* rhys tucker (rhystuckerat_private) wrote: > >On Sun, Nov 25, 2001 at 03:36:37PM +0000, rhys tucker wrote: > >> > >> Does the 'Primary Security Module' refer to a particular and specialised > >> security module or simply to the first security module to be loaded? > > > 25/11/2001 17:24:10, Greg KH <gregat_private> wrote: > >I don't see where the term "Primary Security Module" is used in the > >documentation. Could you point it out to me? > > > > > This is from a document by Smalley, Fraser and Vance at > http://lists.jammed.com/linux-security-module/2001/09/0190.html > The document reads (/\<.*?\>//g) > "The global security_ops table is initialized to a set of hook > functions provided by a dummy security module that provides > traditional superuser logic. A register_security > function (in security/security.c) is provided to > allow a security module to set security_ops to refer to its own hook > functions, and an unregister_security function is > provided to revert security_ops to the dummy module hooks. This > mechanism is used to set the primary security module, which is > responsible for making the final decision for each hook." this terminology simply refers to the order of loading LSMs when you intend to stack multiple modules. the first loaded sets the global security_ops table. subsequent modules actually register with the primary, first loaded, module. cheers, -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Nov 26 2001 - 09:37:32 PST