Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Jun 2017 10:51:18 -0700
From: Christoph Hellwig <>
To: Igor Stoppa <>
	Igor Stoppa <>
Subject: Re: [PATCH 3/3] Make LSM Writable Hooks a command line option

On Tue, Jun 27, 2017 at 08:33:23PM +0300, Igor Stoppa wrote:
> From: Igor Stoppa <>
> This patch shows how it is possible to take advantage of pmalloc:
> instead of using the build-time option __lsm_ro_after_init, to decide if
> it is possible to keep the hooks modifiable, now this becomes a
> boot-time decision, based on the kernel command line.
> This patch relies on:
> "Convert security_hook_heads into explicit array of struct list_head"
> Author: Tetsuo Handa <>
> to break free from the static constraint imposed by the previous
> hardening model, based on __ro_after_init.
> The default value is disabled, unless SE Linux debugging is turned on.

Can we please just force it to be read-only?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.