Chris Wright wrote: >At first I looked only at things that allowed you to alter >the state of a kernel object. I'd like to ask for ability to implement not only integrity policies but also confidentiality policies. So: Can we generalize to allow hooks on events that don't alter the state of any object but might allow processes to read the value of some sensitive kernel object? Do you agree this would be useful? (I would need it to implement the Janus policies, for instance.) >If no security module is loaded the >interface has a set of dummy functions (they all immediately return >success). This way we leave the traditional permission checks in tact, >and just add one function call that immediately returns as the overhead >(wherever our hooks are). This seems least intrusive and most likely to >be accepted. Makes sense. The result: A LSM can make the policy more restrictive, but not less so. I can live with that (and quite happily!). _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Apr 20 2001 - 18:33:45 PDT