Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook

From: Chris Wright (chrisw@private)
Date: Wed Dec 08 2004 - 11:50:25 PST


* Adrian Drzewiecki (z@private) wrote:
> > But what is wrong with the audit subsystem that is already in the kernel
> > tree?  It should provide for this kind of notification, right?

It only does notification.  I belive Adrian's goals are to drop invalid
syscall requests on the floor and return.

>  There is nothing wrong with the audit subsystem. The only problem that 
> I have is the lack of system-call sandboxing in LSM.

We intentionally chose a lower level for interposition.  For purely
disabling syscalls, was there a problem with Andrea's work?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net



This archive was generated by hypermail 2.1.3 : Wed Dec 08 2004 - 11:50:50 PST