3.2-rc1 rebase review
Kees Cook
keescook at chromium.org
Fri Dec 9 03:02:56 UTC 2011
On Wed, Nov 9, 2011 at 7:14 PM, Tim Gardner <tim.gardner at canonical.com> wrote:
> On 11/09/2011 04:43 PM, Kees Cook wrote:
>>
>> On Wed, Nov 9, 2011 at 1:46 PM, Tetsuo Handa
>> <from-ubuntu at i-love.sakura.ne.jp> wrote:
>>>
>>> passing security=yama and passing security=none generates the same result
>>> because capability hooks are no-op.
>>>
>>> I'm suggesting that we can remove
>>>
>>> security_ops->ptrace_access_check == yama_ptrace_access_check
>>> security_ops->path_link == yama_path_link
>>> security_ops->inode_follow_link == yama_inode_follow_link
>>> security_ops->task_prctl == yama_task_prctl
>>> security_ops->task_free == yama_task_free
>>>
>>> checks by removing
>>>
>>> register_security(&yama_ops)
>>> security_module_enable(&yama_ops)
>>>
>>> calls.
>>
>>
>> Okay, I see what you mean now. It's skipping the register_security()
>> part that hadn't sunk in. :)
Tetsuo, does this look okay to you? I incorportated some additional
feedback about #ifdef clutter.
http://git.kernel.org/?p=linux/kernel/git/kees/linux.git;a=commitdiff;h=5f1aaa1e32ae854605000a383f1df8ad2e462643
>> Tim, Leann, do you want me to provide a pull request with a revert and
>> new patch, or just send a patch with the changes?
>
> Kees - I'd like whatever we carry to look as close as possible to what is
> eventually accepted upstream. We are free to rebase Precise (and rewrite
> branch history) for awhile yet.
Okay, cool. I'm waiting on some other feedback before I do this. I
have some rcu changes that might happen as well. Functionally, nothing
has changed, so I'll hold off on a pull request until there's actually
something useful to show. :)
Thanks,
-Kees
--
Kees Cook
ChromeOS Security
More information about the kernel-team
mailing list