Re: about the multiple security module in LSM

From: Serge E. Hallyn (hallyn@private)
Date: Wed Sep 08 2004 - 08:08:09 PDT

Previous message: Makan Pourzandi: "[ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries"
In reply to: Yuan Chunyang: "about the multiple security module in LSM"
Next in thread: Yuan Chunyang: "*****SPAM***** Re: about the multiple security module in LSM"
Reply: Yuan Chunyang: "*****SPAM***** Re: about the multiple security module in LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> hi??I am researching on how to cooperate multiple security modules in LSM.
> As we know, LSM provide stacker module to stack modules. This way have 
> shortcoming. Stacker can not handle the relationship between different modules.

The original stacker module by David Wheeler provided far greater flexibility
for stacking options.  I took those out because there seemed no need.  Adding
this back should be relatively simple.  We could add a sysfs file to specify
how the next module should be related to the currently stacked modules, for
instance.

That could get ugly, though :)

"
modprobe stacker
modprobe bsdjail
echo "and" > /sys/security/stacker/nextmod
modprobe dte
echo "or" > /sys/security/stacker/nextmod
modprobe digsig_verif
"

And how do we do "(a and b) or c" ?  :)

Could you give some examples about particular modules with which you would
like more flexible stacking?

thanks,
-serge

Previous message: Makan Pourzandi: "[ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries"
In reply to: Yuan Chunyang: "about the multiple security module in LSM"
Next in thread: Yuan Chunyang: "*****SPAM***** Re: about the multiple security module in LSM"
Reply: Yuan Chunyang: "*****SPAM***** Re: about the multiple security module in LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Sep 08 2004 - 08:08:53 PDT