Crispin Cowan wrote: >George Beshers wrote: > > >>2) Because Auditing is an integral part of my LSM it is important >> that the methods be called even if another module is going to >> deny permission --- this is not the semantics of >> RETURN_ERROR_IF_ANY_ERROR. It appears that SELinux also >> might have a similar concern. >> >> >Short-circuit error returns is the semantics of the LSM hooks in the >Linux kernel; there are access requests that error out on DAC and other >checks that no LSM module will ever see. > >Therefore it is at least consistent if Stacker also errors out short, >returning "no" if any module says "no" without bothering to ask all the >modules. > >To get the effect you want, why not just stack your module first (or >last, whatever) such that it is the first module checked by Stacker? > >Crispin > > To quote Stephen Smalley <sds@private> > SELinux only audits its own permission checks, and will > generally be the first module (other than stacker, if using stacker) due > to its requirement for early initialization. Which implies a certain competition for the first spot rather than some form of co-operation---which may be inevitable but tends to detract from small innovative contributions being able to get equal access. However the point about the general short circuit for LSMs is well taken---perhaps auditing should be done via a separate interface.
This archive was generated by hypermail 2.1.3 : Mon Jul 11 2005 - 15:43:47 PDT