3.2-rc1 rebase review

Tim Gardner tim.gardner at canonical.com
Thu Nov 10 03:14:59 UTC 2011


On 11/09/2011 04:43 PM, Kees Cook wrote:
> On Wed, Nov 9, 2011 at 1:46 PM, Tetsuo Handa
> <from-ubuntu at i-love.sakura.ne.jp>  wrote:
>> passing security=yama and passing security=none generates the same result
>> because capability hooks are no-op.
>>
>> I'm suggesting that we can remove
>>
>>   security_ops->ptrace_access_check == yama_ptrace_access_check
>>   security_ops->path_link == yama_path_link
>>   security_ops->inode_follow_link == yama_inode_follow_link
>>   security_ops->task_prctl == yama_task_prctl
>>   security_ops->task_free == yama_task_free
>>
>> checks by removing
>>
>>   register_security(&yama_ops)
>>   security_module_enable(&yama_ops)
>>
>> calls.
>
> Okay, I see what you mean now. It's skipping the register_security()
> part that hadn't sunk in. :)
>
> Tim, Leann, do you want me to provide a pull request with a revert and
> new patch, or just send a patch with the changes?
>
> -Kees
>

Kees - I'd like whatever we carry to look as close as possible to what 
is eventually accepted upstream. We are free to rebase Precise (and 
rewrite branch history) for awhile yet.

rtg
-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list