Wade Yin asked: > I try to figure out that if I loaded 2 security modules in the > kernel, eg. one is SELinux TE&RBAC security module the other is X > security module, how does the kernel consult the 2 policy modules? To support more than one module arbitrarily, you need a stacking module. I developed one (called "stacker") as a proof-of-principle. You can get the "stacker" module as it exists from: http://www.dwheeler.com/misc/stacker.c However, although I've been monitoring the LSM mailing list, I have _not_ tried to modify "Stacker" to keep it up-to-date, so you'll need to modify it for it to work. I agree with you, there are many cases where stacking makes sense. In particular, I think it'd be helpful to have multiple small modules that store no data - they simply forbid certain suspicious activities. If a module stores no data, then it's often easy to combine with other things. For example, imagine modules that: * Forbid creation of files with certain characters (control chars, leading "-", shell metacharacters like "&"). * Forbid creating/linking of files in ways that create temp file problems (like OWLSM). * Forbid execution of programs not in the root partition. The key thing to making stacking fast is to do funny pointer manipulations so that checking the modules doesn't require grabbing a lock. Once you do that, checking the modules is simply walking a linked list & calling them - not a zero-cost operation, but I expect it won't be bad. However, the only real test is to make it work & do a performance measure, something I've never gotten around to doing. Wade Yin: if you want to take over development of a stacker, be my guest. --- David A. Wheeler dwheelerat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jun 17 2003 - 13:56:19 PDT