On Sun, Sep 7, 2014 at 3:43 AM, Sean Watson <naelphin@gmail.com> wrote:
On 29/07/2014 20:55, Richard Weinberger wrote:
Hi!
I'd like to see the YAMA security LSM enabled on openSUSE kernels. Especially the ptrace() restrictions are very valuable IMHO. Using SECURITY_YAMA_STACKED it can be used in combination with Apparmor.
Or is there a specific reason why it is not enabled on openSUSE?
Thanks, //richard
I think it is disabled is because the stacking part with other LSMs is pretty new. Was it in 13.1's stable version as a non-experimental feature?
There is no LSM stacking support in Linux. SECURITY_YAMA_STACKED enables a few branches to have YAMA stacked with any other LSM. This works and is mainline because YAMA is a rather trivial LSM. See commit: commit c6993e4ac002c92bc75379212e9179c36d4bf7ee Author: Kees Cook <keescook@chromium.org> Date: Tue Sep 4 13:32:13 2012 -0700 security: allow Yama to be unconditionally stacked -- Thanks, //richard -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org