Re: [PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jul 10, 2022 at 03:10:54PM +0200, theflamefire89@xxxxxxxxx wrote:
> From: James Morris <jmorris@xxxxxxxxx>
> 
> commit dd0859dccbe291cf8179a96390f5c0e45cb9af1d upstream.
> 
> Subsequent patches will add RO hardening to LSM hooks, however, SELinux
> still needs to be able to perform runtime disablement after init to handle
> architectures where init-time disablement via boot parameters is not feasible.
> 
> Introduce a new kernel configuration parameter CONFIG_SECURITY_WRITABLE_HOOKS,
> and a helper macro __lsm_ro_after_init, to handle this case.
> 
> Signed-off-by: James Morris <james.l.morris@xxxxxxxxxx>
> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> Acked-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Signed-off-by: Alexander Grund <git@xxxxxxxxxx>
> ---
>  include/linux/lsm_hooks.h | 7 +++++++
>  security/Kconfig          | 5 +++++
>  security/selinux/Kconfig  | 6 ++++++
>  3 files changed, 18 insertions(+)

What kernel version(s) are you wanting this applied to?

And your email send address does not match your signed-off-by
name/address, so for obvious reasons, we can't take this.

thanks,

greg k-h



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux