Quoting Christoph Hellwig ([email protected]):
> On Fri, Apr 28, 2006 at 11:09:14AM -0500, Serge E. Hallyn wrote:
> > BS - you can stack another LSM to prevent that.
> >
> > Or, stack it with SELinux. I've tested that combination before with no
> > problems.
>
> The real question here is why use lsm at all? lsm sounds like the wrong
> set of hooks for something like this. If you look at the hooks they are
> clearly for access control handling, which this isn't at all. I bet
> your code would be a lot simpler if you just hooked into the right places
> directly. and made it controllable by selinux or $lsm.
The evm code (which should be released soon) introduces an integrity
subsystem, using TPM. The crypto part of digsig could become another
user of that subsystem.
At that point like you say selinux could mark types which can cause
domain transitions as needing to be signed, and, if lsm's not dead,
other lsm's could use it other ways if they like.
thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
