[Maverick][GIT PULL] replacement of hacks with Yama
Kees Cook
kees.cook at canonical.com
Wed Jun 30 20:45:56 UTC 2010
Hi Tim,
On Wed, Jun 30, 2010 at 08:12:24AM -0600, Tim Gardner wrote:
> These commits all have '(cherry picked from commit *)' comments in
> the commit log, but as the objects are not from Linus' tree, they
> are not relevant. Can you amend these commit log messages?
Ah, sorry, they're from security-testing-2.6#next:
http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git;a=shortlog;h=refs/heads/next
What is the best way to reference these kinds of cherry picks?
> I've noted a couple of upstream suggestions for your patch set
> inclusion in Morris' tree. Will you be including those so that we
> don't drift from upstream?
Yes, I updated and tested those changes this morning.
> Given that this is an LSM, and LSMs don't stack or chain (I think),
> how is it going to interact with AppArmor ?
The top patch in the pull request takes care of this in an LSM-agnostic way
(i.e. Yama is unconditionally called before whatever the active LSM is):
http://kernel.ubuntu.com/git?p=kees/linux-2.6.git;a=commitdiff;h=9578dd34c5949d41a1237d2ad080bcf438d963e7
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list