* frm sdsat_private "04/15/03 09:41:48 -0400" | sed '1,$s/^/* /' * * * Note that LSM intentionally does not provide any mechanism itself for * sharing the security fields of the kernel data structures. Stacking has * to be handled by the principal security module. I see modules as empheral, but attritbutes as permanant. If I'm running one LSM module, I reboot and use a different LSM module, what happens to the attributes that the first module added to the file ? Either we should guarantee that modules only touch attributes they know about---ignoring all others (but not overwriting them), or we have separate namespaces for each module's attributes. Stacking modules will work with either scheme, but its seems to be that switching policies over a reboot could easily be broken by a scheme that shared a single namespace. * -- * Stephen Smalley <sdsat_private> * National Security Agency richard. -- ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 09:58:48 PDT