Re: Stacking Openwall and SELinux?

Previous message: Stephen Smalley: "Re: Stacking Openwall and SELinux?"
In reply to: Stephen Smalley: "Re: Stacking Openwall and SELinux?"
Next in thread: Stephen Smalley: "Re: Stacking Openwall and SELinux?"
Reply: Stephen Smalley: "Re: Stacking Openwall and SELinux?"
Reply: Seth Arnold: "Re: Stacking Openwall and SELinux?"
Reply: Chris Wright: "Re: Stacking Openwall and SELinux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

dwheelerat_private

I believe that several functions in Openwall don't
require any additional information in the kernel data structures.
Would it be possible to split out those capabilities into
a "partial openwall" module that implements those features?
I'm thinking about things like the Non-executable stack,
temp directory limitations, etc.  That way, those functions could
be added to any system using insmod.

 >The dummy and capabilities security modules are easy to stack with
 >SELinux because they do not use the security fields LSM added
 >to the kernel data structures.

> Stacking the SELinux module with any
> module that does use these fields will require the definition of a
> common security object header with a module identifier and a link
> for chaining multiple security objects on a single security field.
> This has not yet been a priority for us.

--- David A. Wheeler
     dwheelerat_private

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module