Re: Basic questions about LSM architecture.

From: Chris Wright (chrisat_private)
Date: Mon Nov 26 2001 - 09:29:19 PST

  • Next message: Stephen Smalley: "Re: Basic questions about LSM architecture."

    * rhys tucker (rhystuckerat_private) wrote:
    > >On Sun, Nov 25, 2001 at 03:36:37PM +0000, rhys tucker wrote:
    > >>
    > >> Does the 'Primary Security Module' refer to a particular and specialised
    > >> security module or simply to the first security module to be loaded?
    > >
    > 25/11/2001 17:24:10, Greg KH <gregat_private> wrote:
    > >I don't see where the term "Primary Security Module" is used in the
    > >documentation.  Could you point it out to me?
    > >
    > >
    > This is from a document by Smalley, Fraser and Vance at
    > http://lists.jammed.com/linux-security-module/2001/09/0190.html
    > The document reads (/\<.*?\>//g)
    > "The global security_ops table is initialized to a set of hook
    > functions provided by a dummy security module that provides
    > traditional superuser logic.  A  register_security
    > function (in security/security.c) is provided to
    > allow a security module to set security_ops to refer to its own hook
    > functions, and an unregister_security function is
    > provided to revert security_ops to the dummy module hooks.  This
    > mechanism is used to set the primary security module, which is
    > responsible for making the final decision for each hook."
    
    this terminology simply refers to the order of loading LSMs when you
    intend to stack multiple modules.  the first loaded sets the global
    security_ops table.  subsequent modules actually register with the
    primary, first loaded, module.
    
    cheers,
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Nov 26 2001 - 09:37:32 PST