Re: Problems with some of the current hooks

From: richard offer (offerat_private)
Date: Mon Aug 06 2001 - 15:22:09 PDT

  • Next message: richard offer: "Port of secure fd handling to LSM"

    * frm sdsat_private "08/06/01 09:43:14 -0400" | sed '1,$s/^/* /'
    * SELinux is concerned with application issues, and we've tried to
    * provide policy-flexible extended APIs in SELinux.  Creating
    * a set of even more general APIs for LSM security modules would
    * be interesting, but probably needs to wait a little bit.
    The last time I checked (which was some time I ago, I admit), your
    application changes still assumed that you were running SELinux (that's not
    bad, currently my application audit changes assume that you have a kernel
    with audit system calls implemented). But this will have to change.
    What I'm talking about is providing support for applications that is truely
    policy independent, forking applications is just as bad as forking the
    If its going to be useful it would have to work with Poligraph as well as
    We can talk more about this next week.
    * Stephen D. Smalley, NAI Labs
    * ssmalleyat_private
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 15:23:41 PDT