On Mon, Apr 17, 2006 at 12:06:53PM -0400, Stephen Smalley wrote:
> > I thought of this, see label_all_processes. Unfortunately I found no way of
> > actually doing this. I would need to iterate through the tasklist structure,
> > but the task_lock export is going to be removed from the kernel.
>
> So, if built-in isn't an option, propose an interface to the core
> security framework to allow security modules to perform such
> initialization without needing to directly touch the lock themselves
NACK. The whole idea of loading security modules after bootup is flawed.
Any scheme that tries to enumerate process and other entinity after the
fact for access control purposes is fundamentally flawed. We're not going
to add helpers or exports for it, I'd rather remove the ability to build
lsm hook clients modular completely.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
