[Meego-kernel] RFC: initial security patches
Yang Rui Rui
ruirui.r.yang at tieto.com
Sun Dec 19 22:23:33 PST 2010
On 12/20/2010 02:10 PM, zhangwan wrote:
> On 12/20/2010 01:29 PM, Yang Rui Rui wrote:
>> On 12/17/2010 07:27 PM, Janne Karhunen wrote:
>>> It seems that we haven't gotten any sane comments on initial security
>>> patches on gitorious security tree. Let's try again in form of quilt
>> I'm not familiar with the security stuff, but I want to try to test/study it.
>> Seems the attached patches are all with dos style line breaks.
>> Please use unix line breaks, then send them one by one
> $ sed -i.back -e 's/\r//' dos-file
manually convert works, but patches submitted for review should be right formatted firstly.
>>> Creds kernel module adds security module for fetching big blob of
>>> remote task credentials based on given namespace PID or connected
>>> socket file descriptor (note: latter still missing from given patch,
>>> will update shortly - newer version of the patch is under testing).
>>> Access control wise we enable SMACK and extend it with label assignment
>>> on exec, transmuting capability and SCM_PEERSEC remote label fetching.
>>> Given patches are on their way to upstream kernel (CC: Casey).
>>> Proposed config options to be added into trunk.
>>> # Security options
>>> + CONFIG_NETLABEL
>>> Please comment.
More information about the MeeGo-kernel