On Tue, 2003-04-15 at 12:58, richard offer wrote: > I see modules as empheral, but attritbutes as permanant. If I'm running one > LSM module, I reboot and use a different LSM module, what happens to the > attributes that the first module added to the file ? I'm not going to switch between a SELinux "module" and a non-SELinux "module" or vice versa without relabeling the filesystem to an appropriate initial state of security labels that is meaningful to the "module" I want to use. I also wouldn't be performing such switching at all on any real systems. > Either we should guarantee that modules only touch attributes they know > about---ignoring all others (but not overwriting them), or we have separate > namespaces for each module's attributes. A security module can sanity check the first few bytes of the attribute value if it desires, and handle a mismatch as it desires. That is a policy issue and up to the module writer. You also need to consider the implications for userspace of using a separate attribute name for each security module. Do you really want to maintain your own patches for all of the utilities to let users get and set file security labels using your attribute name? Note that we can add or remove security attributes to/from the SELinux security context without requiring changes to our patches for the utilities; the utility patches don't have to be tied to a specific security model. -- Stephen Smalley <sdsat_private> National Security Agency _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 11:20:01 PDT