Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp24750imm; Thu, 27 Sep 2018 15:15:51 -0700 (PDT) X-Google-Smtp-Source: ACcGV621ceZV8VUg1R6dRK9V7GDFq0LOubmSgadMyRwYOKcWTwHzX2mANaJCJ8IScD/8/JUXpn6U X-Received: by 2002:a17:902:1566:: with SMTP id b35-v6mr13058679plh.135.1538086551691; Thu, 27 Sep 2018 15:15:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538086551; cv=none; d=google.com; s=arc-20160816; b=QPyzvmYrM43EjgLrHpTm0h4lNglFgITuKCEDSnRjkY2VzLS9AzynYjcW5QOTmOUF+2 Hrfav85iL62TMMhJybWloIaAzjlyAJS09ulGaN2aNKi3/vwjhx/bzlbqtPExI9AGSBlv uJ5hseE2/kVWvYmDiwQrbpNx+M6texnd94oBgXI+7+9xd0OuzuIEmkzHXEy32xLkXhSr 2bg8iZXtIIMHjUVEWg42B+xlua4e/rZDbNmBmjKQqM3NsfJYrV19ARgUIWAO1GseurUR Y29esbcrzD4sB7Zoa5v+D3jDRNjUEWniHtaC3Nnz8PWI5850bbXx+usmvNqaMJKerE+C ifIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=T122P+hYFBeJsVvIB9G+bKgImw+gNI7QZD0+E0yFW8s=; b=HOXZgcH7Za3BaxbqqSmSIpRtjBZwu06MXAE3bAYMzVUB6q9kBKqczcYBfB+BgiNcO2 87JU54KlDATP77m6fi1ckwqDObB2ZT36ICSTUcCaaDyNzuRKsJhils4smz0GZY6u9ej2 nNKGjbZcNAKoi7Pz5KMq/N5DsdUftuDQkCcFNLlKtyyonu0SLVsK/A+1B+QsLjPtqyOv CsJs7VmAtNLscjbe/6UcvaYJxEww0HM+CSZmwdL1R3rVcYWKk1punnVEYRaXTIsz6+Xj RYJQ2PNL+7i4pGJR+RagGLpW0R2pZKNbcHGxGWOwRj+NMXYVKE4z0O610+/5BS3PVGbQ JTuA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g92-v6si3127984plg.445.2018.09.27.15.15.35; Thu, 27 Sep 2018 15:15:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727683AbeI1EeO (ORCPT + 99 others); Fri, 28 Sep 2018 00:34:14 -0400 Received: from namei.org ([65.99.196.166]:33474 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725972AbeI1EeO (ORCPT ); Fri, 28 Sep 2018 00:34:14 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id w8RMDWQO011504; Thu, 27 Sep 2018 22:13:32 GMT Date: Fri, 28 Sep 2018 08:13:32 +1000 (AEST) From: James Morris To: Casey Schaufler cc: LSM , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= , Salvatore Mesoraca Subject: Re: [PATCH v4 04/19] SELinux: Remove cred security blob poisoning In-Reply-To: <5360cd42-5827-58af-515c-6e1ded1d9154@schaufler-ca.com> Message-ID: References: <5360cd42-5827-58af-515c-6e1ded1d9154@schaufler-ca.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 21 Sep 2018, Casey Schaufler wrote: > The SELinux specific credential poisioning only makes sense > if SELinux is managing the credentials. As the intent of this > patch set is to move the blob management out of the modules > and into the infrastructure, the SELinux specific code has > to go. The poisioning could be introduced into the infrastructure > at some later date. If it's useful, it should be incorporated into core LSM, otherwise that's a regression for SELinux. -- James Morris