Lachlan McIlroy wrote: > The attached patch contains hooks required for a MAC > system to moderate subject-subject control. These hooks > can be used to ensure that only processes with read/write > label dominance can read/write attributes of another > process (ie GID, SID and scheduling parameters). The > patch was generated from the 2.4.6 tree and I will post > a patch against 2.4.7 soon. Could you elaborate a bit more on the design of this patch? While LSM should support MLS label style modules, the MLS label concepts themselves should not be embedded into the LSM interface. From the above description, it is unclear whether the patch is specific to the notions of label dominance, or if it is generic to inspecting security blobs when subjects attempt to read/write attributes of other subjects. Crispin P.S. You appear to be posting from an address that is not subscribed to the LSM mailing list. This is fine, but introduces an arbitrary amount of delay until I get around to approving the post. -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 30 2001 - 00:53:25 PDT