On Tue, 2004-06-29 at 09:35, Serge E. Hallyn wrote: > I do plan on attempting the following steps to ease stacking: > > 1. submit a patch to allow multiple LSM's to use the kernel object security > pointers, such as inode->i_security. This won't fly before 2.7, and will > likely meet a lot of resistance. (Though it might help if there are people > speaking up when I'm shot down :) > > 2. submit a generalized version of the stacker LSM (hopefully without the > blob_stacking.c part, since part 1 will achieve this) to be kept in the > kernel tree as another LSM. Why not just use a common blob header and chain multiple security blobs on the existing security field, as suggested previously on this list? That will require adjusting those modules that want to support such stacking, but that is not unreasonable. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2b30 : Tue Jun 29 2004 - 06:49:43 PDT