Re: General questions

• Previous message: gii: "General questions"
• In reply to: gii: "General questions"
• Next in thread: Serge E. Hallyn: "Re: General questions"
• Reply: Serge E. Hallyn: "Re: General questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

gii wrote:

>         I'm working on a security module that uses the LSM patch but 
> I'm new to this kind of stuff and I'd like to have some precious info 
> from you all. ;-) I've read all I could find on the principles of LSM 
> but I haven't found any detailed description. Do you plan on producing 
> more documentation (at least, more detailed one) on LSM?

Assuming that you've read all the existing documentation 
<http://lsm.immunix.org/lsm_doc.html>, the next most detailed source of 
info would be the source code for various existing modules 
<http://lsm.immunix.org/lsm_modules.html>. Note that the code changes 
fast, and the documentation lags behind. It is not cost-effective to 
keep the documentation completely current with the souce, so the 
documentation is due for a massive update when the code stops changing, 
i.e. around the time that Linux 2.5 becomes 2.6.

> When do you plan on integrating all the hooks in the kernel (any dates)? 
> Do you plan on integrating LSM gradually or all at once?

That is a continuous process. Many of the hooks are already in Linus's 
Linux 2.5 source tree, while some critical hooks are yet to be accepted, 
and are still on-going. Changes are required before they will be accepted.

> The security module we are working on uses the sys_security call to 
> implement new system calls to communicate with our module. Do you plan 
> of getting rid of this (I think it doesn't appear in the 2.5.59 patch) 
> and if so, what other means of communication are possible?

The sys_security syscall was rejected by the Linux kernel maintainers, 
and is not likely to be present in LSM when it appears in Linux 2.6. You 
will need to find other means to communicate between your module and 
your module-aware user-level applications. The recommended method is to 
"make a file system." I don't know whether any of the sample modules 
<http://lsm.immunix.org/lsm_modules.html> yet include code that does that.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
			    Just say ".Nyet"

• application/pgp-signature attachment: stored

• Next message: Serge E. Hallyn: "Re: General questions"
• Previous message: gii: "General questions"
• In reply to: gii: "General questions"
• Next in thread: Serge E. Hallyn: "Re: General questions"
• Reply: Serge E. Hallyn: "Re: General questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Feb 02 2003 - 14:51:24 PST