On Oct 24 2007 16:37, Serge E. Hallyn wrote: > >Or, a better example, a privileged program reads some sensitive data - >as allowed by multiadm, writes it to a file, but apparmor prevented it >from chowning the file to the right user before writing, Interesting find, I should pay attention to that :-) But - note to dquigley - AFAICS, an LSM needs to _explicitly_ call the next LSM's function. No one (just a minimal grep in linux-2.6/security/) besides SELinux does that today. So while you could load AppArmor ontop of MultiAdm, it would never be invoked. This is what is known as "sufficient" in PAM parlance. SELinux OTOH is in "required" mode [again PAM-speak]. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: "David P. Quigley" <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- References:
- Re: LSM conversion to static interface [revert patch]
- From: Chris Wright <[email protected]>
- Re: LSM conversion to static interface [revert patch]
- From: Jeremy Fitzhardinge <[email protected]>
- Re: LSM conversion to static interface [revert patch]
- From: Arjan van de Ven <[email protected]>
- Linux Security *Module* Framework (Was: LSM conversion to static interface
- From: "Simon Arlott" <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface
- From: Adrian Bunk <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: Simon Arlott <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: Jan Engelhardt <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: Simon Arlott <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: Jan Engelhardt <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: "David P. Quigley" <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: "Serge E. Hallyn" <[email protected]>
- Re: LSM conversion to static interface [revert patch]
- Prev by Date: Re: How do I get my aic94xx to see sata drives?
- Next by Date: Re: D-Link DFE-580TX and snmpd problems, who's maintainer of sundance.c ?
- Previous by thread: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- Next by thread: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- Index(es):
 |