hiŁ¬I am researching on how to cooperate multiple security modules in LSM.
As we know, LSM provide stacker module to stack modules. This way have
shortcoming. Stacker can not handle the relationship between different modules.
Now I want to find a way that can compose multiple security modules. Different
modules have different relationship on a LSM hook. The realtion include: and,
or, override. I think that a configure file about the relationship between modules
can be set up first. When boot up, kernel read this configure file and check it.
When a hook is called, the return value comes from the composing result.
But the problems are:
(1) How to detemine the relationship between modules on a hooks? In policy
specifications on high-level, there are meta-policy. But how can this meta-policy
come from in LSM? The high-level security module can be DAC, MAC, RBAC, TE.
(2) How to orginaze the kernel modules in LSM, such as arrays, or list? If using
arrays, how to know the max of array? If using list, it is not flexible.
I do not know whether my purpose is expressed clearly. I am wondering about this
work now. Pls give me some hints.
_ __
|\/ \/ ______ Yuan Chunyang (Ph.D candidate)
\| . . || |\\\\\ Open System & Chinese Information Processing Center
( ( oo))| | ------ Institute of Software , Chinese Academy of Sciences
/ \ \| | |||| P.O.Box 8718 Beijing 100080 P.R.China
(___\^^^^^|_|___|||| Email: chunyang03at_private
This archive was generated by hypermail 2.1.3 : Tue Sep 07 2004 - 23:52:14 PDT