[Meego-kernel] RFC: initial security patches
zhangwan
wanming.zhang at tieto.com
Sun Dec 19 22:10:48 PST 2010
On 12/20/2010 01:29 PM, Yang Rui Rui wrote:
> On 12/17/2010 07:27 PM, Janne Karhunen wrote:
>> Hey,
>>
>> It seems that we haven't gotten any sane comments on initial security
>> patches on gitorious security tree. Let's try again in form of quilt
>> patches.
> I'm not familiar with the security stuff, but I want to try to test/study it.
>
> Seems the attached patches are all with dos style line breaks.
> Please use unix line breaks, then send them one by one
just
$ sed -i.back -e 's/\r//' dos-file
>> Creds kernel module adds security module for fetching big blob of
>> remote task credentials based on given namespace PID or connected
>> socket file descriptor (note: latter still missing from given patch,
>> will update shortly - newer version of the patch is under testing).
>>
>> Access control wise we enable SMACK and extend it with label assignment
>> on exec, transmuting capability and SCM_PEERSEC remote label fetching.
>> Given patches are on their way to upstream kernel (CC: Casey).
>>
>> Proposed config options to be added into trunk.
>>
>> #
>> # Security options
>> #
>> CONFIG_KEYS=y
>> CONFIG_SECURITY=y
>> CONFIG_SECURITYFS=y
>> CONFIG_SECURITY_NETWORK=y
>> CONFIG_SECURITY_FILE_CAPABILITIES=y
>> CONFIG_CRYPTO=y
>> CONFIG_SECURITY_SMACK=y
>> CONFIG_IP_NF_SECURITY=y
>> CONFIG_IP6_NF_SECURITY=y
>> CONFIG_SECURITY_AEGIS=y
>> CONFIG_SECURITY_AEGIS_CREDS=y
>>
>> + CONFIG_NETLABEL
>>
>> Please comment.
>>
>>
>
--
Thanks& best regards,
Wanming Zhang
---
Software Developer
Tieto Device R&D Chengdu, China
More information about the MeeGo-kernel
mailing list