On Thu, 2005-09-08 at 02:46 -0400, Xin Zhao wrote:
> Sorry if this question is dumb.
>
> SELinux is included in 2.6. But I think it works by putting LSM hooks a lot
> of place in Linux and then it can define its own policy enforcement codes.
>
> However, I cannot find hooks in kernel 2.6.9 and 2.6.11. How can
> SELinux work with kernel 2.6 to protect system without hooks?
>
> Thanks in advance for your help!
The hooks are there, but possibly you are confused by the out-of-date
documentation (e.g. Documentation/DocBook/lsm.tmpl still says to look
for "security_ops->" in the core kernel for the hook calls, but they
have long since been replaced with calls to static inline functions
defined in include/linux/security.h). As an example,
fs/namei.c:permission calls security_inode_permission, which is defined
in include/linux/security.h and will invoke the corresponding hook if
CONFIG_SECURITY=y. SELinux provides its implementations of the hook
functions in security/selinux/hooks.c, e.g. selinux_inode_permission.
Hence, you should be looking for calls to functions with the security_
prefix instead of explicit references to security_ops in the core
kernel.
Chris - feel free to rip out lsm.tmpl and replace it with something more
up-to-date and complete.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |