On Sun, Jul 10, 2022 at 03:26:45PM +0200, Greg KH wrote:
On Sun, Jul 10, 2022 at 03:10:54PM +0200, theflamefire89@gmail.com wrote:
From: James Morris jmorris@namei.org
commit dd0859dccbe291cf8179a96390f5c0e45cb9af1d upstream.
Subsequent patches will add RO hardening to LSM hooks, however, SELinux still needs to be able to perform runtime disablement after init to handle architectures where init-time disablement via boot parameters is not feasible.
Introduce a new kernel configuration parameter CONFIG_SECURITY_WRITABLE_HOOKS, and a helper macro __lsm_ro_after_init, to handle this case.
Signed-off-by: James Morris james.l.morris@oracle.com Acked-by: Stephen Smalley sds@tycho.nsa.gov Acked-by: Casey Schaufler casey@schaufler-ca.com Acked-by: Kees Cook keescook@chromium.org Signed-off-by: Alexander Grund git@grundis.de
include/linux/lsm_hooks.h | 7 +++++++ security/Kconfig | 5 +++++ security/selinux/Kconfig | 6 ++++++ 3 files changed, 18 insertions(+)
What kernel version(s) are you wanting this applied to?
And your email send address does not match your signed-off-by name/address, so for obvious reasons, we can't take this.
And of course, why is this needed in any stable kernel tree? It isn't fixing a bug, it's adding a new feature. Patch 2/2 also doesn't fix anything, so we need some explaination here. Perhaps do that in your 0/X email that I can't seem to find here?
thanks,
greg k-h