[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-security-module
Subject: Re: Stacker module
From: Crispin Cowan <crispin () immunix ! com>
Date: 2003-06-19 9:30:06
[Download RAW message or body]
Wade Yin wrote:
>In Multi policy modules,Maybe we should implement some hooks in a stack
>module as a primary module?
>if any of the policy modules denied the access, the stack module return
>"denied"?
>
I believe this is what Wheeler's Stacker module does.
>About LSM: Maybe we should let it support other security policy, like
>audit and others,not only for access control? Maybe you got this plan
>
That was considered at length, and after much debate, rejected. *Fully*
supporting audit requires much more intrusive hooks into the kernel, and
it was critical for LSM's success that Linus et al be willign to accept
LSM as not too much bother.
On the other hand, one can get a 90% audit module to work with the
existing LSM hooks, so depending on what your needs are, go right ahead.
>already? There is anther project ACL&EA, Mr.Andreas try to save control
>info into extended attributes of inode, I thinks that's a nice idea to
>
The on-disk EA project is orthogonal to LSM. The two projects developed
in parallel. We intended LSM to be useful even without EA, but to be
able to use EA if it also was accepted into the kernel. When we started
LSM in early 2001, it was not clear if or when EA would be accepted by
Linus.
Crispin
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
Chief Scientist, Immunix http://immunix.com
http://www.immunix.com/shop/
_______________________________________________
linux-security-module mailing list
linux-security-module@mail.wirex.com
http://mail.wirex.com/mailman/listinfo/linux-security-module
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic