Re: about the multiple security module in LSM

From: Serge E. Hallyn (hallyn@private)
Date: Wed Sep 08 2004 - 08:08:09 PDT


> hi??I am researching on how to cooperate multiple security modules in LSM.
> As we know, LSM provide stacker module to stack modules. This way have 
> shortcoming. Stacker can not handle the relationship between different modules.

The original stacker module by David Wheeler provided far greater flexibility
for stacking options.  I took those out because there seemed no need.  Adding
this back should be relatively simple.  We could add a sysfs file to specify
how the next module should be related to the currently stacked modules, for
instance.

That could get ugly, though :)

"
modprobe stacker
modprobe bsdjail
echo "and" > /sys/security/stacker/nextmod
modprobe dte
echo "or" > /sys/security/stacker/nextmod
modprobe digsig_verif
"

And how do we do "(a and b) or c" ?  :)

Could you give some examples about particular modules with which you would
like more flexible stacking?

thanks,
-serge



This archive was generated by hypermail 2.1.3 : Wed Sep 08 2004 - 08:08:53 PDT