On Wed, 27 Oct 2004, James Morris wrote: > And composing more than a very small number of LSMs could be unsafe in > any case, so a small static array should be enough. Actually, I think security composition is such a difficult problem[1] that we should not provide support for it via LSM. The LSMs can themselves implement and compose security models if needed, e.g. SELinux already does this with TE/RBAC/MLS and self-stacks the capabilities code for application compatibility (the latter could be done via a library and does not need to be stacked). I don't think arbitary composition of security models is a service that the Linux kernel should provide. - James -- James Morris <jmorris@private> [1] e.g. see chapter 24 of Amoroso's Fundamentals of Computer Security & the referenced papers on the topic.
This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 08:13:14 PDT