RE: about LSM in kernel 2.5

From: Ling, Xiaofeng (xiaofeng.lingat_private)
Date: Sun Jun 22 2003 - 22:26:41 PDT

  • Next message: Stephen Smalley: "[RFC][PATCH] Security hook for vm_enough_memory"

    The hook I mean is the call to security_ops->xxxx(), I can not find these codes in pristine kernel.(I read kernel 2.5.70)
    These codes is added in additional LSM patch. 
    like  in sys_reboot:
    if(retval) {
    	return retval;
    I'm not very clear about the relationship between the code already in pristine kernel and the additional LSM patch.
    For my understanding, the pristine kernel part is the framework, and the additional patch is some real policy module,
    The definition for security framework shall include the hook API and call position for these API. but why the call to 
    the hooks is not in the pristine kernel? 
    > -----Original Message-----
    > From: Greg KH [mailto:gregat_private]
    > Sent: Monday, June 23, 2003 11:53 AM
    > To: Ling, Xiaofeng
    > Cc: linux-security-moduleat_private
    > Subject: Re: about LSM in kernel 2.5
    > On Mon, Jun 23, 2003 at 11:27:17AM +0800, Ling, Xiaofeng wrote:
    > > Hi,
    > >     I have read the code about LSM in kernel 2.5, It seems 
    > there is no any hook being 
    > > added in kernel source,  does it mean if anyone want to 
    > implement a secuirty module,
    > > he/she must add these hooks by themself? 
    > No, LSM is already in the kernel, along with the hooks.  You can
    > implement a security module today without having to add any hooks, see
    > the example root_plug security module for such an example.
    > Hope this helps,
    > greg k-h
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Sun Jun 22 2003 - 22:27:15 PDT