Re: kernel stack challenge

[Chris Wright]

* Sergiy Lozovsky (serge_lozovsky@xxxxxxxxx) wrote:
> LSM use another way of doing similar things :-) I'm
> not sure that it is nice to forward system calls back
> to userspace where they came from in the first place
> :-) VXE use high level language to create security
> models.

There's no requirement in LSM to forward syscalls back to userspace for
access control check.  At any rate, seems you like your solution, just
wanted to make sure you were aware of alternatives.

> And what are the problems with technology used by VXE?

It's the LISP interpreter that's problematic.  As you've already seen
with the kernel stack limitations.

> File permissions are checked in the kernel and
> everybody are happy with that. VXE just extends
> security features already available in the kernel.

And LSM checks are done in kernel.

> There is a historic part to all that, too - VXE was
> created (1999) before SELinux was available.

Ah, the real truth ;-)

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/