[Meego-kernel] RFC: initial security patches
Yang Rui Rui
ruirui.r.yang at tieto.com
Sun Dec 19 22:23:33 PST 2010
On 12/20/2010 02:10 PM, zhangwan wrote:
> On 12/20/2010 01:29 PM, Yang Rui Rui wrote:
>> On 12/17/2010 07:27 PM, Janne Karhunen wrote:
>>> Hey,
>>>
>>> It seems that we haven't gotten any sane comments on initial security
>>> patches on gitorious security tree. Let's try again in form of quilt
>>> patches.
>> I'm not familiar with the security stuff, but I want to try to test/study it.
>>
>> Seems the attached patches are all with dos style line breaks.
>> Please use unix line breaks, then send them one by one
> just
> $ sed -i.back -e 's/\r//' dos-file
manually convert works, but patches submitted for review should be right formatted firstly.
>>> Creds kernel module adds security module for fetching big blob of
>>> remote task credentials based on given namespace PID or connected
>>> socket file descriptor (note: latter still missing from given patch,
>>> will update shortly - newer version of the patch is under testing).
>>>
>>> Access control wise we enable SMACK and extend it with label assignment
>>> on exec, transmuting capability and SCM_PEERSEC remote label fetching.
>>> Given patches are on their way to upstream kernel (CC: Casey).
>>>
>>> Proposed config options to be added into trunk.
>>>
>>> #
>>> # Security options
>>> #
>>> CONFIG_KEYS=y
>>> CONFIG_SECURITY=y
>>> CONFIG_SECURITYFS=y
>>> CONFIG_SECURITY_NETWORK=y
>>> CONFIG_SECURITY_FILE_CAPABILITIES=y
>>> CONFIG_CRYPTO=y
>>> CONFIG_SECURITY_SMACK=y
>>> CONFIG_IP_NF_SECURITY=y
>>> CONFIG_IP6_NF_SECURITY=y
>>> CONFIG_SECURITY_AEGIS=y
>>> CONFIG_SECURITY_AEGIS_CREDS=y
>>>
>>> + CONFIG_NETLABEL
>>>
>>> Please comment.
>>>
>>>
>>
>
>
--
Thanks
Yang Ruirui
More information about the MeeGo-kernel
mailing list