On Tue, 13 Aug 2002, lists brk wrote: > > >From the docs I understand that "LSM allows modules to > mediate access to kernel objects by placing hooks in > the kernel code just ahead of the access", and as a > part of the IPv4 networking hooks Netfilter API is > used for intercepting packets as they traverse the IP > layer. At each Netfilter hook, LSM hook is called > before and after packets are passed to the Netfilter > framework. > > So what kind of acess control does LSM envision? (what > can preroute_first or preroute_last etc. do?) > These hooks have now been removed from LSM for performance and flexibilty reasons, and security modules must now use Netfilter directly instead. See the SELinux code for an example of this. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 21:22:58 PDT