well, "...A register_security function (in security/security.c) is provided to allow a security module to set security_ops to refer to its own hook functions, and an unregister_security function is provided to revert security_ops to the dummy module hooks. This mechanism is used to set the primary security module, which is responsible for making the final decision for each hook. LSM also provides a simple mechanism for stacking additional security modules with the primary security module. It defines register_security and unregister_security hooks in the security_operations structure and provides mod_reg_security and mod_unreg_security functions that invoke these hooks after performing some sanity checking. A security module can call these functions in order to stack with other modules. However, the actual details of how this stacking is handled are deferred to the module, which can implement these hooks in any way it wishes (including always returning an error if it does not wish to support stacking). ..." Is there any implemntation on how to deal with the stacking modules...? > Hi all, > > I try to figure out that if I loaded 2 security modules in the > kernel, eg. one is SELinux TE&RBAC security module the other is X > security module, how does the kernel consult the 2 policy modules? > Both them implemnted the LSM hook functions, the kernel will call the 2 > hooks ? how does it do it? > > Thanks > > > Wade > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 02:59:26 PDT