Re: LSM conversion to static interface

From: Jan Engelhardt
Date: Thu Oct 25 2007 - 07:34:25 EST

Next message: Balbir Singh: "[x86 patch] Fix UML ptrace-abi.h build error"
Previous message: Jens Axboe: "Re: [PATCH 2.6.24-rc1] fix sg_phys to use dma_addr_t"
In reply to: Valdis . Kletnieks: "Re: LSM conversion to static interface"
Next in thread: Samir Bellabes: "Re: LSM conversion to static interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As I read through LWN today, I noted the following comment,
http://lwn.net/Articles/255832/ :

Personally, I think it's absolutely essential to be able to
build a kernel with dynamic LSM. Whether we like it or not,
people do want to add in runtime loadable security modules for
things like virus scanners, and until upstream offers these
folks a viable alternative to LSM...well, they'll use it.

Which reminded me of the TuxGuardian LSM[1] - another of the real-world
uses to meet Linus's criteria? ("had examples of their real-world use to
step forward and explain their use")

In this specific project, LSM is used to collect up calls to bind() and
connect() and pass them to userspace, e.g. do it ZoneAlarm-style and
display a dialog window. Its codebase is probably not too up-to-date
(website says last change last April - but I guess that's a no-brainer
to update it).

[1] http://tuxguardian.sf.net/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Balbir Singh: "[x86 patch] Fix UML ptrace-abi.h build error"
Previous message: Jens Axboe: "Re: [PATCH 2.6.24-rc1] fix sg_phys to use dma_addr_t"
In reply to: Valdis . Kletnieks: "Re: LSM conversion to static interface"
Next in thread: Samir Bellabes: "Re: LSM conversion to static interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]