[PATCH 0/5][TRUSTY][MAKO] Yama: Backport ptrace and link restriction features
Tyler Hicks
tyhicks at canonical.com
Wed Feb 5 23:19:56 UTC 2014
The Touch kernels are missing a couple Yama features. These patches backport
ptrace scopes and link restrictions. Additionally, the stacking patch is
backported to enable stacking of Yama and a traditional LSM.
I forward ported the link restrictions patch from Quantal. The upstream link
restrictions feature was rewritten to be contained in the VFS but it would have
been more difficult to port.
I've applied these patches to the 3.4.0-3.21 mako kernel, while running
system-image 161, and verified that the unity8 autopilot tests, webbrowser_app
autopilot tests, calendar_app click tests, ubuntu_clock_app click tests, and
QRT test-kernel-security.py tests have the same results with and without the
Yama patches. The unity8 and test-kernel-security.py tests each have one
failure that exist without the Yama enabled kernel.
Tyler
More information about the kernel-team
mailing list