tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: secmodel_{,de}register()
On Mon, Apr 20, 2009 at 5:20 AM, Antti Kantee <pooka%cs.hut.fi@localhost> wrote:
> What are you trying to protect against? bugs? Sounds like quite a
> radical bug.
Ideally, trying to protect against malicious kernel code degrading the
security of the system, but I guess we're not there yet (google for
KERNSEAL).
> Why not just register an unremovable allow-all secmodel and get rid
> of special case nsecmodels==0 completely (or is it necessary for
> bootstrapping)?
Because it doesn't solve the problem I really care about.
Anyway, I was just putting it out there, but the more I think of it the
more I realize it's not something we should care about at this point.
Sorry for the noise,
-e.
Home |
Main Index |
Thread Index |
Old Index