Chris Wright <[email protected]> writes:
> * Sam Vilain ([email protected]) wrote:
>> extern struct security_operations *security_ops; in
>> include/linux/security.h is the global I refer to.
>
> OK, I figured that's what you meant. The top-level ops are similar in
> nature to inode_ops in that there's not a real compelling reason to make
> them per process. The process context is (usually) available, and more
> importantly, the object whose access is being mediated is readily
> available with its security label.
>
>> There is likely to be some contention there between the security folk
>> who probably won't like the idea that your security module can be
>> different for different processes, and the people who want to provide
>> access to security modules on the systems they want to host or consolidate.
>
> I think the current setup would work fine. It's less likely that we'd
> want a separate security module for each container than simply policy
> that is container aware.
I think what we really want are stacked security modules.
I have not yet fully digested all of the requirements for multiple servers
on the same machine but increasingly the security aspects look
like a job for a security module.
Enforcing policies like container A cannot send signals to processes
in container B or something like that.
Then inside of each container we could have the code that implements
a containers internal security policy.
At least one implementation Linux Jails by Serge E. Hallyn was done completely
with security modules, and the code was pretty minimal.
Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]