Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
- Subject: Re: [PATCH v18 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
- From: James Morris <jmorris@xxxxxxxxx>
- Date: Fri, 13 Apr 2012 14:34:00 +1000 (EST)
- Cc: Will Drewry <wad@xxxxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, linux-man@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, linux-arch@xxxxxxxxxxxxxxx, linux-doc@xxxxxxxxxxxxxxx, kernel-hardening@xxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, x86@xxxxxxxxxx, arnd@xxxxxxxx, "David S. Miller" <davem@xxxxxxxxxxxxx>, hpa@xxxxxxxxx, mingo@xxxxxxxxxx, Oleg Nesterov <oleg@xxxxxxxxxx>, peterz@xxxxxxxxxxxxx, rdunlap@xxxxxxxxxxxx, mcgrathr@xxxxxxxxxxxx, tglx@xxxxxxxxxxxxx, Eric Paris <eparis@xxxxxxxxxx>, Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>, djm@xxxxxxxxxxx, scarybeasts@xxxxxxxxx, indan@xxxxxx, pmoore@xxxxxxxxxx, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, eric.dumazet@xxxxxxxxx, markus@xxxxxxxxxxxx, coreyb@xxxxxxxxxxxxxxxxxx, Kees Cook <keescook@xxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, Stephen Smalley <sds@xxxxxxxxxxxxx>
- In-reply-to: <CAObL_7ER32AesD6bHk591ss0hTFmp0bjVOKV9oEdhiFwCEVOBA@mail.gmail.com>
- List-id: <linux-security-module.vger.kernel.org>
- User-agent: Alpine 2.02 (LRH 1266 2009-07-14)
On Thu, 12 Apr 2012, Andrew Lutomirski wrote:
> > What about dynamic transitions in SELinux ?
> >
>
> What's a dynamic transition?
The security label can be changed without an exec:
See selinux_setprocattr(), for "current".
- James
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Fedora Maintainers]
[Fedora Desktop]
[Fedora SELinux]
[Yosemite News]
[Yosemite Photos]
[KDE Users]
[Fedora Tools]
