Re: User space API definition?

• Previous message: ntvitwnlekiyat_private: "Debt stopping you from getting ahead? Read NOW"
• In reply to: Magos�nyi �rp�d: "Re: User space API definition?"
• Next in thread: Crispin Cowan: "Re: User space API definition?"
• Next in thread: Chris Wright: "Re: User space API definition?"
• Reply: Crispin Cowan: "Re: User space API definition?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2003-08-12 at 18:01, Magosányi Árpád wrote:
> Could the SELinux API be a basis of a generic security module API?
> Is it generizable enough? Is it C enough? A pseudo filesystem
> might be a good implementation detail, but you cannot call it from an
> application program. You need a function call interface to easily
> use it.

The SELinux API was originally designed to provide flexible support for
MAC policies.  So it should be suitable as a basis for a generic MAC
security module API.  For other kinds of security modules, your mileage
may vary.

All three components of the revised SELinux API (/proc/pid/attr, xattr,
and selinuxfs) are encapsulated by a library interface, libselinux.  You
can get it from http://www.nsa.gov/selinux.

-- 
Stephen Smalley <sdsat_private>
National Security Agency

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Valdis.Kletnieksat_private: "Re: About Auditing ..."
• Previous message: ntvitwnlekiyat_private: "Debt stopping you from getting ahead? Read NOW"
• In reply to: Magos�nyi �rp�d: "Re: User space API definition?"
• Next in thread: Crispin Cowan: "Re: User space API definition?"
• Next in thread: Chris Wright: "Re: User space API definition?"
• Reply: Crispin Cowan: "Re: User space API definition?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 04:41:37 PDT