* frm sds@epoch.ncsc.mil "04/15/03 09:41:48 -0400" | sed '1,$s/^/* /'
*
*
* Note that LSM intentionally does not provide any mechanism itself for
* sharing the security fields of the kernel data structures. Stacking has
* to be handled by the principal security module.
I see modules as empheral, but attritbutes as permanant. If I'm running one
LSM module, I reboot and use a different LSM module, what happens to the
attributes that the first module added to the file ?
Either we should guarantee that modules only touch attributes they know
about---ignoring all others (but not overwriting them), or we have separate
namespaces for each module's attributes.
Stacking modules will work with either scheme, but its seems to be that
switching policies over a reboot could easily be broken by a scheme that
shared a single namespace.
* --
* Stephen Smalley <sds@epoch.ncsc.mil>
* National Security Agency
richard.
-- ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Apr 15 2003 - 22:00:36 EST