On Wed, Oct 30, 2019 at 11:29 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 10/30/19 9:16 AM, Stephen Smalley wrote: > > Add SELinux access control hooks for lockdown integrity and > > confidentiality. This effectively mimics the current implementation of > > lockdown (caveat noted below). If lockdown is enabled alongside SELinux, > > then the lockdown access control will take precedence over the SELinux > > lockdown implementation. > > > > Note that this SELinux implementation allows the integrity and > > confidentiality reasons to be controlled independently from one another. > > Thus, in an SELinux policy, one could allow integrity operations while > > blocking confidentiality operations. > > NB This is intended to be the first of a series that will ultimately > lead to finer-grained controls than just integrity and confidentiality, > but wanted to get some feedback on it at this stage. Also anticipate > greater controversy over exposing finer granularity since the lockdown > reasons are free to change at any time, so this would be the baseline > fallback position if finer grained controls are rejected. > > > (original patch authored by an intern who wishes to remain anonymous; > > I am signing off on his behalf) I'm not going to comment on this on-list because IANAL, but it might be best to leave the comment above off of future postings as I think it somewhat confuses the principle behind the sign-off line. I understand you want to give credit where it is due, but without an explicit author's name/email I believe it is safer for you to assume that role. Put another way, the comment above makes me nervous about adding my own sign-off and merging it into the SELinux tree. > > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > > --- > > security/selinux/hooks.c | 22 ++++++++++++++++++++++ > > security/selinux/include/classmap.h | 2 ++ > > 2 files changed, 24 insertions(+) -- paul moore www.paul-moore.com
