login
Login / Register
Header Space

 
 

Home » Mailing list archives » linux-kernel » 2007 » October » 30

Re: Defense in depth: LSM *modules*, not a static interface

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Simon Arlott <simon@...>
To: Cliffe <cliffe@...>
Cc: <linux-kernel@...>, <linux-security-module@...>
Subject: Re: Defense in depth: LSM *modules*, not a static interface
Date: Tuesday, October 30, 2007 - 8:30 am

On Tue, October 30, 2007 07:14, Cliffe wrote:

Would it be possible to have Kconfig select which LSM should handle each
area of security? Selecting LSM A would automatically disable LSM B and
C since they both implement the same security functions, while LSM D
would still be selectable since it implements something else. The default
capabilities code would then turn off parts of itself that another LSM
is handling.

Alternatively the M in LSM can be restored and modules can be stacked.
It should be possible for the primary LSM to check the security_ops of the
secondary LSM(s) and complain if it considers there to be an incompatiblity.

-- 
Simon Arlott
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Rob Meijer, (Mon Oct 29, 3:04 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Mon Oct 29, 4:27 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Mon Oct 29, 3:41 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Tue Oct 30, 1:13 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Tue Oct 30, 2:42 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Tue Oct 30, 7:38 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Tue Oct 30, 8:16 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Tue Oct 30, 10:21 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Wed Oct 31, 2:43 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Wed Oct 31, 6:10 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Wed Oct 31, 10:04 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 31, 10:20 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Wed Oct 31, 10:51 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Andrew Morgan, (Mon Nov 5, 2:56 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Serge E. Hallyn, (Mon Nov 5, 9:29 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Thu Nov 1, 3:17 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., David Newall, (Thu Nov 1, 7:49 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Sat Nov 3, 9:28 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Wed Oct 31, 5:03 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Wed Oct 31, 1:08 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Tue Oct 30, 11:43 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Tue Oct 30, 3:14 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Tue Oct 30, 3:50 pm)
Defense in depth: LSM *modules*, not a static interface, Cliffe, (Tue Oct 30, 3:14 am)
Re: Defense in depth: LSM *modules*, not a static interface, Simon Arlott, (Tue Oct 30, 8:30 am)
Re: Defense in depth: LSM *modules*, not a static interface, Crispin Cowan, (Mon Nov 5, 11:46 pm)
Re: Defense in depth: LSM *modules*, not a static interface, Cliffe, (Tue Nov 6, 3:26 am)
Re: Defense in depth: LSM *modules*, not a static interface, Peter Dolding, (Tue Nov 6, 7:59 pm)
Re: Defense in depth: LSM *modules*, not a static interface, Cliffe, (Tue Nov 6, 11:50 pm)
Re: Defense in depth: LSM *modules*, not a static interface, Casey Schaufler, (Tue Nov 6, 11:35 pm)
Re: Defense in depth: LSM *modules*, not a static interface, Tetsuo Handa, (Wed Nov 7, 12:11 am)
Re: Defense in depth: LSM *modules*, not a static interface, Casey Schaufler, (Wed Nov 7, 12:34 am)
Re: Defense in depth: LSM *modules*, not a static interface, Peter Dolding, (Wed Nov 7, 12:34 am)
Re: Defense in depth: LSM *modules*, not a static interface, Al Viro, (Tue Oct 30, 2:55 am)
Re: Defense in depth: LSM *modules*, not a static interface, Crispin Cowan, (Tue Oct 30, 3:55 am)
Re: Defense in depth: LSM *modules*, not a static interface, Casey Schaufler, (Tue Oct 30, 11:01 am)
Re: Defense in depth: LSM *modules*, not a static interface, Cliffe, (Tue Oct 30, 4:00 am)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Colocation donated by:
Who's online
There are currently 8 users and 990 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary