| Message ID | 161609713992.55424.6906498317563652734.stgit@olly (mailing list archive) |
|---|---|
| Headers | show |
| Series | Split security_task_getsecid() into subj and obj variants | expand |
On Thu, Mar 18, 2021 at 4:42 PM Paul Moore <paul@paul-moore.com> wrote: > > An update on the previous RFC patchset found here: > > https://lore.kernel.org/linux-security-module/161377712068.87807.12246856567527156637.stgit@sifl/ > > Aside from being rebased to the current SELinux next branch (which > in turn is based on v5.12-rc2), this revision changes the binder > related code to always use the objective credentials as discussed > in the thread above. I've also dropped the AppArmor patch as John > has a better version in progress; in the meantime AppArmor should > continue to work exactly as it did before this patchset so there > is no harm in merging this without the AppArmor patch. > > Casey, John, and Richard; I dropped your ACKs, Reviewed-by, etc. > tags as the binder changes seemed substantial enough to not > carryover your tags. I would appreciate it if you could re-review > this revision; the changes should be minimal. I did leave Mimi's > tag on this revision as she qualified it for IMA and that code > didn't change. > > --- > > Paul Moore (3): > lsm: separate security_task_getsecid() into subjective and objective variants > selinux: clarify task subjective and objective credentials > smack: differentiate between subjective and objective task credentials > > > security/selinux/hooks.c | 112 ++++++++++++++++++++++++------------- > security/smack/smack.h | 18 +++++- > security/smack/smack_lsm.c | 40 ++++++++----- > 3 files changed, 117 insertions(+), 53 deletions(-) All three patches have been merged into selinux/next, thanks for the help/review everyone!
An update on the previous RFC patchset found here: https://lore.kernel.org/linux-security-module/161377712068.87807.12246856567527156637.stgit@sifl/ Aside from being rebased to the current SELinux next branch (which in turn is based on v5.12-rc2), this revision changes the binder related code to always use the objective credentials as discussed in the thread above. I've also dropped the AppArmor patch as John has a better version in progress; in the meantime AppArmor should continue to work exactly as it did before this patchset so there is no harm in merging this without the AppArmor patch. Casey, John, and Richard; I dropped your ACKs, Reviewed-by, etc. tags as the binder changes seemed substantial enough to not carryover your tags. I would appreciate it if you could re-review this revision; the changes should be minimal. I did leave Mimi's tag on this revision as she qualified it for IMA and that code didn't change. --- Paul Moore (3): lsm: separate security_task_getsecid() into subjective and objective variants selinux: clarify task subjective and objective credentials smack: differentiate between subjective and objective task credentials security/selinux/hooks.c | 112 ++++++++++++++++++++++++------------- security/smack/smack.h | 18 +++++- security/smack/smack_lsm.c | 40 ++++++++----- 3 files changed, 117 insertions(+), 53 deletions(-)