Re: LSM policy!

From: Valdis.Kletnieks@private
Date: Mon Jun 28 2004 - 12:44:04 PDT

  • Next message: Tomas Olsson: "Re: Clarifications of LSM API"

    On Mon, 28 Jun 2004 20:25:15 +0430, miremadi@private  said:
    
    > Does anybody have any LSM policy sample wich is not a default one(I mean
    > those policy files wich is not available in the core)?
    
    By "policy files", did you mean an SELinux policy file?  If so, note that
    none of the actual SELinux policy is actually distributed as part of the Linux
    core - most of the activity there seems to be in the Fedora development tree
    at the moment.  See the NSA SELinux and Fedora-Selinux mailing lists
    for more details:
    http://www.nsa.gov/selinux/info/list.cfm?MenuID=41.1.1.9
    http://www.redhat.com/mailman/listinfo/fedora-selinux-list
    
    Or maybe you meant an actual Linux Security Module that's not in-tree..
    
    Let's see.. there's LIDS, DTE, Serge Hallyn had a 'bsdjail' LSM, there's
    a 'BSD Secure Levels' LSM, even I wrote a small one (which I'm currently
    trying to refactor into something postable to the Linux-Kernel list - right
    now it's a patch that does half its work in LSM, and half requires hooks
    in the main source tree because it does stuff that LSM doesn't have hooks
    for.  An earlier, broken version of the non-LSM half showed up on LKML
    back in mid-February - don't use that one, I've found some bugs.. ;)
    
    
    



    This archive was generated by hypermail 2b30 : Mon Jun 28 2004 - 12:46:53 PDT