Re: Problems with some of the current hooks

From: Stephen Smalley (sdsat_private)
Date: Tue Aug 07 2001 - 05:30:13 PDT

  • Next message: Stephen Smalley: "Re: Port of secure fd handling to LSM"

    On Mon, 6 Aug 2001, richard offer wrote:
    > The last time I checked (which was some time I ago, I admit), your
    > application changes still assumed that you were running SELinux (that's not
    > bad, currently my application audit changes assume that you have a kernel
    > with audit system calls implemented). But this will have to change.
    Well, actually, our application changes are set up to test whether
    SELinux is running, and if not, then to fall back to ordinary Unix
    > What I'm talking about is providing support for applications that is truely
    > policy independent, forking applications is just as bad as forking the
    > kernel.
    Ah, but the point of SELinux is that it is policy-independent.  So
    the new system calls provided by SELinux aren't tied to any
    particular security policy model, but can support many different
    kinds of models.  But I understand what you are saying - with LSM,
    we want an even more generic API.  As I said, that would be
    interesting, but probably needs to wait a little.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 05:32:32 PDT