On Mon, 2006-04-24 at 08:29 -0500, Serge E. Hallyn wrote:
> Quoting Arjan van de Ven ([email protected]):
> > On Mon, 2006-04-24 at 08:09 -0500, Serge E. Hallyn wrote:
> > > Quoting Arjan van de Ven ([email protected]):
> > > > for all such things in the first place. In fact, we already know that to
> > > > do auditing, LSM is the wrong thing to do (and that's why audit doesn't
> > > > use LSM). It's one of those fundamental linux truths: Trying to be
> > >
> > > As I recall it was simply decided that LSM must be "access control
> > > only", and that was why it wasn't used for audit.
> >
> > no you recall incorrectly.
> > Audit needs to audit things that didn't work out, like filenames that
> > don't exist. Audit needs to know what is going to happen before the
> > entire "is this allowed" chain is going to be followed. SELInux and
> > other LSM parts are just one part of that chain, and there's zero
> > guarantee that you get to the LSM part in the chain..... Now of course
>
> Ah yes. It needed to be authoritative. I did recall incorrectly.
>
> I suspect some would argue that you are right that LSM is broken, but
> only because it wasn't allowed to be authoritative.
authoritative isn't enough; think about it. The VFS isn't ever going to
ask "can I open this file" if the file doesn't exist in the first place;
same in many other places. You'd have to almost double the hooks, and as
I said, to call those hooks "LSM" would be silly and dishonest.
LSM is not Hooks-R-Us. It's a permission model.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]