Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754528AbdGURhq (ORCPT ); Fri, 21 Jul 2017 13:37:46 -0400 Received: from mail-io0-f178.google.com ([209.85.223.178]:36678 "EHLO mail-io0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753905AbdGURhZ (ORCPT ); Fri, 21 Jul 2017 13:37:25 -0400 MIME-Version: 1.0 In-Reply-To: References: <1500416736-49829-1-git-send-email-keescook@chromium.org> <1500416736-49829-5-git-send-email-keescook@chromium.org> From: Kees Cook Date: Fri, 21 Jul 2017 10:37:24 -0700 X-Google-Sender-Auth: NX86CxgvSpW5o4-YsA50mrvnkuA Message-ID: Subject: Re: [PATCH v3 04/15] selinux: Refactor to remove bprm_secureexec hook To: Paul Moore Cc: Stephen Smalley , Andrew Morton , David Howells , "Eric W. Biederman" , John Johansen , "Serge E. Hallyn" , Casey Schaufler , Tetsuo Handa , James Morris , Andy Lutomirski , Linus Torvalds , "linux-fsdevel@vger.kernel.org" , linux-security-module , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1365 Lines: 30 On Fri, Jul 21, 2017 at 8:40 AM, Paul Moore wrote: > On Thu, Jul 20, 2017 at 4:42 PM, Paul Moore wrote: >> On Thu, Jul 20, 2017 at 1:06 PM, Kees Cook wrote: >>> On Thu, Jul 20, 2017 at 6:42 AM, Paul Moore wrote: >>>> Alternatively, if you've got a fairly recent git repo with all the >>>> patches merged I can build a test kernel and give it a shot for you, >>>> although fair warning it may take a day or two for me to get to it. >>> >>> Hurm, I think this will take quite a bit of time for me to set up. :P >>> If you have a chance, I'd appreciate it if you could test the series. >>> It's currently based on v4.12: >>> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=kspp/setuid-rlimits/secureexec-no-hook >>> >>> If it doesn't work out or takes too much time I can work on setting up >>> the test environment next week (travelling at the moment). >> >> Building a kernel now, in case anyone on Fedora wants to play with it, >> you can find it here (when it finishes): >> >> * https://copr.fedorainfracloud.org/coprs/pcmoore/kernel-testing/build/581947 > > Quick follow up, the kernel above passes the selinux-testsuite atsecure test. Awesome, thanks for taking the time to test it. :) Can I add your Tested-by? -Kees -- Kees Cook Pixel Security