Chris Wright wrote:
>* Sam Vilain ([email protected]) wrote:
>
>
>>This raises a very interesting question. All those LSM globals,
>>shouldn't those be virtualisable, too? After all, isn't it natural to
>>want to apply a different security policy to different sets of processes?
>>
>>
>
>Which globals? Policy could be informed by relevant containers.
>
>
extern struct security_operations *security_ops; in
include/linux/security.h is the global I refer to.
There is likely to be some contention there between the security folk
who probably won't like the idea that your security module can be
different for different processes, and the people who want to provide
access to security modules on the systems they want to host or consolidate.
Sam.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]