On Sun, Sep 7, 2014 at 3:43 AM, Sean Watson
On 29/07/2014 20:55, Richard Weinberger wrote:
Hi!
I'd like to see the YAMA security LSM enabled on openSUSE kernels. Especially the ptrace() restrictions are very valuable IMHO. Using SECURITY_YAMA_STACKED it can be used in combination with Apparmor.
Or is there a specific reason why it is not enabled on openSUSE?
Thanks, //richard
I think it is disabled is because the stacking part with other LSMs is pretty new. Was it in 13.1's stable version as a non-experimental feature?
There is no LSM stacking support in Linux.
SECURITY_YAMA_STACKED enables a few branches to have YAMA stacked with
any other LSM. This works and is mainline because YAMA is a rather trivial LSM.
See commit:
commit c6993e4ac002c92bc75379212e9179c36d4bf7ee
Author: Kees Cook