Re: Possible system call interface for LSM

• Previous message: James Morris: "Re: Support for IPSOs"
• In reply to: richard offer: "Re: Possible system call interface for LSM"
• Next in thread: David Wagner: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 9 Aug 2001, richard offer wrote:

> Its only common for those policies like SELinux that use system call
> interposition. How common is this method ? I don't know.

Just to clarify, it isn't precisely system call interposition -
we aren't interposing on the existing system calls, but we
are re-using the implementations of those calls to implement
new system calls with enhanced functionality for security-aware
applications.  Providing calls like stat_secure, mkdir_secure,
execve_secure, ... allows for applications to be easily changed
to explicitly specify security labels when desired (although
default behaviors are defined when the ordinary calls are used,
naturally).

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private





_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: Possible system call interface for LSM"
• Previous message: James Morris: "Re: Support for IPSOs"
• In reply to: richard offer: "Re: Possible system call interface for LSM"
• Next in thread: David Wagner: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 05:39:48 PDT