Wade Yin wrote: >In Multi policy modules,Maybe we should implement some hooks in a stack >module as a primary module? >if any of the policy modules denied the access, the stack module return >"denied"? > I believe this is what Wheeler's Stacker module does. >About LSM: Maybe we should let it support other security policy, like >audit and others,not only for access control? Maybe you got this plan > That was considered at length, and after much debate, rejected. *Fully* supporting audit requires much more intrusive hooks into the kernel, and it was critical for LSM's success that Linus et al be willign to accept LSM as not too much bother. On the other hand, one can get a 90% audit module to work with the existing LSM hooks, so depending on what your needs are, go right ahead. >already? There is anther project ACL&EA, Mr.Andreas try to save control >info into extended attributes of inode, I thinks that's a nice idea to > The on-disk EA project is orthogonal to LSM. The two projects developed in parallel. We intended LSM to be useful even without EA, but to be able to use EA if it also was accepted into the kernel. When we started LSM in early 2001, it was not clear if or when EA would be accepted by Linus. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 02:31:09 PDT