Re: Defense in depth: LSM *modules*, not a static interface

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
From: Simon Arlott
Date: Tuesday, October 30, 2007 - 5:30 am

On Tue, October 30, 2007 07:14, Cliffe wrote:

Would it be possible to have Kconfig select which LSM should handle each
area of security? Selecting LSM A would automatically disable LSM B and
C since they both implement the same security functions, while LSM D
would still be selectable since it implements something else. The default
capabilities code would then turn off parts of itself that another LSM
is handling.

Alternatively the M in LSM can be restored and modules can be stacked.
It should be possible for the primary LSM to check the security_ops of the
secondary LSM(s) and complain if it considers there to be an incompatiblity.

-- 
Simon Arlott
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: Defense in depth: LSM *modules*, not a static interface, Simon Arlott, (Tue Oct 30, 5:30 am)
Re: Defense in depth: LSM *modules*, not a static interface, Casey Schaufler, (Tue Oct 30, 8:01 am)