Submitting LSM to the kernel developers

From: Stephen Smalley (sdsat_private)
Date: Wed Aug 22 2001 - 07:48:23 PDT

  • Next message: David Wheeler: "Re: syscall convention"

    One other topic that we didn't really discuss at the Usenix Security
    BOF was the when and how of submitting the LSM kernel patch to the
    kernel developers for initial consideration.  At present, the most
    critical tasks I know of that should probably precede the initial
    submission are:
    
    1) Resolve the authoritative hooks issue.
    2) Resolve the syscall interface issue.
    3) Add hooks to the Unix domain socket code to allow control
    over socket IPC using the abstract namespace (currently
    under investigation here).  See my explanation of the issue from 
    http://mail.wirex.com/pipermail/linux-security-module/2001-August/001665.html.
    4) Measure the performance overhead of LSM and LSM+capabilities
    relative to the unmodified Linux kernel.
    5) Write up a little documentation about LSM as a whole and
    about the individual hooks (explain the origins and rationale
    for LSM as a whole; explain the rationale for each hook;
    explain the idea behind the capabilities module, its
    current state, and its possibilities for future work,
    e.g. that we could even move the capability bits themselves
    out of the base kernel, but didn't in the initial version
    to more easily support composing with the capabilities plug).
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 07:49:50 PDT