* James Morris (jmorris@private) wrote: > On Wed, 27 Oct 2004, James Morris wrote: > > > And composing more than a very small number of LSMs could be unsafe in > > any case, so a small static array should be enough. > > Actually, I think security composition is such a difficult problem[1] that > we should not provide support for it via LSM. The LSMs can themselves > implement and compose security models if needed, e.g. SELinux already does > this with TE/RBAC/MLS and self-stacks the capabilities code for > application compatibility (the latter could be done via a library and does > not need to be stacked). > > I don't think arbitary composition of security models is a service that > the Linux kernel should provide. Heh, that's easy, it's what we've got now ;-) thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 10:04:53 PDT