* frm magat_private "08/13/03 00:01:29 +0200" | sed '1,$s/^/* /' * * 2003-08-12, k keltezéssel Stephen Smalley ezt írta: * *> The /proc/pid/attr and xattr APIs already provide a generic way of *> dealing with process and file security attributes, and are part of 2.6. *> The SELinux API is implemented using these interfaces plus an additional *> pseudo filesystem for the security policy API, as that is specific to *> SELinux (but generally suitable for MAC security policies). * * Could the SELinux API be a basis of a generic security module API? * Is it generizable enough? Is it C enough? A pseudo filesystem * might be a good implementation detail, but you cannot call it from an * application program. You need a function call interface to easily * use it. * Any high level generic API must also have some chance of being implementable cross-platform, otherwise all applications will have to fork or the ongoing maintenance of the apps will have to stay with the LSM module producer. If what you want is to develop LSM modules why spend time maintaining apache ? I've argued in the past that a single binary application must also work on a vanilla linux distribution and a LSM system if LSM is ever going to be accepted by the general community. Not everyone agrees with that :-) richard. -- ----------------------------------------------------------------------- Richard Offer Technical Lead, Linux System Software, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 18:10:42 PDT