On Sun, Jul 10, 2022 at 03:26:45PM +0200, Greg KH wrote: > On Sun, Jul 10, 2022 at 03:10:54PM +0200, theflamefire89@xxxxxxxxx wrote: > > From: James Morris <jmorris@xxxxxxxxx> > > > > commit dd0859dccbe291cf8179a96390f5c0e45cb9af1d upstream. > > > > Subsequent patches will add RO hardening to LSM hooks, however, SELinux > > still needs to be able to perform runtime disablement after init to handle > > architectures where init-time disablement via boot parameters is not feasible. > > > > Introduce a new kernel configuration parameter CONFIG_SECURITY_WRITABLE_HOOKS, > > and a helper macro __lsm_ro_after_init, to handle this case. > > > > Signed-off-by: James Morris <james.l.morris@xxxxxxxxxx> > > Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > > Acked-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > > Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> > > Signed-off-by: Alexander Grund <git@xxxxxxxxxx> > > --- > > include/linux/lsm_hooks.h | 7 +++++++ > > security/Kconfig | 5 +++++ > > security/selinux/Kconfig | 6 ++++++ > > 3 files changed, 18 insertions(+) > > What kernel version(s) are you wanting this applied to? > > And your email send address does not match your signed-off-by > name/address, so for obvious reasons, we can't take this. And of course, why is this needed in any stable kernel tree? It isn't fixing a bug, it's adding a new feature. Patch 2/2 also doesn't fix anything, so we need some explaination here. Perhaps do that in your 0/X email that I can't seem to find here? thanks, greg k-h
