--- serue@private wrote: > Ok, so to be clear, any module which does not > directly impose some form > of access control is not eligible for an LSM? In particular, an additional access control. LSM is not for changing the existing policy, it is for imposing additional policy. You could, of course, add code to act on the integrity measurements you've made, in which case you could be in conformance with the stated eligibilty requirements. > (in that case that clearly settles the issue) It sure took the wind out of the sails for the SGI audit implementation. Casey Schaufler casey@schaufler-ca.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
This archive was generated by hypermail 2.1.3 : Wed Jun 15 2005 - 15:00:53 PDT