LSM: Sharing of security blobs") >>>>> is ready for prime-time. These changes move the management of >>>>> security blobs out of the security modules and into the security >>>>> module infrastructure. With this change the proposed S.A.R.A, >>>>> LandLock and PTAGS security modules could co-exist with any of >>>>> the existing "major" security modules. The changes reduce some >>>>> code duplication. >>>>> Beyond the blob management there's a bit of clean-up. >>>>> Mounting filesystems had to be changed so that options >>>>> a security module doesn't recognize won't be considered >>>>> a fatal error. The mount infrastructure is somewhat >>>>> more complex than one might assume. >>>> Casey, >>>> Do you think you can break out 1 into its own patch? It seems like >>>> that'd be valuable to everyone. >>> Yes, I think that is a good idea. Landlock, S.A.R.A. and a couple >>> other security modules could be added upstream if this part of the >>> work was available. It would not provide everything needed to stack >>> all the existing modules. I believe there is concern that if this >>> much went upstream the work on finishing what's required to make >>> everything work might be abandoned. >>> >> On the other hand there is concern that those security modules might >> be abandoned if they have to wait until everything is finished :) > > There is some truth to that. If we can get commitment from the developers > of those security module to push for getting upstream, a statement of > intent to support additional modules (e.g. Landlock, S.A.R.A.) from a > significant distribution (e.g. Fedora, Ubuntu, SuSE) and ACKs from the > maintainers of the existing modules we should be able to breeze right in. > > Yeah, I think that's about all it would take. I would strongly recommend Landlock and SARA for every distro. They're opt-in, and provide much-needed missing userspace defenses (and attack surface reduction). -Kees -- Kees Cook Pixel Security _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
