gii wrote: > I'm working on a security module that uses the LSM patch but > I'm new to this kind of stuff and I'd like to have some precious info > from you all. ;-) I've read all I could find on the principles of LSM > but I haven't found any detailed description. Do you plan on producing > more documentation (at least, more detailed one) on LSM? Assuming that you've read all the existing documentation <http://lsm.immunix.org/lsm_doc.html>, the next most detailed source of info would be the source code for various existing modules <http://lsm.immunix.org/lsm_modules.html>. Note that the code changes fast, and the documentation lags behind. It is not cost-effective to keep the documentation completely current with the souce, so the documentation is due for a massive update when the code stops changing, i.e. around the time that Linux 2.5 becomes 2.6. > When do you plan on integrating all the hooks in the kernel (any dates)? > Do you plan on integrating LSM gradually or all at once? That is a continuous process. Many of the hooks are already in Linus's Linux 2.5 source tree, while some critical hooks are yet to be accepted, and are still on-going. Changes are required before they will be accepted. > The security module we are working on uses the sys_security call to > implement new system calls to communicate with our module. Do you plan > of getting rid of this (I think it doesn't appear in the 2.5.59 patch) > and if so, what other means of communication are possible? The sys_security syscall was rejected by the Linux kernel maintainers, and is not likely to be present in LSM when it appears in Linux 2.6. You will need to find other means to communicate between your module and your module-aware user-level applications. The recommended method is to "make a file system." I don't know whether any of the sample modules <http://lsm.immunix.org/lsm_modules.html> yet include code that does that. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
This archive was generated by hypermail 2b30 : Sun Feb 02 2003 - 14:51:24 PST