On Fri, Apr 28, 2006 at 11:09:14AM -0500, Serge E. Hallyn wrote: > BS - you can stack another LSM to prevent that. > > Or, stack it with SELinux. I've tested that combination before with no > problems. The real question here is why use lsm at all? lsm sounds like the wrong set of hooks for something like this. If you look at the hooks they are clearly for access control handling, which this isn't at all. I bet your code would be a lot simpler if you just hooked into the right places directly. and made it controllable by selinux or $lsm. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- From: "Serge E. Hallyn" <[email protected]>
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- References:
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- From: Nix <[email protected]>
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- From: Axelle Apvrille <[email protected]>
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- From: "Ulrich Drepper" <[email protected]>
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- From: "Serge E. Hallyn" <[email protected]>
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- Prev by Date: Re: [PATCH] 'make headers_install' kbuild target.
- Next by Date: Re: [PATCH] 'make headers_install' kbuild target.
- Previous by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- Next by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- Index(es):
 |