[RFC PATCH 2/2] cr: debug security_checkpoint_header and security_may_restart

Casey Schaufler casey at schaufler-ca.com
Tue Sep 8 21:43:36 PDT 2009


Serge E. Hallyn wrote:
> Quoting Casey Schaufler (casey at schaufler-ca.com):
>   
>> Serge E. Hallyn wrote:
>>     
>>> Quoting Casey Schaufler (casey at schaufler-ca.com):
>>>   
>>>       
>>>> Serge E. Hallyn wrote:
>>>>     
>>>>         
>>>>> This patch, for debugging only, introduces a silly admin-controlled
>>>>> 'policy version' for smack.  By default the version is 1.  An
>>>>> admin (with CAP_MAC_ADMIN) can change it by echoing a new value
>>>>> into /smack/version.
>>>>>   
>>>>>       
>>>>>           
>>>> The scheme you have suggested is just one step off of completely
>>>> acceptable for real. More detail below, but if you make the "version"
>>>> a string instead of a number I'm happy with it. In particular, a
>>>> string that would itself be a valid Smack label makes everything
>>>> really simple.
>>>>     
>>>>         
>>> Presumably at many sites the version will be a unique string not
>>> used as a label anywhere else.  That's ok?
>>>
>>>   
>>>       
>>>> It would take me a few days, but if you're not in a real hurry or
>>>> you're lazier than I am (yeah, right) I could provide a patch that
>>>> does it. Or, if I haven't been completely incomprehensible, you
>>>> could do a revision.
>>>>     
>>>>         
>>> Heh, I'm in no hurry.  I'll mark this to do midway next week, if
>>> you haven't gotten around to it first.  Thanks!
>>>   
>>>       
>> I hate to be a bother, but what tree are you basing these patches on?
>> Suspect that I missed a round of patches along the way, and can't apply
>> the ones I do have.
>>     
>
> Sorry, the c/r tree is at:
>
> git://git.ncl.cs.columbia.edu/pub/git/linux-cr.git
>   

The four patches from 08/28 (2-5) and the two from 09/03
are not happy applying to this tree. Am I missing a patch?




More information about the Containers mailing list