Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook

From: Chris Wright (chrisw@private)
Date: Wed Dec 08 2004 - 12:09:02 PST

Previous message: Stephen Smalley: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
In reply to: Adrian Drzewiecki: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

* Adrian Drzewiecki (z@private) wrote:
> Last I checked, Andrea's patch has a fixed array of permitted syscalls. I 
> would like more flexibility than that. Perhaps I should've based my work 
> on his, and created a security_seccomp() call instead? Or maybe 
> security_syscall_enter() and security_syscall_exit() ?

It's fixed, but can be set per process, and could be extended by either
adding new modes, and changing the way you define which syscalls are
allowed.  I'd rather not introduce syscall filtering into LSM unless
there's large demand for it.  There's too many potential problems with
syscall interposition.  How flexible do you want, and what are your
goals?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

Previous message: Stephen Smalley: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
In reply to: Adrian Drzewiecki: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Dec 08 2004 - 12:09:19 PST