On Thu, 2005-11-17 at 10:36 -0500, Stephen Smalley wrote: > Using SLIM as an example, it appears that SELinux would have to make > direct calls to EVM regardless of whether or not we use stacker. > Further, it appears that even tighter integration with EVM is needed in > order to avoid the redundant processing and potential inconsistencies > created by the current weaker coupling. EVM can certainly serve as a > support module to a variety of other modules (SLIM, SELinux, ...) while > still being directly called by those modules - those modules are > consumers of the services provided by EVM. Using stacker for part of > the composition while using direct calls elsewhere only seems to confuse > the interaction. I'm also a bit unclear as to whether we can use EVM with SELinux at all, given that EVM seems to presently assume a modular build and insertion after TPM activation but SELinux has to be built-in. EVM is also clearly written with only SLIM in mind (or at least not with SELinux in mind), as EVM performs its attribute validation on inode_permission, not when SELinux fetches the attribute and maps it to an incore SID (upon d_instantiate). EVM would require a major overhaul to be useable by SELinux even aside from its significant implementation problems and even aside from the question of whether stacker should be used. -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Thu Nov 17 2005 - 08:42:49 PST