Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751733AbbEGUgt (ORCPT ); Thu, 7 May 2015 16:36:49 -0400 Received: from smtp101.biz.mail.bf1.yahoo.com ([98.139.221.60]:21580 "EHLO smtp101.biz.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751040AbbEGUgr (ORCPT ); Thu, 7 May 2015 16:36:47 -0400 X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: i5DPVXcVM1lwONKaDzrARsxmtEJ7Y11S8lo8eWi9HjP1MWb Jf0bQ6X3ThhiSanqHGN2slM5vkjK46L_h9BESGugIJhEO3F5z1cx4feHCATe hgtMsN_uBJJZe2bxSwlEymfF1A18DkiNywdVoARh03wOXYtKEDb90qYulkeH MVYCHl1EbANrNFIyoSC1VZcpqIOn4jm8DD.IGA8Rfeng.AEHSTjbx2qYYm5T WnP.wrrnTP75Tt.T.v8oqiAHAd3UOAWKh_yDxHEWhwg8Sf45UGy2caYHZFJq sS6zsxhnv8nxwK56howK47N4O0.LfQ8rIaEuxBbYIJgT4qHIdhgN0G5pn4as RsO_1tnPxCkUeaQ1uNDsOxC7NlmRWgelNFjPRKcwPHL__jrnSmK1Ia2B4v9H rjx.6iY_gcA_Cd6uXYu7ki60HoeVxOLEj3Zaec1W4Fr3.mwm9ZBQQSZ7maSM Ppn6_lPdXjKvUIbjhxo47sfTCOXhcHNGFXG27d1Ile9X.cHWx1a7S6CO4tuk 9tlMXrqvlNSLFCKT88s7MKginT6m.3w-- X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Message-ID: <554BCCDD.9010901@schaufler-ca.com> Date: Thu, 07 May 2015 13:36:45 -0700 From: Casey Schaufler User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Stephen Smalley , Mimi Zohar , Paul Moore CC: James Morris , James Morris , LSM , LKLM , Paul Moore , John Johansen , Tetsuo Handa , Eric Paris , Kees Cook , Casey Schaufler Subject: Re: [PATCH 0/7 v22] LSM: Multiple concurrent LSMs References: <55454539.9020204@schaufler-ca.com> <554B7AF7.7060305@schaufler-ca.com> <1431030143.3928.46.camel@linux.vnet.ibm.com> <554BC9A6.1020907@tycho.nsa.gov> In-Reply-To: <554BC9A6.1020907@tycho.nsa.gov> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1927 Lines: 41 On 5/7/2015 1:23 PM, Stephen Smalley wrote: > On 05/07/2015 04:22 PM, Mimi Zohar wrote: >> On Thu, 2015-05-07 at 14:07 -0400, Paul Moore wrote: >>> On Thu, May 7, 2015 at 10:47 AM, Casey Schaufler wrote: >>>> On 5/7/2015 4:37 AM, James Morris wrote: >>>>> On Sat, 2 May 2015, Casey Schaufler wrote: >>>>> >>>>>> Subject: [PATCH 0/7 v22] LSM: Multiple concurrent LSMs >>>>> Please add all of the Acked-by etc. from the patch review process. >>>> For v21 I had Acks from: >>>> >>>> John Johansen >>>> Tetsuo Handa >>>> Stephen Smalley (after patch 8/7) >>>> Kees Cook >>>> >>>> Would you check out v22 and supply (or not) your Acks? >>>> >>>> Eric, Paul, it would be reassuring if you'd chime in as well. >>> Kubernetes has swallowed Eric whole I'm afraid, I don't think you want >>> to wait on him to review these patches. >>> >>> However, it is a bit ridiculous that I haven't had time to seriously >>> review these patches yet; I promise to take a look and send my >>> comments/ACKs before my head hits the pillow tonight. >> Seems to be working with SELinux, EVM and IMA enabled. I haven't tried >> enabling an additional LSM. Casey, do you have an additional LSM for >> testing? > I've tested SELinux+Yama. The deepest "stack" you can have today is Capability+Yama+YourChoice. You always get Capability, so you really only get to choose if you stack Yama with something else. That's not more depth than you had before, but the special case coding for Capability and Yama is replaced to the general scheme. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/