On Mon, 16 Sep 2002 17:08, Tim Bird wrote: > I've looked around at various projects, but don't see > anything that directly addresses intra-machine > assured channel IPCs. I know that the MAC capabilities > provided by LSM let me constrain access to things like > /dev/mem, and to operations performed on pipes sockets. > But would LSM hooks allow one process to > authenticate another process at the other end of a > standard IPC like a pipe or a shared memory segment? SE Linux (which is based on LSM) restricts access to shared memory regions, unix domain sockets, pipes, etc. In SE Linux there are system calls to determine who is connecting to you by a Unix domain socket and work is in progress on extending the same functionality to TCP sockets over the network. It seems that SE Linux does everything you want. Or am I misunderstanding your question? -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 16 2002 - 14:20:32 PDT