Quantal 3.5.2 Yama conflicts

Kees Cook keescook at chromium.org
Wed Aug 15 19:37:24 UTC 2012


On Wed, Aug 15, 2012 at 12:23 PM, Tim Gardner <tim.gardner at canonical.com> wrote:
> Kees  - rather then me hacking on these 2 patches, would you mind
> refactoring them against linux-next or current upstream ? I suspect you must
> already have them sitting on a branch somewhere ready for upstream
> submission.
>
> UBUNTU: SAUCE: security: unconditionally chain to Yama LSM
> UBUNTU: SAUCE: Yama: add link restrictions
>
> I've dropped these for now in favour of a clean vanilla 3.5.2 stable update.

Yeah, I'm keeping this tree up to date:
http://git.kernel.org/?p=linux/kernel/git/kees/linux.git;a=shortlog;h=refs/heads/yama-extras
(Though it looks like kernel.org is slow to update at the moment.)

They're in a separate tree from the main Yama work because those two
patches will never go upstream. The link restrictions patch is in the
core VFS for 3.6, so that will get dropped. The unconditional chaining
will continue to live outside mainline until there is sensible LSM
composing. Hopefully we'll make progress on that during the up-coming
Linux Security Summit.

-Kees

-- 
Kees Cook
Chrome OS Security




More information about the kernel-team mailing list