Re: Clarifications of LSM API

From: Stephen Smalley (sds@private)
Date: Tue Jun 29 2004 - 06:48:18 PDT

  • Next message: Stephen Smalley: "Re: Clarifications of LSM API"

    On Tue, 2004-06-29 at 09:35, Serge E. Hallyn wrote:
    > I do plan on attempting the following steps to ease stacking:
    > 
    > 1. submit a patch to allow multiple LSM's to use the kernel object security
    > pointers, such as inode->i_security.  This won't fly before 2.7, and will
    > likely meet a lot of resistance.  (Though it might help if there are people
    > speaking up when I'm shot down  :)
    > 
    > 2. submit a generalized version of the stacker LSM (hopefully without the
    > blob_stacking.c part, since part 1 will achieve this) to be kept in the
    > kernel tree as another LSM.
    
    Why not just use a common blob header and chain multiple security blobs
    on the existing security field, as suggested previously on this list? 
    That will require adjusting those modules that want to support such
    stacking, but that is not unreasonable.
    
    -- 
    Stephen Smalley <sds@private>
    National Security Agency
    



    This archive was generated by hypermail 2b30 : Tue Jun 29 2004 - 06:49:43 PDT