Re: if loaded 2 security modules how does it work in kernel?

From: Wade Yin (
Date: Fri Jun 13 2003 - 02:57:57 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: if loaded 2 security modules how does it work in kernel?"

    "...A register_security function (in security/security.c) is provided to
    allow a security module to set security_ops to refer to its own hook
    functions, and an unregister_security function is provided to revert
    security_ops to the dummy module hooks. This mechanism is used to set
    the primary security module, which is responsible for making the final
    decision for each hook. LSM also provides a simple mechanism for
    stacking additional security modules with the primary security module.
    It defines register_security and unregister_security hooks in the
    security_operations structure and provides mod_reg_security and
    mod_unreg_security functions that invoke these hooks after performing
    some sanity checking. A security module can call these functions in
    order to stack with other modules. However, the actual details of how
    this stacking is handled are deferred to the module, which can implement
    these hooks in any way it wishes (including always returning an error if
    it does not wish to support stacking). ..."
    Is there any implemntation on how to deal with the stacking modules...?
    > Hi all,
    >    I try to figure out that if I loaded 2 security modules in the
    > kernel, eg. one is SELinux TE&RBAC security module  the other is X
    > security module, how does the kernel consult the 2 policy modules?
    > Both them implemnted the LSM hook functions, the kernel will call the 2
    > hooks ?  how does it do it?
    > Thanks
    > Wade
    > _______________________________________________
    > linux-security-module mailing list
    > linux-security-moduleat_private
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 02:59:26 PDT