Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

>> 
>> Well then, have a look at http://alphagate.hopto.org/multiadm/
>> 
>
>hmm on first sight that seems to be basically an extension to the
>existing capability() code... rather than a 'real' LSM module. Am I
>missing something here?
>

(So what's the definition for a "real" LSM module?)

It's quite a "big" extension to the capability code inasfar as that 
access is not solely granted based on capabilities, but a matrix of 
capabilities plus UID/GID of filesystem objects.

This is not a "for fun" LSM like rootplug, but it was specifically 
developed to address some permission issues in an educational institution. 
The LSM hooks were there (and some more are added with MultiAdm), and it 
seemed a lot simpler than setting up SELinux.


Jan Engelhardt
-- 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: Pavel Machek <[email protected]>
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: Greg KH <[email protected]>

• References:
  • [RFC] packet/socket owner match (fireflier) using skfilter
    • From: Török Edwin <[email protected]>
  • [RFC][PATCH 2/7] implementation of LSM hooks
    • From: Török Edwin <[email protected]>
  • Re: [RFC][PATCH 2/7] implementation of LSM hooks
    • From: Stephen Smalley <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Török Edwin <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Stephen Smalley <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Christoph Hellwig <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Stephen Smalley <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Christoph Hellwig <[email protected]>
  • Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: James Morris <[email protected]>
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: Greg KH <[email protected]>
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: Jan Engelhardt <[email protected]>
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: Arjan van de Ven <[email protected]>

• Prev by Date: [PATCH] sockfd_lookup_light() returns random error for -EBADFD
• Next by Date: [patch 0/6] Notify page fault call chain
• Previous by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
• Next by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]