Re: [RFC] [PATCH] Replace security fields with hashtable

From: Chris Wright (chrisw@private)
Date: Wed Oct 27 2004 - 10:04:35 PDT

* James Morris (jmorris@private) wrote:
> On Wed, 27 Oct 2004, James Morris wrote:
> > And composing more than a very small number of LSMs could be unsafe in
> > any case, so a small static array should be enough.
> Actually, I think security composition is such a difficult problem[1] that
> we should not provide support for it via LSM.  The LSMs can themselves
> implement and compose security models if needed, e.g. SELinux already does
> this with TE/RBAC/MLS and self-stacks the capabilities code for
> application compatibility (the latter could be done via a library and does
> not need to be stacked).
> I don't think arbitary composition of security models is a service that 
> the Linux kernel should provide.

Heh, that's easy, it's what we've got now ;-)

Linux Security Modules

This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 10:04:53 PDT