Re: Stacking Openwall and SELinux?

From: David Wheeler (dwheelerat_private)
Date: Mon Apr 01 2002 - 13:01:38 PST

  • Next message: Stephen Smalley: "Re: Stacking Openwall and SELinux?"

    I believe that several functions in Openwall don't
    require any additional information in the kernel data structures.
    Would it be possible to split out those capabilities into
    a "partial openwall" module that implements those features?
    I'm thinking about things like the Non-executable stack,
    temp directory limitations, etc.  That way, those functions could
    be added to any system using insmod.
    
     >The dummy and capabilities security modules are easy to stack with
     >SELinux because they do not use the security fields LSM added
     >to the kernel data structures.
    
    > Stacking the SELinux module with any
    > module that does use these fields will require the definition of a
    > common security object header with a module identifier and a link
    > for chaining multiple security objects on a single security field.
    > This has not yet been a priority for us.
    
    
    --- David A. Wheeler
         dwheelerat_private
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 13:07:46 PST