Stephen Smalley wrote:
>On Tue, 2003-08-12 at 18:01, Magosányi Ãrpád wrote:
>
>
>>Could the SELinux API be a basis of a generic security module API?
>>Is it generizable enough? Is it C enough? A pseudo filesystem
>>might be a good implementation detail, but you cannot call it from an
>>application program. You need a function call interface to easily
>>use it.
>>
>>
>The SELinux API was originally designed to provide flexible support for
>MAC policies. So it should be suitable as a basis for a generic MAC
>security module API. For other kinds of security modules, your mileage
>may vary.
>
And that is the crux of the problem for a generic security module API:
you want to talk to a variety of security modules, and they may have
different models, e.g.:
* SubDomain: manipulate program profiles
* SELinux: manipulate domains, types, and roles
* RaceGuard: switch whether a RaceGuard failure should return EPERM
or just kill the victim
* OWLSM: enable or disable its various intrusion prevention rules:
o root can't follow symlinks to non-root files
o non-root can't hard link to root files
o no ptrace for root processes
To have a "generic" API across all these modules, I can't see anything
higher level than "variable=value" assertions, with some syntax sugar to
allow you to query variables. But perhaps that's good enough?
Crispin
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
Chief Scientist, Immunix http://immunix.com
http://www.immunix.com/shop/
_______________________________________________
linux-security-module mailing list
linux-security-module@mail.wirex.com
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 12:43:42 PDT