On 08/09/2014 05:58, Richard Weinberger wrote:
On Sun, Sep 7, 2014 at 3:43 AM, Sean Watson <naelphin@gmail.com> wrote:
On 29/07/2014 20:55, Richard Weinberger wrote:
Hi!
I'd like to see the YAMA security LSM enabled on openSUSE kernels. Especially the ptrace() restrictions are very valuable IMHO. Using SECURITY_YAMA_STACKED it can be used in combination with Apparmor.
Or is there a specific reason why it is not enabled on openSUSE?
Thanks, //richard
I think it is disabled is because the stacking part with other LSMs is pretty new. Was it in 13.1's stable version as a non-experimental feature?
There is no LSM stacking support in Linux. SECURITY_YAMA_STACKED enables a few branches to have YAMA stacked with any other LSM. This works and is mainline because YAMA is a rather trivial LSM.
Would it be possible to have it enabled for the desktop version of the kernel for Factory then? It would help Chrome's sandboxing, so it'd have an immediate benefit. -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org