Chris Wright <[email protected]> writes:
> * Eric W. Biederman ([email protected]) wrote:
>> Very simple, it should be possible statically compile in
>> all of the security modules and be able to pick at run time which
>> security module to use.
>>
>> Unless I have been very blind and missed something skimming
>> through the code compiling if I compile in all of the security
>> modules, whichever one is initialized first is the one
>> that we will use.
>
> I see. No, you got that correct. That's rather intentional, to make
> sure all objects are properly initialized as they are allocated rather
> than having to double check at every access control check. That's why
> security_initcalls are so early.
Ok. That make sense. The fact that some of the security modules
besides selinux are tristate in Kconfig had me confused for a moment.
Controlling what to run with a kernel command line makes sense
then.
Having a generic command line like lsm=[selinux|root_plug|capability|seclvl]
would be nice. Where nothing supplied would not enable any of
the linux security modules.
Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
