On Mon, 1 Apr 2002, David Wheeler wrote: > Can OWLSM (openwall for LSM) and/or LIDS > be stacked with SELinux? In particular, it seems like > Openwall would be useful to stack with SELinux. Returning to this topic, the attached patch to the SELinux module enables the use of owlsm as a secondary security module as long as CONFIG_OWLSM_FD is disabled. If CONFIG_OWLSM_FD is accidentally enabled, then the SELinux module detects the (mis)use of the binprm security field by the secondary module and unregisters it with a warning to avoid subsequent conflicts. This patch enables the use of selinux+owlsm with either the rlimit nproc check or the link protections. However, as I noted earlier, in order to provide selinux+owlsm+capabilities, you would need to revise the owlsm module itself, since it currently hardcodes the traditional superuser logic. -- Stephen D. Smalley, NAI Labs ssmalleyat_private
This archive was generated by hypermail 2b30 : Wed Apr 10 2002 - 07:26:48 PDT