Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

From: Christoph Hellwig
Date: Fri Apr 28 2006 - 14:16:04 EST

Next message: Rob Landley: "Re: [PATCH] 'make headers_install' kbuild target."
Previous message: Rob Landley: "Re: [PATCH] 'make headers_install' kbuild target."
In reply to: Michael Tokarev: "Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthenticationof binaries"
Next in thread: Serge E. Hallyn: "Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 28, 2006 at 11:09:14AM -0500, Serge E. Hallyn wrote:
> BS - you can stack another LSM to prevent that.
>
> Or, stack it with SELinux. I've tested that combination before with no
> problems.

The real question here is why use lsm at all? lsm sounds like the wrong
set of hooks for something like this. If you look at the hooks they are
clearly for access control handling, which this isn't at all. I bet
your code would be a lot simpler if you just hooked into the right places
directly. and made it controllable by selinux or $lsm.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rob Landley: "Re: [PATCH] 'make headers_install' kbuild target."
Previous message: Rob Landley: "Re: [PATCH] 'make headers_install' kbuild target."
In reply to: Michael Tokarev: "Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthenticationof binaries"
Next in thread: Serge E. Hallyn: "Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]